Fun With Windows 11

[yogi]

I'm sure this will only be interesting to you in a hypothetical sense, but I was quite impressed discovering what they are up to and decided to share my thoughts.

I'm what they call a Windows Insider which is a person that evaluates their operating system that is in development. It's pretty much a huge beta testing experience involving the entire world of Windows users. The introduction of Windows 11 came as a surprise to most folks outside of Microsoft, but a lot of the features in that system have already appeared in the Windows 10 betas. Thus the transition from 10 to 11 was not a big deal. I must agree with those who declare Windows 11 is in it's Alpha stage of development, which is why they decided to let me test it even though the hardware on my computer isn't up to par. They could ease the requirements later on, but I doubt that will be generally applied if it happens at all. In any case, I explained a little bit about those new hardware requirements in another thread. They basically want a hardware solution to attacks on the computer's firmware.

Given the hardware emphasis on security issues, I was not too too surprised to learn about some of the software solutions to security. Being so very new Windows 11 qualified for what Micorsoft calls a Bug Bash event. Everybody who has it to evaluate is encouraged to find problems and report them to Microsoft. I did all that with Windows 10 each time they had a feature release, and this is the first round with the new OS. Along with the evaluation copy of the software Microsoft Insider Program publishes specific quests they would like each user to perform. There are generally a couple dozen and focused on the newest of the new features they plan to include in the final release. Some quests are trivial, but others are quite complex. Such was the case with the quest I read, but did not complete, yesterday.

Some of the new hardware requirements center around Intel's version of hyper threading. No, I don't know exactly how that works, but I do have it enabled on my laptop. Windows 11 will be using that CPU function to create virtual environments. The way the quest reads you might think Windows will have an embedded virtual machine capability. Their Edge browser will be used to create a sandboxed environment that is isolated from the rest of the system services. This is done in the same fashion that running Ubuntu or Kali Linux is done natively on Windows 10. It's a subsystem which is actually a part of the main operating system. This subsystem runs simultaneously with the regular operating system, and part of the quest is to assure that there is no visible lag when in that environment which goes by the name Application Guard container. Setting up the Application Guard is quite a process, but once it is done a simple shortcut on the desktop gets it going. Apparently you can do anything inside the Application Guard that you can do in the normal environment, but it's done in a sandbox. Thus any malware you acquire that way stays in the box and does not contaminate the rest of the operating system. That is exactly the idea I expressed here several times when we talked about security. Only recently did I mention that I was considering running all my computers inside a virtual box just for the security of it all. Well, now, it looks like Microsoft was reading what I wrote here and is making it part of Windows 11.



Well, I doubt that anybody from Redmond reads what we write here, but it is very interesting that they are thinking along the same lines as I have thought in the past. I was going to stand my ground and not give into the required upgrade to qualify for migrating to Windows 11. But now I'm having second thoughts. Perhaps I'll change my mind again should I complete the quest. As I said, it's all Alpha Phase testing now and things could change drastically.

[Kellemora]

Interesting, thanks for posting all that bit of info!

One problem I see is that half the country cannot afford to buy a high-end computer to run their new software.
Also, a lot of folks are now doing almost everything they can on their mobile devices.

I wonder if what they are doing is similar to a few Linux Distro's talking about System in a Box for security reasons?
You have a base system for the computer, and boxed systems for running programs on, especially on-line activities.
I don't have time to read a lot about what is going on out there, but some things pop-up and catch my attention.

[yogi]

The concept of software containers is nothing new. In a sense you have used them when writing HTML. As far as computer operating systems go, the container is simply an independent session inside the base environment. Google, and others, have been putting their G-mail inside containers for several years now. I would not doubt that their Chrome browser is based on containers as well. All of those things depend on the host for functionality, but not so with these security sandboxes. Of course the host is needed to generate the container, but that's the end of it. There is no interaction between the two. The method used to create those container varies widely. Microsoft partnered with Intel in order to come up with its Application Guard, but there is no reason why Linux could not do the same thing. And, as you point out, they probably are. Thus, in order to use these containers as intended, the hardware must be present.

Microsoft draws the line at generation 7 Intel chips. Intel is currently selling generation 11 but apparently the hyper threading function required for Microsoft's containers was introduced to the public about 3-4 years ago. So, if you have one of the newer chip sets, there is no problem. Microsoft estimates that 1.3 billion installs of Windows 10 are floating around the planet. How many of those are 3 years old or younger they don't venture to guess. But my guess is that the number is significant. I'd guess 75% of those billions do not meet the new requirements.

