Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

What benefit is there to leaving virtualization settings in BIOS disabled?

Posted on 2014-09-13
4
Medium Priority
?
581 Views
Last Modified: 2016-11-23
I often see on mid-range business desktop PCs (e.g. Dell and HP) that the CPU virtualization settings (e.g. Intel VT-x and AMD-V) are disabled by default. I usually enable it just for the sake of having it available in case I ever want to use it.

Is there a reason why it should be left disabled? Is there some kind of security or performance benefit to leaving it disabled on regular PCs that are not going to be doing any virtualization?

If so, does the same argument apply to servers which do not need virtualization?
0
Comment
Question by:Frosty555
  • 2
4 Comments
 
LVL 100

Accepted Solution

by:
John Hurst earned 668 total points
ID: 40321082
I do not know why it is disabled by default, but I cannot see any extra security advantage with it disabled than enabled. I have it enabled on my travelling laptop (in order to run VMware) and there is no security risk to having it enabled - none that I can see or witnessed.
0
 
LVL 125

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 668 total points
ID: 40321109
What benefit is there to leaving virtualization settings in BIOS disabled?

To answer this question, there is no benefit, if left disabled hardware virtualisation is disabled, and you will find you cannot run some Hypervisors, as they have a requirement for it to be enabled.

It's only recently on very modern desktops and servers, that I've started to see Intel-VT and AMD-V being enabled by default.

It always used to be disabled, causing many questions on EE!

Why does my PC, Desktop server not work with viurtualisation.

They was a theory, that users could install and use Virtual Machines to override the PCs OS, and run a new OS, inside the existing OS, but I'm not sure I've yet to see, any evidence of this, or even delivery of an OS running as a VM delivered on a LiveCD ROM.

e.g. VMware Player, Workstation or Virtualbox...

e.g. A portable Hypervisor....

BUT, at the University where I work, it's still DISABLED ON ALL 1500+ Workstations!
0
 
LVL 10

Assisted Solution

by:Carlos Ijalba
Carlos Ijalba earned 664 total points
ID: 40322651
Back in 2006, a concept rootkit based on x86 virtualization appeared, which I believe it was what made the manufacturers turn off the option by default just in case (it's a basic case of "security by OFF by default").

The culprit was called "Blue Pill" (nice reference to Matrix), and was coded by a Polish hacker girl called Joanna Rutkowska.

To have a read on the story (is quite interesting, actually):


For some more technical details about the rootkit inner workings see:

0
 
LVL 100

Expert Comment

by:John Hurst
ID: 40346513
@Frosty555  - Thank you and I was happy to help.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
In this article will go through how to backup a vPostgres DB from a broken vCenter Appliance and restore to a new vCenter Appliance.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question