Microsoft and Sophos bicker over Windows 7 XP mode
Posted on 24 Aug 2009 at 08:54
Microsoft and security company Sophos have become embroiled in a slanging match over security in Windows 7's XP Mode.
The row broke out after Sophos's chief technology officer Richard Jacobs posted a blog highlighting the difficulties involved in managing the security for two operating systems. His central thrust was that the benefits of backward compatibility through XP Mode also exposed the user to unnecessary security threats.
"XP mode is an independent Windows instance, that shares the odd folder and device with the host Windows 7 installation. What it doesn't share is processes and memory," Jacobs wrote.
"So it doesn't share security settings, security software, patches etc. It does not inherit any security from the host. When you use XP mode, you need to patch the copy of XP as well as the host Windows 7. You need to manage settings separately, configure two personal firewalls and install and manage two copies of anti-malware software," he adds.
XP mode reminds us all that security will never be Microsoft's first priority
He followed this up by questioning Microsoft's stance on security: "XP mode reminds us all that security will never be Microsoft's first priority. It will do enough security to ensure that security concerns aren't a barrier to sales, but not so much that it gets in the way of 'progress'."
The comments drew a swift response from Roger Halbheer, Microsoft's chief security advisor for EMEA. In a blog stuffed with statistics, he argued that enticing the upgrade holdouts to switch from XP to Windows 7 was the big win of XP mode and would prove a bigger boon to the security conscious in the long run.
"Which risk is higher? Leaving our customers on an eight to ten-year-old operating system for another few years, or helping them to migrate to a modern one, accepting the drawback with XP Mode?" asks Halbheer on the blog.
This didn't buy any slack from Jacobs though, who took the response as a victory - arguing that Halbheer had missed his point: "The problem is not with the idea of XP Mode, but with the lack of management and the lack of clarity about the costs that users will incur," says Jacobs.
"The key concern is that every Windows 7 PC running XP mode incurs the overheads of securing two PCs. I don't know many IT departments that will be happy to double their workload and costs in the name of security. They're much more likely to stick with native XP and sacrifice any of the other benefits that Windows 7 might have delivered," he concludes.
From around the web
Yes but...
Jacobs is right to highlight the cost of securing both the XP and Win7 portions. However, isn't this an argument against just about any virtualisation using 2 different OSs? You need to patch both host and virtualised OS. (Probably it's not double the cost because the virtualised one can be thrown away if infected).
So isn't it misleading to regard this as an issue with XP mode, as if it were only XP mode that suffers the issue?
By AdrianB on 24 Aug 2009 
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
