Virtualization Decreases Security

ParaFan writes "In a fascinating story on KernelTrap, Theo de Raadt asserts that while virtualization can increase hardware utilization, it does not in any way improve security. In fact, he contends the exact opposite is true: 'You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.' de Raadt argues that the lack of support for process isolation on x86 hardware combined with numerous bugs in the architecture are a formula for virtualization decreasing overall security, not increasing it."

Uh oh

[$RANDOMLUSER]

Theo de Raadt asserts...

CAUTION: flame war ahead.

Re:Uh oh

[Anonymous Coward]

CAUTION: flame war ahead.

No there isn't! How dare you say that?? F-you! YOU GO TO HELL AND YOU DIE!!!

VMware selloff

[Anonymous Coward]

Thanks for the insider tip Theo, I just dumped all of my VMware stock.

But it's so fun

[Anonymous Coward]

You mean my strategy of running Windows inside of Mac Parallels inside of Pear inside a VMWare instance in a Wine bottle isn't the most secure, stable environment ever conceived? Sheeze. Maybe I should just get a Mac. :)

--
http://www.metagovernment.org/ [metagovernment.org]
GOVERNMENT BY *ALL* THE PEOPLE

Theo rocks, as his usual!

[VincenzoRomano]

And as there is no engineer that can develop hardware without security bugs, the only solution is to stay with insecurity!

Re:History teaches once again...

[mdielmann]

It is not sustainable. It takes more calories to produce a child then you get from eating them.

This assumes that you eat (only) your own children.

Re:What are the big threats now?

[zappepcs]

The number one threat to America today? BEARS !

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Welcome to the rest of the IT world, Theo!

[Anonymous Coward]

Virtualization is overrated. For people who are really in the field to manage, it creates as much overhead as the it solves.

Nobody cares about that. Virtualization is buzzword compliant, it has hypervisors, it can synergistically leverage stuff ! That's all that really matters in meetings. Whether it actually can or cannot do stuff isn't really very relevant.
Even though in real life it can be of use in a few situations (although using it for security purposes might be akin to relying on chroot(8)).

Re:History teaches once again...

[value_added]

There's still a lesson in diversity and computer security to be learned here.

Indeed. Implementing proper security is no small potatoes.