Saturday, December 08, 2007

Virtualization: The Answer for Microsoft?

Recently I was pinned in a chatroom and asked to defend my extreme dislike of Microsoft. What, exactly, did I think was wrong with NT5? Well, items like Microsoft's handling of the user and administration accounts are at the top of my list. If you really want to run a Microsoft Windows installation you need to be in an administrator account. If you are not an administrator, you will run into multiple problems accessing, installing, or using programs. There is no such thing as su or kdesu in Microsoft Windows. You can't run under limited user protections and be able to access administrator commands when you need to.

I'm not really fond of how many OEM's put users into an Owner username by default without specifying that the users had administrator rights, or
the default services that Microsoft shipped desktop computers with. I shared some of the support figures with the person that friends in a Tier II ISP support unit had passed on about Windows Mail. I went over my dislike of IE and the old OE, and took the person through the Acid Test. Yes, FireFox fails the Acid test as well, but it's a far sight better than either IE6 or IE7. I had him type C:\ into the address bar of IE7, and it changed right into the skin for the My Computer program. Thing is, IE is a lot like Konqueror. It's both a web-browser and a file manager. However, it's not a fair comparison as the number of known exploits in the wild for Konqueror is somewhere around 0. The number of known exploits in the wild for Internet Explorer is longer than my arm if I printed out all the names on 8*11 paper in 10pt font, with no margins set.

Eventually I was asked then what I would do... to fix NT5. Honestly, I don't know. The problem is that I am biased. The Unix model that separates the /root and /home accounts was never even considered during NT5's development. Adding in the capability to fully split the Operating System from the User Account goes beyond simple lockout steps. Even in limited user-mode there are multiple points of external access to a computer that can be used to load software under Administrator rights. Microsoft can, and has, used Microsoft Windows Update to install and remove programs without users knowledge.

So... what I'd want is to implement separate /administrator and /user entries. However, doing so will cause the code base to explode since I'd still have to account for the massive amount of NT5 software not built to account for separate /adminstrator and /user entries. Implementing an su feature would also cause the program base to explode. I'm not happy with the default loadout of services as is, and in order to have constant access to the system's actions, an su function would have to be run as another service.

What I'd want to do with IE is simply cut it off as a browser. The explorer program is already a fantastic file-manager, so leave it as that. Write a new browser from the ground up built against W3C specifications and simply retire the Internet Explorer code base for webbrowsing. There is a semi-precedent for such, found with the KDE *Nix desktop enviroment.

KDE is introducing Dolphin with KDE4, a dedicated file-manager. Konqueror, the current File-manager, has slowly become a technically excellent all-in-one program, using KIOSlaves to do things like access Digikam's ShowFoto in order to display singular images in a tab with Konqueror, without launching the entire ShowFoto application. Konqueror can also use KIOSlaves to make calls directly to K3B to write a CD / DVD, or to rip music, all without launching the entire K3B application. However, the slow expansion of Konqueror's abilities have had a negative impact on it's memory footprint and overall performance. Dolphin is to become the primary file-manager for KDE, and is designed to only do file management. That allows Konqueror to continue expanding and growing without becoming a serious bottleneck on overall performance.

Microsoft's Explorer operation is almost the exact opposite of Konqueror. It's a technically lousy internet browser. However, the Explorer application already has excellent file management capabilities, such as the ability to edit files, identify files, and explore the Windows partitioning in a folder based view. The disadvantage Explorer has is that it is too tightly integrated with the kernel subsystems, and is arguably actually part of those subsystems. So, where as KDE has the option to simply replace Konqueror with Dolphin for file management duties, there is no such option with Explorer. However, the opposite technique is possible. Par Explorer back to a file manager and severe the connection to network protocols, and the security concerns and exploitable problems evaporate away. While it might not be technically possible to remove Explorer without re-writing substantial amounts of the underlying Operating System, Mozilla Foundation and Opera have proved that it is very possible to place a new network browser on top of the system and maintain relative overall performance.

The next change on my list was ActiveX, as I'd want to scrap ActiveX completely. Even by now Microsoft admits that ActiveX was a bad thing. Problem is, a lot of Microsoft's own proprietary technologies that only work in the Explorer application are built to use ActiveX. That means that I'd be looking at having to re-write Windows Updates from scratch, as well as numerous other programs and support options.

I'd want something like Synaptic to easily manage and remove all of my programs. However, I'd have to account for the numerous .exe files that don't use standard package management techniques and those that write or re-write files to the Operating System itself... so I'd need not only a new central program manager, I'd need to write lots of other extra routines to handle compatibility with older programs. So, a new update system and package management system would be even heavier on system resources.

Basically... in order to fix the problems I have with NT5 I'd wind up with a huge mix of redundant code only to maintain compatibility. I would basically have to build Vista.

Which is one of the major problems Microsoft has right now. Vista has one of the worst performance profiles ever seen in any commercially released Operating System. Vista broke entire series of records for Instructions Per Clock (IPC), going the wrong way. Part of the problem with Vista is that it is such a performance hog because it not only tries to be a new operating system, which it isn't, and maintain compatibility with NT5, which it is not.

Microsoft faces monumental task after the Vista debacle. Vista is not selling, and I've already stated in a public forum that I cannot independently justify anything over 30million installs for Vista, and I'm having to accept huge grains of salt for figures provided only from Microsoft to even justify 30million installs.

Microsoft then is looking at having to maintain NT5 for far longer than they intended. NT6 can pretty much be swept under a rug with no problem. Collectively nobody is using Vista in a production enviroment.

The problem is, maintaining compatibility with NT5 while trying to build a completely new Operating System that doesn't suffer from the problems of NT5 is a losing proposition, as outlined above... or is it?

I think Microsoft might actually have an answer to their NT5 support problems with virtualization. The next version of Windows can be built under the model of Unix. Lets call it NT7. Separated /adminstrator and /user accounts, write access to the OS only under /administrator access with appropriate su functions built in, and so on. The NT5 kernel, however, sets on a hardware virtualization, and same with the graphics drivers and other hardware drivers. When an NT5 application is ran, the NT5 kernel system is moved to the primary priority for processing, the NT7 kernel system is moved back, and as far as the application is concerned, it is running on NT5 proper.

The amount of code to handle NT5 application recognition and process switching would be far less than the code to integrate NT5 into NT7 as part of NT7. System resources would also be rather low as the kernel and process in use would have priority, so you wouldn't have the memory problems Vista has.

Best of all, by running in a virtualized enviroment, you could seal NT5 off in it's own partition, and prevent write access from NT5 into NT7. So who cares if your NT5 partition gets compromised, just wipe it clean. Or here is an even better idea, wipe the NT5 OS every time the application is finished using the NT5 OS. The next time an application calls for NT5, a read-only copy is fed back into memory, then turned read/write on the fly. So, NT5 itself can't be compromised. It can't access NT7, malicious software can't save itself into the NT5 system, and so on.

Of course, such a setup would probably exceed Vista's hard-drive footprint. However, the benefits of having a Unix like setup, without sacrificing NT5 compatibility, without sacrificing performance, and remove some of the major security concerns with NT5.

Now... the next question is... do I think Microsoft is smart enough to pull this off?

No.


***

edit: separated and clarified a statement involving a comparison to KDE. Cleaned up some grammar to make the editorial flow better.

No comments: