Windows 7's Virtual XP Mode a Support Nightmare? 413
CWmike writes "Microsoft's decision to let Windows 7 users run Windows XP applications in a virtual machine may have been necessary to convince people to upgrade, but it could also create support nightmares, analysts said today. Gartner analyst Michael Silver outlines the downsides. 'You'll have to support two versions of Windows,' he said. 'Each needs to be secured, antivirused, firewalled and patched. If a company has 10,000 PCs, that's 20,000 instances of Windows.' The other big problem Silver foresees: Making sure the software they run is compatible with Windows 7. 'This is a great Band-Aid, but companies need to heal their applications,' Silver said. 'They'll be doing themselves a disservice if, because of XPM, they're not making sure that all their apps support Windows 7.'"
Pardon me... (Score:5, Insightful)
kdawson (Score:5, Insightful)
A big mess (Score:4, Insightful)
Re:kdawson (Score:1, Insightful)
Agree.
So what, if true (Score:5, Insightful)
As opposed to what? (Score:4, Insightful)
Just think about it.
Re:Pardon me... (Score:5, Insightful)
Mac OS is a niche market. In the Windows market, reality has a way of kicking you in the balls. Yes, this will be a support nightmare but we simply cannot write of the biggest heap of legacy software ever. That would be the true nightmare, no correct support for older apps. And by older I mean everything tailored for XP, either 1 or 7 years ago.
Re:kdawson (Score:1, Insightful)
Re:Won't this largely depend on how well it works? (Score:5, Insightful)
Yes but ... (Score:4, Insightful)
...but didn't Apple successfully pull this off twice?
... Apple doesn't have every IT criminal on the planet gunning for their OS. They are bloody lucky to be in that situation and should IMHO be less smug about Windows security problems in their advertising. On the other hand running the defense grid for one Windows instance was fatiguing enough to persuade me to abandon Windows and become a Linux user and then an Apple customer. I still have to put in work to secure my machine but it is a lot less work than if I was using Windows. If this really means MS is doubling the security workload on each Windows box then.... hell.... I don't even want to think about it.
Re:A big mess (Score:5, Insightful)
IT depts that don't need it ain't going to use it! (Score:5, Insightful)
I'm 100% sure that a competent IT dept that has no use for this feature will, unsurprisingly, NOT USE IT, saving themselves all the support hassles entirely.
And for those that DO need this feature, they know there's basically no other way and it's worth the extra support hassle because they know they will have people saying Application XYZ MUST work I don't care how.
I suspect this means that the old applications that have to work and only currently work on XP can now be moved forward and the IT dept can get everyone onto Windows 7. Once there, the devs of these applications will have Windows 7 rather than XP to test against/run with and they'll have an incentive to update their programs to just work on Windows 7 because, like Classic on Mac OS X, this mode will have just enough 'impedience' that programs will be updated to work on Windows 7 native; but they will work okay in the meantime.
That's the thing - this isn't seamless. It's going to be a little tricky to set up applications to run in the XP box rather than natively on Windows 7, even if launching them is easy.
The trick is "Just enough impedience to get people to update to 7 native while providing a path."
Re:So what, if true (Score:5, Insightful)
It's all VB6 fault (Score:1, Insightful)
You guys are missing the point, do you know how much "corporate legacy software" is written using VB6 - which will not run on Vista? That is the single reason for XPM in Win7 - and it is the single reason why many corps do not want to update to Vista, they have to re-write all of their apps.
It's the "cobol" problem.
Re:Umm... (Score:3, Insightful)
I don't really see the issue here. If the virtual OS is running off of a directory tree in the host OS's file system, then any virus checking can be done via that route. If the host OS detects a virus, spyware, rootkit or whatever being installed (this is going to have to hit the disk at some point), then deal with it via the host OS.
Some of us have been asking MS to do this for a couple of years or longer, and with pretty much every modern x86 CPU now supporting virtualization, the time seems right. I'm no pro-MS advocate (quite the opposite, as my posting history shows, I loathe Redmond), but to my mind, sandboxing via virtualization is the very best way to deal with legacy apps, and with all the potential security holes they may have.
