Solved

What benefit is there to leaving virtualization settings in BIOS disabled?

Posted on 2014-09-13
4
496 Views
Last Modified: 2016-11-23
I often see on mid-range business desktop PCs (e.g. Dell and HP) that the CPU virtualization settings (e.g. Intel VT-x and AMD-V) are disabled by default. I usually enable it just for the sake of having it available in case I ever want to use it.

Is there a reason why it should be left disabled? Is there some kind of security or performance benefit to leaving it disabled on regular PCs that are not going to be doing any virtualization?

If so, does the same argument apply to servers which do not need virtualization?
0
Comment
Question by:Frosty555
  • 2
4 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 167 total points
ID: 40321082
I do not know why it is disabled by default, but I cannot see any extra security advantage with it disabled than enabled. I have it enabled on my travelling laptop (in order to run VMware) and there is no security risk to having it enabled - none that I can see or witnessed.
0
 
LVL 117

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 167 total points
ID: 40321109
What benefit is there to leaving virtualization settings in BIOS disabled?

To answer this question, there is no benefit, if left disabled hardware virtualisation is disabled, and you will find you cannot run some Hypervisors, as they have a requirement for it to be enabled.

It's only recently on very modern desktops and servers, that I've started to see Intel-VT and AMD-V being enabled by default.

It always used to be disabled, causing many questions on EE!

Why does my PC, Desktop server not work with viurtualisation.

They was a theory, that users could install and use Virtual Machines to override the PCs OS, and run a new OS, inside the existing OS, but I'm not sure I've yet to see, any evidence of this, or even delivery of an OS running as a VM delivered on a LiveCD ROM.

e.g. VMware Player, Workstation or Virtualbox...

e.g. A portable Hypervisor....

BUT, at the University where I work, it's still DISABLED ON ALL 1500+ Workstations!
0
 
LVL 9

Assisted Solution

by:Carlos Ijalba
Carlos Ijalba earned 166 total points
ID: 40322651
Back in 2006, a concept rootkit based on x86 virtualization appeared, which I believe it was what made the manufacturers turn off the option by default just in case (it's a basic case of "security by OFF by default").

The culprit was called "Blue Pill" (nice reference to Matrix), and was coded by a Polish hacker girl called Joanna Rutkowska.

To have a read on the story (is quite interesting, actually):


For some more technical details about the rootkit inner workings see:

0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40346513
@Frosty555  - Thank you and I was happy to help.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
In this video tutorial I show you the main steps to install and configure  a VMware ESXi6.0 server. The video has my comments as text on the screen and you can pause anytime when needed. Hope this will be helpful. Verify that your hardware and BIO…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now