3

Possible Duplicate:
Enabling hardware virtualisation BIOS; anything to beware?

This, which seem to be common practice for all hardware vendors, has been bugging me for a while: why is hardware virtualization always by default disabled in a server's BIOS?

Can it lower the system's stability?
Can it create security risks?
Can it have compatibility problems with... anything?

It's always a pain to find it disabled and have your hypervisor refuse to work... especially if you don't have access to the server's BIOS and need to call other people to fix that.

Hardware-assisted virtualization is supported by all server CPUs today, and is by no means a "new" or "experimental" feature anymore. Is there any technical reason at all for this?

Community
  • 1
Massimo
  • 68,714
  • 56
  • 196
  • 319
  • Why the downvote? I'm just trying to make sense of this default settings which, despite how much virtualization is used today, still seems to be a standard... – Massimo Dec 23 '11 at 07:52

1 Answers1

2

It's for security reasons. See http://odetocode.com/Blogs/scott/archive/2007/05/10/hardware-virtualization-off-by-default.aspx

If a virus can install itself and then run the main OS in virtualization then it is nearly undetectable. Or as the article said a rootkit could use VT Technology to run at a higher privilege level than the operating system itself!

Stone
  • 6,941
  • 1
  • 19
  • 33
  • Good catch, but the post explicitly states that "Microsoft recommends that manufactures turn the feature off by default for non-server class machines"; and I'm talking *exactly* about server class hardware... where this feature is always disabled by vendors anyway. – Massimo Dec 23 '11 at 10:10
  • I think Microsoft can puts pressure on manufacturers. – Stone Dec 23 '11 at 10:35