As others have mentioned, with a virtualized XP instance, MS has total control of the virtualized hardware, so a whole avenue of support issues large disappears.
Re:Pardon me... (Score:5, Insightful)
Apple had a very different set of problems, but has actually pulled something similar off three times.
68k to PowerPC: Lots of apps didn't work, though it was really hard to tell what System 7 broke versus what 68k to PowerPC broke.
OS9 to OS10: utter nightmare. Classic works great as long as you're on a single-user system running as admin with well behaved applications. You run into everything from apps that expect to busy-wait to the fact that OS9 has absolutely no idea what's going on with concepts like file permissions. Ridiculous support nightmare on anything with non-admin users, multiple users, etc.
OS10 PowerPC to OS10 Intel: 99% of stuff just works. Very clean, very well done. The handful of apps that broke were generally easily fixed, or were broken by design (i.e. anything made by Adobe)
XP on Win7 is more like the whole OS9 to OS10 transition, and like that transition, your best bet is to ignore the existence of XPM (just like your best bet was to ignore the existence of Classic)
Re:Pardon me... (Score:1, Insightful)
Somehow I think Microsoft's reality distortion field has always been a lot bigger (and more power hungry) than Apple's has.
Re:Won't this largely depend on how well it works? (Score:5, Insightful)
I see no reason for a second AV program, providing the VM's virtual drive is readable by the host operating system. If any kind of nasty program gets installed, it's going to have hit the file system at some point, and if the host's AV can plug in to that file system, it can suspend or terminate the VM.
Microsoft, please read and listen! (Score:2, Insightful)
The bottom line is that I can't do a seamless implementation into the environment, the amount of overhead for the extra testing, training, hardware, certification means that it simply cant cost justify. Microsoft needs to remember that their two biggest competitors are XP and Linux. Any CIO worth his salt is going to ask one very simple question when presented with these costs. "Why aren't we sticking with Windows XP to begin with?".
I'm not opposed to things like VMWare, I have set up labs professionally for clients as a consultant and personally have paid for the workstation application and run it at home. I think it's great for IT needs, but the above issues should help explain why this feature is not the answer that Microsoft thinks it is. On a personal level I like this feature, and will almost certainly run it at home, so I speak professionally, not personally.
Stupid, Stupid, Stupid... (Score:5, Insightful)
How stupid are these people?
Windows alreadys supports multiple OSes, from the Win16 and DOS subsystems to the BSD/UNIX subsystem, and also the Win32 and Win64 subsystem.
Which all have their own kernels, and run in NT OS subsystems.
So adding in a VM'd version of XP is going to add to 'support'? How?
The updates still come from MS Update, it isn't like the in house people are writing the patches themselves.
If anything this creates more work for MS, not a freaking IT department.
I'm not sure where to even begin with how stupid this sounds...
More tech support? Really?
If an IT department isn't using group policies and the business centralization and integration technologies of Windows, they shouldn't be using Windows and instead move to something that has almost no central control or mangement like Linux or OS X.
The hallmark of why business CONTINUES to choose Windows deployments is the ease and control that MS continues to give IT administrators, along with their centralized server management concepts that really do make anything else out there look foolish.
A well deployed Windows server/client environment is peanuts to administer, even when the IT people shove Firefox on users and have to run around and do 'manual' updates because Firefox is 'retarded' about allowing remote or admin level updates without giving your users administrator rights.
The second part of this is not understanding the virtualization technology being used. They assume it is like a 'free window' VMWare mode.
It isn't, it somewhere better a VM and a Subsystem on the NT architecture, which is one thing that makes HyperV as powerful as it is.
Truly people forget that NT is a user mode OS-less architecture, and that everything anyone sees is a 'virtual' subsystem, even Win32 has its own kernel and doesn't really know that NT is running under it.
Ok, I'll let people go grab the facts on this crap themselves, and give Win7 a week or two i people's hands that actually 'do' know what they are talking about...