In spite of what you might think of Microsoft, they are not about to throw hundreds of millions of people under the bus. The most obvious scenario is for people to not upgrade to Windows 11, which is not a half bad choice even if you have the hardware to do the upgrade. The two Windows are different, but the difference is not compelling enough to get 900,000 people to buy new computers. Come 2025, however, the support for Windows 10 runs out. I'm running Windows 7 and don't care that Microsoft abandoned me. However, things around me are changing in the sense that nobody else is supporting Windows 7 either. If I want to keep up with technology, I will have to upgrade hardware. And, by the way, I discovered that the processor I'm using in this tower is a generation 3 from Intel. LOL The laptop is generation 7, however.

I'm glad you have seen Linux people talking about improved security. I don't hold out much hope for Linux given what I discovered about their reluctance to migrate over to UEFI. They hate Microsoft and this latest round of security implementations is a collaboration between Microsoft, Intel, and AMD. A few others might be involved too, but I don't recall who they are. In any case, in the past Linux devs have shied away from anything Microsoft. They are going to be left in the dust if they adopt the same attitude with containerized operating systems.

[Kellemora]

I doubt I would ever go back to Windows, but I know my wife will, because her games are all Windows only.

I was studying up again last night about using VMs to hold your OSs, and ran across an interesting post by a fellow.
A fellow was using Arch Linux on his machine to run Virtual Box, don't know what he meant by every Linux kernel as KVM built in though. But he thought, as we all did, that your operating system was safe when running an OS in VirtualBox.
Besides Ubuntu and Linux Mint in VB, he also had Win7, Win8 and Win10.
He does his web surfing and e-mail using the VB with Win8, and picked up a virus or malware that locked him out.
No problem, he thought, he would just reinstall the Win8 from his backed up version he made after he originally installed it with the upgrades and made a clean backup.
He never got as far as doing that. He can't delete that VB container, nor create a new VB container.
And now he found he can't do much of anything on the machine at all.
He removed the external hard drive he uses only for data storage, and found it too has been compromised, but his copy in the cloud is OK and he downloaded it to his external drive after wiping it clean.
He could not get into any of the other OSs he has in VB containers either.
So will start back over from scratch.
There were many comments saying that can't happen, and a few telling him to just delete that VB container.
He came back with there are things on his internal hard drive that were never there before, not associated with VB at all.
Again, folks said that's impossible. In any case, he is going to erase his internal hard drive and rebuild from scratch.

As an aside, another person said they run Proxmox and VMWare. I've not looked up Proxmox yet.

I'm assuming the KVM he was talking about is not like a real KVM, but something that allows you to use things like VB or VMWare?

[yogi]

What is the use of KVM in Linux?
Kernel-based Virtual Machine (KVM) is an open source virtualization technology built into Linux®. Specifically, KVM lets you turn Linux into a hypervisor that allows a host machine to run multiple, isolated virtual environments called guests or virtual machines (VMs).

I knew it was there, but I did not realize it was built into the Linux kernel. The part of interest there is use of the word hypervisor. They are suggesting that there is a software solution to the creation of virtual boxes (containers) inside the Linux kernel; and always has been there. The current specification put out by Microsoft requires that "hypervisor" to be located as bare metal inside the system CPU. Apparently Intel has been including that capability for quite a while but only known to people who deal with virtual machines.

Regarding the article you read, on the surface of it all, and I am getting third hand information here, the author seems to have acquired some system debilitating malware. The big question is, "how did he acquire it?" If KVM and the hypervisor application allowed it, then the attack is what we call a zero day infection. That means it was never seen before and there is no explanation, let alone a fix, for how it could happen ... yet. Something doesn't smell right here but I don't know enough about the situation to offer any meaningful comment. Virtual machines have been around a long time and the state actors of today's world are getting very sophisticated. If this guy was an intelligence agent or other government employee in a critical position, then I can see how this would be a very significant discovery. Then, too, if he was in that kind of position, he would not be writing about it for the world to see. So, until proven otherwise, I'll go with cockpit error for an explanation.

And, as an aside, the above story is a great example of why you should be storing backups in the cloud.

[Kellemora]

OK, I got it now! They are using the letters KVM associated with computers for two totally different reasons.

So I guess all computers have that which makes running VM or VB possible.

I can't remember which site I clicked on now, but I do recall someone else saying that's impossible.
And what probably happened was you are connected to the Internet and the attack came in from the Internet to your system OS, not through a program running in a container. Or maybe you just happen to get hit with both at the same time? Or one attack just wiped out everything it could reach?

That does sound more logical. Sorta like Debi's machine getting hit with the ransomware and it was able to get through the LAN and external HDs connected to my Linux machines, but which had shared folders she could access from her machine.

