Solved

What benefit is there to leaving virtualization settings in BIOS disabled?

Posted on 2014-09-13
4
531 Views
Last Modified: 2016-11-23
I often see on mid-range business desktop PCs (e.g. Dell and HP) that the CPU virtualization settings (e.g. Intel VT-x and AMD-V) are disabled by default. I usually enable it just for the sake of having it available in case I ever want to use it.

Is there a reason why it should be left disabled? Is there some kind of security or performance benefit to leaving it disabled on regular PCs that are not going to be doing any virtualization?

If so, does the same argument apply to servers which do not need virtualization?
0
Comment
Question by:Frosty555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 95

Accepted Solution

by:
John Hurst earned 167 total points
ID: 40321082
I do not know why it is disabled by default, but I cannot see any extra security advantage with it disabled than enabled. I have it enabled on my travelling laptop (in order to run VMware) and there is no security risk to having it enabled - none that I can see or witnessed.
0
 
LVL 121

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 167 total points
ID: 40321109
What benefit is there to leaving virtualization settings in BIOS disabled?

To answer this question, there is no benefit, if left disabled hardware virtualisation is disabled, and you will find you cannot run some Hypervisors, as they have a requirement for it to be enabled.

It's only recently on very modern desktops and servers, that I've started to see Intel-VT and AMD-V being enabled by default.

It always used to be disabled, causing many questions on EE!

Why does my PC, Desktop server not work with viurtualisation.

They was a theory, that users could install and use Virtual Machines to override the PCs OS, and run a new OS, inside the existing OS, but I'm not sure I've yet to see, any evidence of this, or even delivery of an OS running as a VM delivered on a LiveCD ROM.

e.g. VMware Player, Workstation or Virtualbox...

e.g. A portable Hypervisor....

BUT, at the University where I work, it's still DISABLED ON ALL 1500+ Workstations!
0
 
LVL 9

Assisted Solution

by:Carlos Ijalba
Carlos Ijalba earned 166 total points
ID: 40322651
Back in 2006, a concept rootkit based on x86 virtualization appeared, which I believe it was what made the manufacturers turn off the option by default just in case (it's a basic case of "security by OFF by default").

The culprit was called "Blue Pill" (nice reference to Matrix), and was coded by a Polish hacker girl called Joanna Rutkowska.

To have a read on the story (is quite interesting, actually):


For some more technical details about the rootkit inner workings see:

0
 
LVL 95

Expert Comment

by:John Hurst
ID: 40346513
@Frosty555  - Thank you and I was happy to help.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question