PS The XP Virtualization is mainly for corporate clients, as 99.9% of all software works on Vista and Win7.
It is only the in house written or 'corporate' written software crap that has no concept of NT security that has problems with Vista or possibly Win7 that enforces the 20yr old NT security model that the software developers should have written for in the first freaking place.
Re:Yes but ... (Score:1, Insightful)
The earlier versions of windows (Win9x,Win2K) were less secure.
Thousands of the zombied machines out there are zombies because the _user_ installed the malware. They were fooled by some website, thought they were _infected_ so they followed some instructions, "ran some scan" and got themselves infected.
If OSX/Linux had that class of users and a larger market share they could be infected as well. There is NOTHING on OSX or say Ubuntu/Redhat ("out of the box") would save a user who decides to run something says it's going to do something innocuous, but does something nasty as well.
In contrast Vista does have better sandboxing ("File System and Registry Virtualization").
F-U kdawson (Score:2, Insightful)
yeah, the whole thing reeks of FUD, since XPM was just announced days ago.
Some slashdotters can't be happy with anything...
Re:Microsoft, please read and listen! (Score:4, Insightful)
"Architect" level my ass. You probably get someone coffee. Sorry but your whole post is just ridiculous.
There's no reason for any of your 'points' to stand if you migrate the system to Windows 7.
Why have both? If Windows 7 is a better alternative, then for god's sake, run it. And don't tell me you need it just to have support for legacy apps that only run in Windows XP and not Windows 7.
Because if you DO have those apps, you either need to upgrade them to Windows 7 functionality, find something that does the job better, or just FORGET ABOUT WINDOWS 7 and stay with XP.
Damnit man, this is not that difficult to comprehend.
Why do IT guys always have to blow things way out of proportion?
Re:Inflated numbers? (Score:2, Insightful)
To be fair, every OS that I've ever dealt with has had issues with major upgrades. Whether it's glibc problems with older Linux binaries, or compatibility and driver problems moving to newer versions of Windows, there's always pain. For most of the history of computing, upgrading basically meant old binaries were FUBAR. Either you didn't upgrade or you had to compile/buy new versions of critical software, and put up with all the headaches that went along with it. Binary compatibility has always been as much a dream as a reality, and I think pretty much all *nix versions now do recompiles. Certainly most Linux distro familes at least recompile for all the major versions, and in many cases if you're a Debian user, you'll likely be using a different build of any given piece of software than an Ubuntu user.
Microsoft's chief problem for much of its history has been insisting on insane degrees of backwards compatibility, meaning a lot of legacy code is passed on from generation to generation, making getting new versions of Windows out the door has been an increasingly complex process. The newest generations of CPUs, the better average baseline hardware, and significant strides in virtualization technology now means that in future versions, a lot of this legacy code can be essentially left behind, and if users need to support older apps, they can run it in VMs, while Windows itself can be taken in any direction Microsoft sees fit. The underlying architecture becomes an open book again, as opposed to be constrained by a quarter century of legacy support.
And as to the concerns that some have raised her that developers won't write for newer versions of Windows, I don't buy that either. We're talking about a VM running an old OS which will not contain any new features, ever. At best some resources may have to be dedicated for the foreseeable future to keeping XP patched beyond current abandonment dates, but providing Microsoft gives users real reasons for upgrading beyond the eye candy crap, developers will be pursuing that brass ring.
Did you hear? (Score:1, Insightful)
Legend has it that XP will run in a virtual machine in (gasp!) Linux.
As long as you're going to run all your legacy apps in a VM and everybody has to learn a new interface anyway, why not get off the train to crazytown now? You can keep your legacy apps, you can keep paying Microsoft their Software assurance, and - hey - I'll bet you will be amazed how well some of your stuff migrates.
Re:Stupid, Stupid, Stupid... (Score:3, Insightful)
Windows alreadys supports multiple OSes, from the Win16 and DOS subsystems to the BSD/UNIX subsystem, and also the Win32 and Win64 subsystem.