[yogi]

Perhaps the easiest way to visualize KVM is to think of it as two physically different processors located on the same silicon chip. One processor runs the host machine and the other hypervisor runs the virtual machines. It would be identical to having two separate computers. Think of Raspberry Pi OS on a postage stamp sized motherboard inside the box with your regular CPU. The DC power comes from a common source, but that's it. Nothing else is connected to each other. So, yes, it would be difficult to see how an infection in one box would migrate over to another.

In the case of Deb's ransomware the scenario was a little different. Your LAN is a single entity with a bunch of boxes connected to it. Malware entering at any one of the connection points would typically have access to the entire LAN. In your case the hacker didn't bother, or know how, to deal with ext files so s/he left them be. That was actually a pretty smart move. How many Windows users also store Linux files? Well, don't feel too confident because now they know. All file formats are at risk including the ones running under ARM on your mobile devices. Then, too, some hacks are smarter than others. Some simply know only one thing they bought off the Dark Web while others develop the malware itself by request.

[Kellemora]

That makes sense!
Even so, I think it still uses the CPU and all the RAM, which are connected to the CPU.

What I know about the ransomware we got, the only files affected ended in .doc or .jpg, seems it left all the rest alone.

Now I use ext on my computer, and copy the files over to an ntfs drive for backup.

[yogi]

You are correct to point out that certain hardware is shared literally. The power supply is obviously shared because it makes everything inside the CPU work, and the hypervisor is inside the CPU. RAM also is shared physically, but it is allocated separately. Whatever is in the VM portion of RAM cannot be seen by the host because it is not allocated as available memory. Thus, the RAM available to the host system is reduced by the amount required to run the VM box. I do something that might be questionable. The virtual network card is specified in my setups as being a bridge and not a virtual NIC card. I don't know that a bridge is any easier to compromise than an NIC given that they are all virtual to begin with. Regardless, the traffic from both the VM and the host end up going through whatever network hardware you happen to have installed in your real machine. The IP address of the VM is not the same as that as the host machine so that I don't think they can "see" one another. The virtual box can mount any LAN hardware that the host can mount, and that could be a weak point. Anything on that mounted memory device could go to either machine. But typically memory alone isn't enough to run an executable. You would have to manually move things for any contamination to occur. So, that's why the umount command was invented.

All I know with certainty is that the virtual machine I use to create Linux On A Stick does not, and cannot, see anything in the Windows host machine hardware. That's why the bootloaders (grub) created inside the VB cannot destroy an existing Windows bootloader. They simply can't see each other.

[ocelotl]

When defining VM's we can specify if we want to share a folder from the host OS on the HD with the VM, that may be the other weak point, but it's lockable. For old hardware that is not supported by curent OS but that is used for particular needs, this is how replacement can be dodged.

[Kellemora]

Could be, and does make sense.

FWIW: Some of the images and docs I lost were originals I kept in a password protected folder.
So that tells me they came in another way, perhaps just by scanning the entire drive for files while ignoring folders?

Although I can boot into a few other Distro's on each machine, I still keep one Distro as the main one the machine boots into, but it is different on each machine. It's handy that way for me, hi hi.

[yogi]

Password protected folders will only keep the kids out of the files, but not hackers who know the key is stored in plain text and easy to retrieve. I found it one time when I first read about it, but I figured it was only Microsoft's way of doing things. Apparently others do the same thing. The better method is to encrypt the files. The encryption key is not plain text and harder to find. Regardless, I doubt that would stop a ransom attack, but it would save your data from exposure.

[yogi]

If I haven't enlightened or scared you enough with my comments about Linux vulnerabilities, let this article complete the task. Not only does it show how Linux is falling to ransomware, but it also reveals how helpless virtual machines are ... well VMware and ESXi servers for the time being. The bottom line is that there are no longer any safe havens, not that I ever thought Linux was safe. The bad guys have the ability to crack any system they choose, and that's the truth.

Read it and weep: https://threatpost.com/linux-variant-of ... rs/167883/

[Kellemora]

Interesting read Yogi, but it appears they are attacking servers, namely large servers with hundreds of VMs running.
Mainly big companies with tons of money. So I guess not running a VM on my machines, or putting my data in the cloud, still might be the best choice for me, hi hi.

I was told a long time ago that any 8 year old can crack a password protected folder on the home computer.
Not so if you have a password protected folder on a hosting website for your html folders.
Many eons ago, when I kept the wholesale price lists on-line on my website, I had those folders hidden.
I could tell a customer what password to use to see that folder, but never understood how it worked since I don't use a database. At the time it was just plain old uploaded html, no css back then either.
If I recall, I did have to reset the password after it was uploaded using a tool in the ftp program, or on their site, don't remember now how I did it, but it worked.

