Friday, July 16, 2010

Windows 8 Should Virtualize Everything

The next Microsoft Windows operating system should put everything—and I mean everything—in a sandbox.

There was a time when I disagreed with the idea that the core of Microsoft's next major operating system, Windows 8, would be a hypervisor, or virtualized machine monitor. Now, however, I see the beauty of this approach, especially for consumers.

An operating system that runs everything as a virtualized machine could be one of the most significant and beneficial steps Microsoft has ever taken in the continuing development of the Windows platform. Plus, there is evidence, going all the way back to the early days of Windows 7, that this is the exact direction Microsoft has been going in all along.

When I met with Windows executives at the Microsoft Professional Developers Conference in October 2008, they told us about the newly componentized nature of the operating system. For Windows 7, this meant a peeling away of many things that had been intrinsic to the OS. So, all of the apps that used to come with it—the movie and DVD creation tools, messaging, and even e-mail—would now be optional. Even before Microsoft took a hatchet to Windows 7, the company had to figure out how to disentangle Internet Explorer from the operating system's core. Now, at least in the European Union, you can choose to have other browsers pre-installed on your desktop.

While these are mostly minor changes that do not get to the true core of the OS, they do, in their small way, help clear the path for Windows 8 to become the first fully virtualized Windows. I also have a theory that Microsoft has been working to reduce the size of the core OS dramatically (though the company has gone on record, saying it hates to talk about the kernel) and, even as it adds features and functionality to the interface, make it smaller, too. If you look at what's possible on 1MB Web pages, you can see that everything Microsoft is doing on Windows 7 is little more than calls to the core OS with some lightweight graphics work on the front end. Even flashier features, like see-through panes, are really off-loaded to powerful graphics CPUs.

My point is that Windows 8 can, essentially, be a lightweight core (or kernel) and even a lighter-weight interface. Everything else can be a virtual machine. Here are the benefits.

If every single thing that runs on top of the operating system is a virtual machine, then applications, drivers, files, Web browsers, and the pages you view can all run in sandboxes, protected from each other and incapable of harming the OS. It's easy to shut down virtual machines, and in Windows 8, I could imagine that technical functions, such as launching and closing virtual machines and even accessing system hard drives and peripherals outside the virtual machines, could be user friendly. In other words, consumers would have no idea that they're running a series of virtual machines. They'd see a "What's running" window, with a bunch of buttons next to each item that lets them pause, stop, or turn off the app, browser, etc.. They could still do it the old-fashioned way by selecting "Close" or "Exit" from a drop-down menu, but so many people are familiar with Windows Task Manager that they might appreciate this level of control.

Hardware control and mounting drives across virtual machines can be tough, but I think Microsoft can get this worked out by launch time. One option would be to offer a new hardware control panel or "Sharing Center." This consumer-friendly interface would give consumers the option of sharing or shielding hardware and drives across all virtualized machines. Most of the time, you'll want full, cross-machine access. Sometimes you won't. Maybe, for example, Dad doesn't want junior to access the NAS and possibly mess up the photo and video archives. In this new control panel, he could give Junior access to certain drives only when he uses certain apps (runs certain virtual machines). To Dad, this will appear like basic user-level control settings, but to the OS, it'll be a complex system of levers for virtualized access and user control.

Another obvious benefit of an all-virtualized OS is security. If you're browsing the Web and malware tries to attack or overtly suggest you install it to protect yourself, that nastyware simply won't get further than the browser sandbox. This new kind of OS could kill the security software industry.

The biggest and, perhaps, most significant benefit, though, is that the Registry dies. Windows would no longer keep track of every app, device, call, and DLL. The OS will be done carrying the applications' water. Virtualized apps and hardware will only be allowed to store local XML files that tell them something about the base hardware and where to find locally-stored files. Device drivers already get their Device Stage information from just such an XML-like file. I see no reason why this couldn't work for everything else.

I know some people will say that there's little reason to wait for Microsoft to build this mythical virtualized OS—not when Google Chrome for the desktop is right around the corner. Chrome will be very light and rely heavily on cloud-based apps to get stuff done. From a security standpoint, it'll already have a leg up on Windows 7. However, huge questions remain regarding power, usability, and always-on access to critical documents and files. Most consumers will, I'd venture, still look to Microsoft and Windows for their next OS. However, if Microsoft doesn't do something radical like what I've proposed, there will be fewer and fewer people who will walk that well-worn path.

Virtualization is already a great tool for businesses, but the smart money is on making an operating system that sees the world in tightly-controlled sandboxes. This is how Microsoft will pave a new road for Windows users in this still young 21st century.

No comments: