What benefit is there to leaving virtualization settings in BIOS disabled?

I often see on mid-range business desktop PCs (e.g. Dell and HP) that the CPU virtualization settings (e.g. Intel VT-x and AMD-V) are disabled by default. I usually enable it just for the sake of having it available in case I ever want to use it.

Is there a reason why it should be left disabled? Is there some kind of security or performance benefit to leaving it disabled on regular PCs that are not going to be doing any virtualization?

If so, does the same argument apply to servers which do not need virtualization?
LVL 31
Frosty555Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
I do not know why it is disabled by default, but I cannot see any extra security advantage with it disabled than enabled. I have it enabled on my travelling laptop (in order to run VMware) and there is no security risk to having it enabled - none that I can see or witnessed.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
What benefit is there to leaving virtualization settings in BIOS disabled?

To answer this question, there is no benefit, if left disabled hardware virtualisation is disabled, and you will find you cannot run some Hypervisors, as they have a requirement for it to be enabled.

It's only recently on very modern desktops and servers, that I've started to see Intel-VT and AMD-V being enabled by default.

It always used to be disabled, causing many questions on EE!

Why does my PC, Desktop server not work with viurtualisation.

They was a theory, that users could install and use Virtual Machines to override the PCs OS, and run a new OS, inside the existing OS, but I'm not sure I've yet to see, any evidence of this, or even delivery of an OS running as a VM delivered on a LiveCD ROM.

e.g. VMware Player, Workstation or Virtualbox...

e.g. A portable Hypervisor....

BUT, at the University where I work, it's still DISABLED ON ALL 1500+ Workstations!
0
Carlos IjalbaSenior SysadminCommented:
Back in 2006, a concept rootkit based on x86 virtualization appeared, which I believe it was what made the manufacturers turn off the option by default just in case (it's a basic case of "security by OFF by default").

The culprit was called "Blue Pill" (nice reference to Matrix), and was coded by a Polish hacker girl called Joanna Rutkowska.

To have a read on the story (is quite interesting, actually):


For some more technical details about the rootkit inner workings see:

0
JohnBusiness Consultant (Owner)Commented:
@Frosty555  - Thank you and I was happy to help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Virtualization

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.