Windows has a BSD/UNIX subsystem?
Re:Pardon me... (Score:4, Insightful)
It really depended on what you were trying to do with Classic. As a way to run just a few old apps that never got upgraded, it worked really well. As a main part of your daily workflow, it was a pain in the ass. For most home systems it did what it was designed to do - get people by until they were able to buy the next version of all their favorite software, which was by that time OS X native.
It's a much better solution than either a) not supporting those applications at all or b) maintaining backwards compatibility with a codebase that is that archaically designed.
Re:Microsoft, please read and listen! (Score:3, Insightful)
I have worked as an enterprise consultant and architect for the last several years working with enterprise environments upwards of 75,000 desktops and 15,000 servers in everything from government to finance servers that link up directly with stock exchances (NYSE, Tokyo etc). I noticed you did not refute the points, but only show your immaturity and inexperience in your response. You completely missed the point that Microsoft wants people to run both in a desperate bid to start getting enterprises to actually roll out Windows 7. My point is that you don't want to run both, that it wont solve the problems that Microsoft thinks it will.
You fail to understand why Microsoft is doing this, it certainly isn't so that a home user can run Windows XP and load up an old game. Microsoft is offering this because enterprises refuse to move away from what is known to work - XP. They obviously think that by offering a virtual PC session of XP that they will alleviate their customers concerns about losing the largest base of available software for any operating system and because it is known to be compatible. They are doing this because people like me are making official recommendations not to migrate to Vista or Windows 7 and they are trying to remove what they perceive to be an objection.
You have obviously never had to look at identifying and testing 3-4000 applications for something as simple as a service pack rollout. The experience you may have with patching your personal computer and perhaps a few friends has no relevance to patching or upgrading thousands of desktops. When you move away from your personal system to supporting tens of thousands of systems and need to keep them up and running through major upgrades, hardware replacements or operating systems rollouts you will have a place to speak.
Re:Yes but ... (Score:5, Insightful)
That's because making a living off Window's security deficiencies is for all intents and purpose the same thing as making a living off Computer security deficiencies. Sure, there are aspects of the Windows security model that downright suck. But the reality is every system has security vulnerabilities out the ass. Whether Windows or Linux or BSD or what have you has more is up for debate, but the definite thing is that security is an active, evolving process, and whatever OS is used by the majority of the world is going to be under constant attack.
I suppose if builders didn't build houses so damn easy to get into, we wouldn't need locks (and thus lock makers), and alarms, and cops and security guards, and fences, and a neighborhood watch. After all, the home builder made the house, he should guarantee it in perpetuity as an impenetrable fortress. Even if the owner ignores his recommendations, and leaves the doors unlocked and the windows open, it should still be secure. And despite the need for security, it must still be convenient for the owner and guests to enter and exit at will, pleasant to look at, and maintainable by an owner who has no knowledge of experience in houses.
You act as if security is easy, and MS could accomplish it if only it tried a little harder. That's not the reality. MS deserves flack for any number of legitimate grievances. They took way to long to take security seriously (basically the entire time from XP's release to Vista was spent making massive security improvements to catch up to where they should have been), they use abusive business practices to encourage lock-in. They make bizarre and frankly retarded attempts at anti-piracy like activation/genuine advantage (if there ever was a drm measure that does nothing to even slow pirates down, and annoys the crap out of legit purchasers, its Windows Activation).
But acting like MS and MS alone must bear the burden for ensuring the security of pc's, is ridiculous.
Re:Yes but ... (Score:2, Insightful)
Linux and Apple zealots out in full force on this one. You were incorrectly given a "troll" moderation.
Whatever OS is on top will face a security challenge of a magnitude those on the bottom can't really comprehend. They don't want to admit they are under the security blanket of obscurity and get very angry if you suggest their OS of choice would show it's weaknesses if it had the top position.
Re:Pardon me... (Score:5, Insightful)
I use Virtual PC to run XP under Vista right now, and have for a year. And it works.
I find it difficult to believe that MS would release this solution in any state that is less functional than what currently exists under Vista.