I just checked a copy of my old website as it appeared on the BBS. I found a file in it named .htpasswd which is probably how I did it, but don't remember how I did it, or where I uploaded it to, hi hi.

[yogi]

The file with password information for the system is also labeled in an obvious way in the Windows System directory. Those passwords are hashed and not readable the normal way. The password for individual files such as Word documents isn't hashed, or they weren't back when I first read about it. Times have changed and the way of doing things might also have been updated. Either way, encrypted files are much safer than password protection.

You are correct about the article discussing server hacks. The virtual machines on those servers, however, belong to individual clients. The significance of the article is that it points to Linux server vulnerabilities and not just ordinary servers. We are talking about servers that host dozens or hundreds of virtual machines. Thus the hacker need only infect one server to disable hundreds of clients. The article was written because this specific server attack has not been noted previously. Linux servers and clients of the ordinary type have been. Plus the author also points out how the focus is now being turned to Linux type systems in general. I guess even the hackers figure Windows isn't worth the effort. LOL

[Kellemora]

Well, since the world runs on Linux, it only makes sense that is where the hackers would turn their interests too.

I must have misread something last night. A guy was bragging about his computer system has the capability of hosting 1024 VMs and he has either 21 or 24 core CPU. He did not say how much RAM he has.

I know when I was messing with Edubuntu many years ago, on a machine with 4 gigs of memory. I could only handle three workstations and they were slow.
Then I think about our Wang VS 300, and it could easily handle 120 workstations and it only had like 512k RAM memory.

But that's my problem, I read things I don't understand, and wonder what I'm missing about what they are saying.

And how does a company come up with 600 terrabytes of instant access on-site file storage?
I do know a company who advertised they had 2.3 Petabytes of file storage. They are a cloud service provider though.
Even so, I wonder how they do it?

And here is another question. A cloud file storage company has thousands of clients. Many of those clients are storing their data as encrypted files. When they stop being a client, how can the cloud company delete their files? Or is it a simple matter of deleting their account file, like can be done on a Linux computer with users /home folders?

[yogi]

That's a lot of questions.
I will comment on the easy one first. "Many of those clients are storing their data as encrypted files. When they stop being a client, how can the cloud company delete their files?"
Think of what we talked about recently in the context of sending backup copies of your business data to your brother here in Missouri. Basically he had a computer and gave you some space on it to store whatever you cared to put there. Since it was his computer, he had all the administrator rights and privileges that go with such a position. That means, your brother set aside the memory for you to use. Well, he could just as easily unallocate that memory and whatever you had there would vanish. Likewise, being the system administrator he could simply delete a single file, even one that you might have encrypted. Of course, if you put several files inside that encrypted one, he could not get to those. But he could have deleted the entire file. It's just a matter of file management and no deep technical feat.

So it is with people who manage cloud storage. They set aside space for clients and can delete them just as easily. Each client is contained inside a ... virtual machine. That virtual machine in reality is just another file on the server. Given that the virtual machine is probably password protected, by you, the client, the administrator may not have access to what is inside that container. So there is no way for the admin to delete just one file from your virtual machine session. It's all or nothing that gets deleted in that case.

That all is simple file management. But what is actually going on with virtual machines? You and I traditionally think about CPU's as being serial devices. A stream of data goes in one end, is processed, and out comes a different stream of data. In other words, for all the things a computer can do, it is done sequentially in one stream handled by the Central Processing Unit. We know about audio, video, memory, input, and output devices all working together on one computer, but it's that stream of data from the CPU that makes it possible. Instructions are sent to individual modules to perform their function. The audio card, for example, does it's audio thing all by itself after the processor fills up it's buffer with audio data. Same goes for monitors, printers, CD readers, and whatnot. Those devices all work independently after the CPU sends the data and instructions.

Virtual machines also work independently but they interact with the CPU via firmware called hypervisor (KVM in Linux). That means both software and hardware are involved with making VM's work. Both software and hardware have physical limits, as you certainly must know. Thus when you read about a processor that can handle 1024 VM's, that's the physical limit. Think of the machine hardware as being physically located INSIDE the microprocessor. You can only put so much silicon on a chip before you run out of space. The software/firmware for hypervisor is run from that classical "stream" of data we think about being how CPU's process data. The instructions at the CPU level get sent to each individual VM session also inside that same silicon chip. That is how one processor ends up controlling several VM's. The CPU has limits to what it can process. All those cores are in reality parallel CPU's layered one on top of one another. This doesn't make the processing any more powerful, but it does improve the throughput. A 24 core processor will transfer data from input to output 24 times more than a single core. It's not going to be 24 times faster because the speed is controled by the clock frequency. But 24 cores will process 24 times the data for any given clock cycle compared to a single core.

