If you have ever created a fixed-size virtual hard disk that was larger than, oh – 2GB, you probably noticed that it takes quite a while to create. The reason why this takes so long is that when we create a new fixed-size virtual hard disk we take the time to explicitly zero-out all of the disk space that is being assigned to the new file.
Now – we could do this practically instantaneously by not zeroing out the data – but this has an interesting potential security problem.
Imagine the following situation:
- You have a virtual machine with a bunch of confidential data running on a central server (e.g. your company payroll).
- This virtual machine gets moved to a new physical server in response to increased work load.
- You create a new virtual machine which is given to someone on from the in-house dev team – but the virtual hard disk data was not zeroed out.
- Developer then runs data recovery tools on his new, blank virtual machine and is able to recover data from the old payroll server (yikes!)
You see – data is never actually deleted from a disk when a file is moved or deleted (it is just dereferenced) so to avoid the above scenario – we must take the time to “do the right thing” and zero out the VHD contents.
Update: We have provided a tool to create quick, but not secure, fixed virtual hard disks. Details here.