Real World Computing
VM licences
Windows 7 and virtualisation
Eric Traut is a Distinguished Engineer and Director of Kernel and VM Development at Microsoft. He gave a talk at University of Illinois ACM Computing Conference in mid-October on the subject of machine virtualisation and, thanks to the people at uiuc.edu, you can watch this presentation online (www.pcpro.co.uk/links/160advwin). I'd recommend this as a good introduction to the design of hypervisors and how they work, and the similarities and differences between Microsoft's hypervisor and the other players in the market. I now understand, for example, why there has to be a Windows session running in the master session, because of the way that information is passed horizontally between sessions for some aspects of device driver and hardware virtualisation. It's all good stuff, but the really interesting bit comes at the end of his talk.
Here, he reveals the work that's being done on something called Windows 7 and on a new kernel for that OS codenamed MinWin. The idea is to rewrite the Windows kernel to shrink it to a new ultra-tight platform, then to host everything else on top of this minimal core. As it stands in its engineering form, this bootable OS kernel contains only 25MB of files on disk compared to the near-4GB of Vista. It's a text-mode-only OS, so there's no GUI, but that doesn't preclude it from running services as well as a text-mode console interface. In the demonstration, the OS is running a basic HTTP server on port 80, and he connects to this from another machine. Once in, there's a small range of pages that can be shown, and these show the files on the hard disk, the current processes running and so forth. Note that when MinWin is configured for just 40MB of RAM, there's still 7MB free...
Traut is somewhat cagey and self-contradictory about where MinWin will go from here. He maintains it won't be productised, which isn't such a great surprise since, as it stands, it isn't much use to anyone. But it's nevertheless clear that significant work is going on for the Windows 7 release. Maybe Microsoft will consider running client-side hypervisor code in such a way that applications can be separated into secured and unsecured, with the two different states running in two hypervisor sessions. There's an interesting set of moves from various vendors to push hypervisor-powered engines onto the desktop, to provide a seamless and yet secure environment for applications to run in within your existing desktop space, but contained within a locked-down sandbox environment.
Such technologies are going to be a major force in the next big wave of desktop security solutions. I was therefore intrigued to hear about ZoneAlarm's forthcoming ForceField technology, but CheckPoint's website claims are vacuous in the extreme. How about "ForceField is the first security product designed to respect your freedom online while giving you superhero-level protection". Sounds good, and then it goes on to say "it uses a virtualisation engine that shields your computer and personal data from internet and computer-based threats". Definitely sounds intriguing now. And then it says "virtual surfing - virtualisation protects you from all kinds of danger, whether threats come from the internet or malicious software on your PC". So how could I not agree to download it and give it a whirl? Well, I did, and I still haven't got a clue about what's going on here.
