Microsoft MEDV - Heralding the demise of the botnet?
Monday, July 6, 2009 at 10:34PM
Tux in background, botnet, medv, opinion, virtualization, windows

Image courtesy of www.sxc.huHi everyone. I thought instead of the usual tip or trick, I'd use this post to talk about a new product Microsoft has been working on that they call MED-V, short for Microsoft Enterprise Desktop Virtualization, and a hypothetical effect it could have on the current botnet threat facing many millions of PC users.

First, some background on Med-V. Aside from the terrifically imaginative name, which brings to mind for me some kind of messy and painful type of injection (Nurse, pass me the Med-V, this guy needs the full treatment) Med-V is an enterprise level product. This means it won't automatically be available bundled with Windows, certainly not the lower-end (home) versions. One would hope, if the product is a success, that this will change.

So what's the deal? What does it do and why should you, the reader, care? Med-V is a transparent virtualization product which builds on Microsoft Virtual PC to provide transparent virtualization for applications running on the Microsoft Desktop.


Virtualization is the currently very fashionable technology which enables an operating system to run another operating system inside it. Why is this useful?

An example might be appropriate: I am an avid linux user (based on my earlier posts, you might not have guessed this) but there are still, occasionally, certain things that I need Windows for because the software is simply not available under Linux. I could (and have in the past) have both operating systems installed on my pc, making it a so-called "dual boot" system. This would enable me to reboot my pc and start up the Windows operating system whenever I needed to run a program for which Windows was required. Once I was done, I would reboot back into Linux. Obviously this approach has several drawbacks. For one thing, it's fairly laborious, since every time I want to run the Windows program, I need to close out my computer, reboot it, and start Windows. This takes time. For another thing, while booted into Windows, I lose the functionality of Linux (and, perhaps, vice versa).

This is where virtualization comes in. Using one of several available virtualization packages (such as VMWare, Virtualbox, Qemu, or Virtual PC), several of which are available for free (as in beer) I can install an operating system inside of my current operating system. In the example above, I would install Windows using one of the Virtualization products and it would be created as a file on the hard drive of my existing operating system. After installation, I could start this operating system from within my Linux operating system. It runs as if it were a program, inside its own window on my Linux desktop. Inside this window is the *other* operating system. So if I install Windows in this way, I can carry out all my windows tasks without having to reboot my computer at all, and while keeping all my Linux programs running.

Windows Virtualization for Windows?

That's all very well, I hear you mumble, but why on earth would you need to virtualize another Windows operating system if you're already in Windows?

And this is the really cool bit. Windows, being a commercial institution, has been with us for many years. Since it's inception, we have seen many versions of "Windows"; Windows 3.1, Windows 95, Windows 98, Windows NT, Windows 2000, XP, Vista and the forthcoming Windows 7. One of the problems that Microsoft faces is backwards compatibility. If they release a new version of Windows that doesn't work with software released for earlier versions, Windows users would (perhaps understandably, they did pay for the software, after all - didn't they?) go bananas. So even when Microsoft made fairly big steps in terms of changing the underlying technology (as when they moved from Windows 98 to Windows NT - where the "NT" stands for "New Technology") they had to ensure that software that worked under 98 would still work under NT.

While this is an understandable course of action for the company to take, it has meant that the Windows operating systems as a whole have become increasingly complex, and have become more and more weighed down by the ballast of having to contain extra code that will ensure compatibility with older versions of the Operating System. As Steve Gibson, a respected security professional and Windows user, put it during a recent episode of the Security Now podcast "Windows is a steaming pile of crap!".

So this is where virtualization can be a *real* boon. Once computers become powerful enough (this is the only real drawback to virtualization: Running two operating systems side by side increases the load on your system's resources) it will be far easier to run programs designed for older versions of Windows in their own "virtualized" container. That way, if you have no older software, you can get by running a much leaner and cleaner new version of Windows that isn't bloated having to accomodate the older software. If you DO need to run older software, you run it in it's own virtualized environment which can be added as a kind of drop-in building block.

In the Med-V environment, it seems, the virtualization will be transparent to the end-user, making it not only more efficient but also easy to deploy.

The Demise of the Botnet

There's another advantage to all this: Combating our current spate of botnet activity (some reports state that two out of every five computers have some kind of malware installed on them). Botnets are, and have been for several years, increaingly burdensome to the tech industry. To say nothing of the disruption and inconvenience they can cause to those people who fall prey to identity theft as a direct or indirect result of their computers becoming part of a botnet.

Botnets are, to the tech savvy nerd, nothing really new. Their technology is constantly evolving, however, in a seemingly endless lockstep with the technlogies that are deployed to thwart the botnets. There are many reasons why botnets seem to be flourishing, but one of the main reasons must certainly be the exploitability of the current crop of unpatched Windows pc's with access to the Internet.

Before Windows Vista, there wasn't a clearly divided - or at least enforced - user model in Windows. The user of the PC usually had administrator rights on that machine even if he or she was not aware of this. This meant that any piece of malignant code that was introduced to the computer by the user of the pc would be running as administrator and therefore able to do pretty much anything on the machine it wanted to, including hiding itself from view and nesting deep within the entrails of the operating system.

With the advent of Windows Vista and its soon to be released successor Windows 7, Microsoft seems to have paid more attention to security. The Operating Systems are, however, still generally compatible with older Windows software. And this is perhaps something that Virtualization can remedy: What if Microsoft were to take the extra step of releasing Windows 7 as 64 bit only and thereby abandoning in-operating system compatibility. On the whole, it would make for a leaner, more stable, more secure operating system.

Botnets flourish in part because there are a great many unpatched - and therefore vulnerable - Windows PCs that they can spread to. Abandoning the older Windows Operating Systems, up to and including Windows XP, would mean that there would be a lot fewer vulnerable platforms to which botnets could potentially spread. This alone should be a powerful force in making the botnet threat a lot less destructive. Of course, no operating system is perfect, and neither will Windows Vista and Windows 7 be perfect either. There will be vulnerabilities and they will be exploited by bored clever people who like to write viruses. Trimming the fat, however, will greatly diminish the amount of potentially available targets and that, in conjunction with the better security that Vista and 7 offer, may make botnets much less interesting for the cutting edge cybercriminal of tomorrow.

Of course, that means they'll come up with something else to exploit. And the whole rigmarole will start all over again...

Tux lives!

Article originally appeared on dutchtechies (
See website for complete article licensing information.