zlacker

I remember reading a discussion a couple of years back where somebody wondered why Microsoft did not go a similar route for Windows. The original context was backwards compatibility with applications written for older releases of Windows.

But given the general security situation on Windows, it would be really nice to have, for example, the browser strongly isolated from the rest of the system.

The idea of using virtualization to enforce stronger isolation between different parts of the system seem like a good one, and it does not appear to be that non-obvious (of course, in hindsight so many things do).

>>krylon+(OP)
Pardon me, but I see a double negative in your last sentence. For clarification are you saying that "it does appear to be non-obvious" or as you wrote, "it does not appear to be non-obvious" (as in, it appears to be obvious)?

>>krylon+(OP)
Bromium (https://www.bromium.com/) is a commercial product that does basically this on Windows, and is also based on Xen.

https://www.bromium.com/advanced-endpoint-security/our-techn...

>>kristo+c2
"not non-obvious" isn't quite the same as "obvious." English prose can't be parsed by pure logic alone.

I think in the context of the entire sentence it's clear that the choice of words is correct as written.

>>geofft+W5
It doesn't seem to be aimed at consumers or small businesses.

>>ams611+Vb
Yes, that is what I meant. Sorry for my convoluted phrasing. ;-) In German, my native language, double negatives cancel each other out.

I mean that in retrospect the idea is obvious, as in, "why did I not think of that".

Of course, in computers and technology there are many, many ideas that appear obvious in retrospect but were still hard to arrive at.

>>krylon+(OP)
Microsoft is doing all sorts of things for security. They added ways to remove privileges from apps, rolled out SDL reducing vulnerabilities tremendously, implemented Windows Integrity Controls with IE at lowest level, added EMET, added whitelisting, pushed managed code, started designing sandboxing schemes like Xax architecture, added a hypervisor (Hyper-V), did mathematical verification on it, and so on. I can easily say Microsoft is putting more work into security in their various layers than Linux/BSD, even OpenBSD in some ways.

Thing is, there's been third party solutions to handle virtualization-based security for Windows for anyone willing to buy them. People mostly don't. So, Microsoft rightly doesn't give a shit. It's why I tell people to use third-party enhancements if they rely on Windows or switch to Linux/BSD due to greater options for security not to mention what CompSci is cranking out for them.

>>nickps+AI
> Microsoft is doing all sorts of things for security.

Indeed they are. Compared to Windows XP (pre-SP2), Windows has come an incredibly long way.

I just cannot help thinking that if they used virtualization the way Qubes OS does, they could both incrase isolation of applications and maintain backwards compatibility without having to jump through the countless hoops I imagine Windows developers must meet on a regular basis.

Hyper-V could be a very nice foundation for such an approach, at least in my fertile imagination. ;-)

>>krylon+BH2
Oh, I agree with that. It could be a benefit on top of what they have. A Dom0/hypervisor solution from them could actually be safer given they have tools for mathematically verifying both driver interactions and low-level system code. SLAM has been applied to drivers for years now. HyperV was verified with their VCC toolkit. So, they'd be a stronger than average foundation.

The best route for isolation, though, is to apply one of the industry separation kernels or virtualization schemes from CompSci that leave more untrusted. Good news is that I found a great document that describes MILS in detail plus some prior work and terms:

http://www.euromils.eu/downloads/2014-EURO-MILS-MILS-Archite...

GenodeOS is OSS built similar to MILS from European CompSci:

http://genode.org/documentation/general-overview/index