It was just announced and is in beta (likely lagging behind Win7... since it ships as a separate download there's no need for it to ship at the same time as Win7, which itself is six months away at the least). There's time.
Re:OK with Virtual Support (Score:3, Insightful)
That Windows 7 has such problems with XP apps that Microsoft thinks some users will want to run them in a virtual machine says a lot to me.
What it says to me is that the cumulative changes between Windows 3.1 and Windows 7 are now so great that it's cleaner to just calve off a small chunk of your computer and run old stuff in its own environment than it is to try and keep it integrated with the rest of the system. And I can't see how this is in any way a bad thing; if nothing else, crashes in legacy apps should be confined to those apps rather than taking your system down.
In particular, this is a great way of dealing with legacy XP apps that insist on being run as Administrator because they were written without any concept of functional file permissions. Whether or not these apps are good or "should be updated by their publisher" (who most likely no longer exists), they're a huge part of the day-to-day running of many companies. Being able to run them without risking your system stability would, I'd think, be a huge drawcard for corporate users.
Re:crash and burn (Score:5, Insightful)
Just for the record, I've used Vista at work since it was released (doing .Net development and Database work on SQL Server).
Before SP1 was released, it was a pain in the ass. Since then... not so much.
In fact, I'm now used to Vista, and like it's extra features and perks, and find going back to XP annoying. I miss too much (the instant search everywhere, for starters, the snipping tool for another, I could go on and on) when I'm forced to use XP. And XP is so much less secure than Vista. Vista has proven to be remarkably stable and I haven't had ANY issues with viruses or trojans (not so, every XP install I've had over the same time period). It performs well, but of course I do have 4GB of memory, and wouldn't dream of saying anyone run Vista on less than 2GB.
The trash-talking of Vista is, at this point, mostly habit based on old info. It's ridiculous. ANYTHING that will help get people off XP and onto the newer more secure OS's (hopefully Win7) is a GOOD THING.
Hopefully most people won't need to use this new virtual XP VM in a regular way, in perpetuity. It can be and should be used as solely a stepping stone to get people on Win 7 and off XP, giving time for any software that refuses to run on Win7 to be updated or replaced. Mostly, the "XP Compatibility Mode" works well. For those apps that are just so badly written and so insecure and obsolete that they can't run even under that, this new XP VM provides a solution.
Of course, if software had been written correctly in the first place, then it'd run on Win7 correctly without issue.
Of course, one of the more laughable things is that SQL Server 2000, Microsoft's own product, won't run on Vista or Win7. Of course, it's a crappy database and nobody should be using it at this point... but there you go :-)
Re:Pardon me... (Score:2, Insightful)
It seems many slashdot readers have the opinion that Win7 is some sort of different O/S from XP. Actually, it is not. Applications running in XP also run in Win7 unmodified.
The transition from OS9 to OS10 was like the transition from Win95 to WinNT, i.e. from a co-operative multitasking unprotected 16-bit O/S to a preemptive multitasking protected 32-bit O/S.
The transition from XP to Win7 is a transition from one version of WinNT to another more advanced version of WinNT.
Re:Drivers? (Score:2, Insightful)
Actually bus master DMA does make PCI harder. It's still possible on Windows though - the model is that Windows creates scatter/gather lists for you. The API also has plugs for the HAL potentially adding an extra layer of buffering in software once you start a transfer and tear it down at the end of the transfer. On x86 most of these plugs have traditionally been unused. On Risc they were used but with PAE enabled they are used to allow devices that can't bus master above 4GB to be used on 64 bit systems. I think some NUMA servers might have a non trivial implementation of DMA too. Basically the NT kernel has always had an abstraction for things like DMA to keep code portable.
I still think you're too blase about virtualising USB though. Of course you can add a driver to do it, my point is that by doing so you add a lot of latency. I'm suspect a lot of USB device drivers won't be able to handle that.
Re:False economy: "at least it is employing people (Score:3, Insightful)
Re:Pardon me... (Score:3, Insightful)
And by older I mean everything tailored for XP, either 1 or 7 years ago.
How many times have we been through this? 3.1, 95, 98, 2000, XP, Vista, and now this. How many legacy apps did Linux broke since then? Oh, right, they're still working because the code is open and there's always someone to fix that one function call that no longer exists.
Wanna bet? In five years the Win 7 apps will be either obsolete, or better supported on Linux than Windows 7++.
Re:Yes but ... (Score:1, Insightful)
Yes BUT...M$ IS responsible for the security of computers running M$ operating systems! This is something that M$ has falied miserably at, and I don't see that changing for the better. Ever!
And for those who say that M$ should drop suppoert for "legacy" programs, think about this. Software companies are not going to like having to completely (or even partly) rewrite all of their software every time M$ comes out with its next OS. Users (whether its a single user or a giant corporation) will not want to have to buy new versions of their software every time M$ comes out with its next OS. Consider the lack of drivers for Vista. Many hardware companies did not jump on the Vista bandwagon, and create drivers right away. They correctly saw that Vista was the biggest turd that M$ ever laid, and that many users would not downgrade to Vista. So they were not in a big hurry to pay programmers to write drivers for Vista.
And in these hard economic times, people and corportaions are even less inclined to spend any money that they don't have to.
Re:Drivers? (Score:2, Insightful)
No, in Windows the a WDM driver calls Windows and asks for a scatter gather list. Also you allocate something called map registers
http://blogs.msdn.com/peterwie/archive/2006/03/02/542517.aspx [msdn.com]
Map registers are an abstraction the DMA API uses to track the system resources needed to make one page of memory accessible by your device for a DMA transfer. They may represent a bounce buffer - a single page of memory which the device can access that the DMA will use to double-buffer part of your transfer. They could (in the world of the future) represent entries in a page map that maps pages in the physical address space into the device's logical address space (another DDK term). Or in the case of a 32-bit adapter on a 32-bit system where there's no need for translation, it might represent absolutely nothing at all. However since you probably want to write a driver that makes your device work on any Windows system, you should ignore this last case and focus on the ones where translation is needed.
You'll want to allocate enough map registers to handle your maximum transfer size. This limit might be exposed by your hardware, or as a tunable parameter in the registry, or just by common sense (you probably don't need to transfer 1GB in a single shot now do you?). However since map registers can be a limited resource, you may not always get the number you asked for (it's an in/out parameter to IoGetDmaAdapter). In that case you'll need to cut down your maximum transfer size - either rejecting larger transfers or breaking them up into smaller pieces and staging them.
A map register is a abstraction for a resource that maps one page of memory into the memory that is visible to the device. When you map a transfer the HAL could double buffer, or program an IOMMU, or it could do nothing (this was almosts always the case on x86). And the Intel version of IOMMU is apparently better optimised for virtualising DMA. Though it seems like the AMD one would work too.
Mind you, there's an issue with drivers not following the rules because they could get away with it on x86. Still the NT DMA model has always supported all of these options (no buffering, an IOMMU or a bounce buffer) though - it's very foresighted in that respect.
Re:Pardon me... (Score:3, Insightful)
Exactly. As long as its not meant to be or treated as anything more than a band-aid, this is a good thing. The answer when something doesn't work in the VM should be "petition the software maker to upgrade it to Windows 7".
By letting the VM solve 75%+ of these apps, the motivation and pressure will exist to get the other 25% ugpraded, and let them deprecate XP for good.
Re:Pardon me... (Score:4, Insightful)
You really don't get it, do you? Source compatibility isn't enough. You need BINARY compatibility. Many core business apps were developed by companies that no longer exist or developers who were no longer there. Many times, Source code doesn't exist.
Even if it does, users don't want to or know how to recompile it. And fixing that one function call that no longer exists? Why should people have to? Every function call that no longer exists is another pile of developers who won't switch to your latest version.
I highly reccomend reading Raymond Chen's blog/book to understand how backwards compatibility works in the real world.
Re:Pardon me... (Score:3, Insightful)