I noticed my x60 tablet had “Intel Virtualization Technology” off by default in the bios. In talking to people and reading blogs, a lot of manufacturers configure their machines similarly.
Turning on VT Technology enables “Hardware Assisted Virtualization” in Virtual PC, which gives virtual machines a performance boost. See Scott Hanselman’s “Virtual PC Tips and Hardware Assisted Virtualization” for more details.
It’s a simple job to enable VT Technology in the BIOS, but I started wondering why every machine seems to have this feature turned off. “Off by default” is a security mantra, and it turns out hardware virtualization extensions do open a potential risk.
The slide deck "Hardware Virtualization Rootkits" (PDF) is an interesting read. It seems a rootkit could use VT Technology to run at a higher privilege level than the operating system itself! Microsoft recommends that manufactures turn the feature off by default for non-server class machines. See: “CPU Virtualization Extensions: Analysis of Rootkit Issues”.
Just more proof that you can’t ship any kind of feature these days without thinking of the security implications.
OdeToCode by K. Scott Allen
Subscribe
Twitter
Search
About
Learn C#