@Matthew Burling & others
Work has installed windows 7 RTM on my laptop and I've gone off and downloaded the XP mode VM tools.
It's basically Virtual PC and seems to run with the same kind of latency.
It therefore supports NAT, bridged and host only network modes.
I've not had much chance to play with it yet, but I've got to say I haven't got a clue how this is any different from me running XP in VMWare (apart from the extra latency). Nothing has integrated into the windows 7 start menu that I can see. I've yet to install any apps on the VM so maybe that's the reason, but from the 'how wonderful XP mode is' stories I'd seen around the web I was expecting things such as networking settings and control panels from XP to be available easily from windows 7. As far as I can tell the only way to get to these things is to run the full VM desktop of XP and use it as normal.
I was aware that this is for 'normal' as opposed to power users, but this is shaping up to be another case of fairly good idea, really bad implementation. Power users are expected to be able to learn how to run a VM and so therefore should have no need for integrated XP mode.
So basically, yes you're running a second machine for all intents and purposes, it default configures to NAT which will prevent a fair number of vulnerabilities from being exposed to the outside world, but offers you no protection if you are running XP mode software that then talks outside of your 'machine network'.
Personally I was really hoping that it was integrated and fairly seamless and therefore made the use of an XP VM much more like using wine-doors and WINE under *nix with no virtual desktop defined (so apps run under the native window manager, install native shortcuts in the desktop menu launch tool). So far it's the exact opposite of that and I've spent all my time in a virtual XP desktop updating it and configuring it to be suitable for my use. If it hasn't shown promise in the next couple fo weeks then it's going to be un-installed and I'll return to using my VMware XP instance.
Sophos have a point, but they don't take criticism about security and their own products well so I shall treat them the same and ignore them. I've been forced to use sophosAV at work for a few years now, work even offered me a licence for home use which I refused on two counts I don't run Windows and even if I did I still wouldn't run Sophos due to having caught viruses twice at work, both of which were fairly well known; though new, and one according to Sophos' own information library that they should have caught. They have improved the software from the user point of view, but it still sucks.
So Sophos; well they can just shut the fuck up until they stop giving me false positives on open source software that they can easily check out and not send me emails telling me I don't have a clue what a false positive is when I report false positives to them (6 to 9 months down the line they did something about the item I reported, by which time Ive got another 4 false positives that I have to either choose to not use or disable AV whilst I use).
Biting the hand that feeds IT
