Is XP Mode in Windows 7 a positive step for security, or not?

"Sophos’s Chief Technology Officer Richard Jacobs is once again guest blogging about XP Mode in Windows 7. The issue.. How are you going to manage its security? Over to you RJ.."

Richard Jacobs
Well, Microsoft seems to be aware that there are security concerns around Windows 7’s XP mode.

Roger Halbheer, Chief Security Advisor for Microsoft EMEA posted a defence yesterday, explaining how Windows 7 is more secure than XP, but people still need XP compatibility. This is all true, but it would be an outrage if Windows 7 were not significantly more secure than XP.

Nobody is denying that Windows 7 has a number of security enhancements. See Chet Wisniewski’s recent postings on this blog, for instance.

The problem is not with the idea of XP mode, but with the lack of management and the lack of clarity about the costs that users will incur.

Roger Halbheer touches on the problem, in fact, given that he’s defending XP mode, he comes remarkably close to telling people not to use it.

Microsoft as a whole needs to be much more open about these issues, or users are going to get a rude awakening in terms of management costs, unexpected security vulnerabilities and/or performance impact.

Windows 7 XP mode

As highlighted in my previous post on this subject, the key concern is that every Windows 7 PC running XP mode incurs the overheads of securing two PCs.

I don’t know many IT departments that will be happy to double their workload and costs in the name of security. They’re much more likely to stick with native XP and sacrifice any of the other benefits that Windows 7 might have delivered.

That is hardly in Microsoft’s best interests, but nor is a lot of unmanaged XP virtual machines, which seems to be where they are heading at the moment.