Enable hardware virtualization in Bios - Security risk ?

I wanted to run a 64 bit Linux guest on a 64 bit Linux host using latest Virtualbox, and know that for this I need to enable VT (hardware virtualization) in the Bios.
Now I am not so sure whether I want to do this as the setting for this is under the 'Security' tab and is disabled by default (Intel). See here re. potential risks:- http://communities.vmware.com/message/679154

http://www.theta44.org/software/HVM_Rootkits_ddz_bh-usa-06.pdf

Please tell me whether I can run a 32 bit Linux guest on a 64 bit Linux host without having to enable VT in the Bios.
Edit: I have 64 bit version of Vbox and 64 bit Ubuntu host.
Thanks.

 

To answer my own question - yes, apparently it can. So I suppose there shouldn't be any problems. Hope this is right

 

Guys and frequent posters, you will know the answer to my concerns. I have no idea and would appreciate your advice.
If I enable VT in Bios a hard reboot is required. What's the recommended way to best do this ? Maybe exit Bios and then immediatley turn off the power ?

 

You can let your system boot. Then shut it down. No rush.
Mrk

 

OK will try. Are there any security issues in having VT enabled, seeing the setting is shown under 'Security' in the Bios .. 'blue pill' or other ?

BTW. Useful article http://www.dedoimedo.com/computers/windows-7-security.html mailed link to sister-in-law overseas. As staunch Windows
user told her (for the second time) to bookmark your site. Saves me answering lots of questions, most of which require Googling.

 

I would not worry about hardware security. To get your hardware pwned, you need to install bad stuff. This is no different than installing any other bad stuff. Keep your machine clean and you're good.
Mrk

 

Thanks - it's like you said 'no rush' worked perfectly
However I didn't notice speedier execution with 4 cpu's enabled, was about the same as running 32 bit with one cpu.
Also I am not sure what 'Nested Paging' is all about so didn't enable that. (I just loaded the .iso, so can't tell if actual install would make a difference.

Regards.
Edit: I see now that only Intel Core i7 processors support nested paging. So out of luck regarding that.

 

Your biggest bottleneck is the disk. At home, you won't ever get your cpu/memory to max. Make sure you have separate drives for virtual machines, 7,200 rpm or more, sata and whatnot, this makes the biggest difference.

Mrk

 

You mean to put VMs on non-OS partition/ disks?

 

Yup, non-OS, external disks, if you can afford to buy 15k SCSI disks, by all means do.
Mrk

 

I have no spare drives, and obviously it's no use just to place the images on a separate partition as the host OS is still running.
Will think about getting an external drive sometime. Thanks.

 

Enable your hardware virt.

Separate drives for vms makes a huge difference. The biggest performance hit is on I/O - use the highest rpm you can and keep 'em defragmented.

 

I can see two good points here. One, you definitely want your virtual drive file to be one contiguous file and not a fragmented one. Two, you want it to be on a drive with as few other files as possible. Both of these things will dramatically enhance disk I/O to the virtual drive. (I have one drive used only for backup images and vdi files. It is an external drive but only because I use it on both my Desktops and my laptop.)

But you've lost me with your "external drive" bit. Unless you consider a SCSI drive, with its own controller, to be "external?." Do you think that an external USB drive would be faster than an internal SATA?

 

It will be faster than an internal sata running the host OS and the virtual machine.
Mrk

 

Hmm.... I always thought that keeping virtual hard disks on an internal drive will be faster than keping them on an external one.

 

External, internal is semantics. The actual bus is what matters.
As to 15k velociraptors, I think they only can internal ... I should have clearer in that sentence. Of course, internal 15k is the best option, maybe even 8 in raid 6 configuration
Mrk

 

My processor doesn't support 'Nested Paging' but apparently there is a substantial performance gain of around 30% if enabled in Vbox and supported by your cpu.
Over my head but thought I would mention it.