Obviously, the more data you can handle, the greater the number of processes you can set into motion. RAM is important too because all those live sessions of the VM are making heavy use of RAM. 1024 VM's working all at the same time would require a hella lot of RAM and a high power CPU to keep track of it all. It sounds awesome, but that's were we are in today's world. If you run a cloud service, you have many machines that can handle 1024 VM sessions. All that memory isn't being used at one time. Petabytes might be available, but it would be hard to use it all at any given moment. If you have 25,000 clients, petabytes might not be enough.

And, FWIW, I'm seriously considering a 24 core processor for my next computer. At the moment the bottom tier of such devices is around $750. So it may take a while before I decide.

[Kellemora]

Thanks for that great explanation of things!

I had mailed an external USB hard drive to my brother and he had his IT guy set it up to fetch my data each night.
I know next to nothing about how he did that. Other than I had to set my computer following their instructions so they could fetch the data from my backup drive every night. That was about 4 computers ago now too, hi hi.

I do understand that each core of a CPU works as a stand alone computer per se. Data from one core does not go to another core to make it faster, and programs must be written to make use of more than one core to make the program run faster.

I could have several virtual machines, as long as I'm only using one of them at a time.
But how they can have so many in use by various users at the same time is still beyond me, despite your explanation.
If each VM only used one core per client, each client would be using x number of the computers RAM. So to me, it seems like the amount of RAM you could put on a computer would be the limiting factor.
But then too I realize cloud storage is used mainly only for storage, not to run programs from, as was Edubuntu with workstations.

Because a CPU is so fast, we don't notice the breaks between sending audio or video to those buffers, unless your computer is really bogged down for some reason.

I may be wrong, but I thought I read that many server farms only put about 15 to 20 clients per computer, but none of them ever talk about how they handle client storage. But I do know they charge for the different amounts of storage you need to use.

Thanks again for a great explanation!

[yogi]

I think I have the concepts down, but I'm not comfortable explaining the details. One thing I know about past servers with multiple sessions is that they don't run all the sessions simultaneously. They load one session, do whatever that client is doing at the moment, then replace that with another client. Given the clock speeds that are common for servers it would be a trivial task swapping live sessions in and out of memory several times per second. That could be why only 20 clients would be optimal on a given server. Any more than that would cause lag on the client side. For example, when you come to this site and can't get in, more times than not it's due to our share of the server being hogged by some other process being run on the server CPU. Why it sometimes takes an hour to overcome that lag is still a mystery to me.

You are right to say cloud serves are primarily used for storage, but a huge portion of the cloud is used to run virtual machines. You can rent a desktop, or a whole computer, from Microsoft Azure for example. In that case all the processing of data is in fact done in the cloud. The rule was that no executables should be run from any server, but that changed with the concept of cloud computing. It's not just about memory anymore. Also, you might think about what I said above about virtual machines being a single file on a host computer. What goes on inside that file (virtual machine) is of no concern to the CPU. The size of the file is predetermined by your subscription agreement, and any storage space you might use outside your virtual machine is also negotiated. Thus, as far as the cloud service administrator is concerned, he is just assigning memory space and backing it up once in a while.

[Kellemora]

Going way back to the days we had the Wang mainframe. There was not a computer at each desk, the workstations were not computers, basically just a monitor and keyboard. So everything was done on the mainframe, and displayed on which workstation was active. I guess I could compare it to a web browser with a tab for each workstation. It's still the browser doing the work, one tab at a time, and of course the underlying computer running the web browser.

With the advent of server farms, every working desk had a computer, and that computer ran the programs, and merely exchanged data files with the server.

There are live servers that hold and run the programs you are using, and all you have is like a browser to see what it is doing. Again, basically connecting your monitor and keyboard, using your computer to handle the local operation of connecting to it. There are many on-line programs out there that work this way. Especially the tons of on-line games out there.
Very little is relegated to your computers resources. It's one way folks with Schmartz-Fonz are seeing speed increases in things they do on-line, because their Fone isn't the one crunching the numbers.

In a way, isn't a VM sorta like a TAB on a browser. A stand-alone operation but the work is still done by your computer.
The only problem I encountered was, you have to set aside X number of RAM for each VM you create.
But it seems to me, since you will only be using 1 VM at a time on your own computer, why can't each VM be assigned the same RAM memory amount?