Discussion regarding virtualization

Discussion in 'Networking and Security' started by Chagi, Jan 4, 2007.

  1. Chagi


    Disclaimer: There are a number of threads on this particular sub-forum regarding browsing security, spyware, etc., so hopefully the following isn't duplicated elsewhere.

    The above said, I've recently been experimenting a bit with virtualization, and thus far I am quite happy. More specifically, I've been trying out VMWare's free "player" software, along with the "browser appliance" (also free).

    I have been an avid Firefox fan up until this point (running a Windows platform PC), but have still found that spyware tends to slip through to some degree (according to my spyware scanners). It is frankly a pain to constantly be scanning my computer for viruses and spyware, so I decided to start looking around.

    I have played around a bit with various *nix variants in the past, but have never really had enough time to devote to truly "mastering" them as a daily use OS. I have also recently been poking around a bit into virtualization, because I have seriously been considering buying a Mac as my next general use comp.

    I managed to stumble across the VMWare "player" solution, have been using it for a few days, and have to say that it is very elegant. In short form, you launch the player, point it in the direction of the browser appliance file (directory), and it boots into Ubuntu Linux, then launches Firefox (an older version unfortunately, not 2.0). Performance has been mixed, definitely slower than running Firefox on my host OS, but I also possess an aging comp (P4 2.1 GHz, little under 1GB RAM, etc.).

    Based on my understanding thus far, the key point with this solution is that you can configure the appliance to reset each time you "turn off" the VMWare PC. Not just a reset of volatile memory, but instead a reset of the entire volume to the state it was in prior to the previous launch (i.e. it can be configured to never change, you can also configure it to save changes, useful for initially setting up your bookmarks and such). This essentially means that you can surf without worrying about spyware, viruses, etc. - anything that gets through should be gone the next time you boot the appliance. Also worth mentioning that I'm fairly certain that Ubuntu itself is far more secure than Windows. :)

    I'm interested to continue some discussion on this topic, particularly the experiences that other forum members have had with virtualization. At this point I'm interested to see what comes of the VMWare beta for MacOS, because I may indeed choose to go that route, rather than running Windows as host OS going forward. This is particularly relevant for a trading forum, given that most trading and quote platforms are currently only available for Windows.
  2. Sounds like an excellent idea. I have used Vmware on a Linux laptop some years ago, and it worked very well for what I wanted, which was just Office and access to an Exchange server.

    Unfortunately no security is absolute - even virtualization. I have read somewhere that some proof of concept malware has been developed that gets in at the hypervisor level. Then you're really stuffed as it really is undetectable. For the moment though, it's probably the best security you can get.
  3. Vmware is a great product. It has been my experience that virtual machines have some level of native resistance to viruses just because of the way they are insulated from the host machine's network and IP resources.

    I'm looking forward to upgrading my mac so I can have OSX most of the time but run a vmware window for Windows XP Apps.
  4. Novell Looking for Acquisition Targets?

    Written by Bryan Richard
    Thursday, 04 January 2007

    Matt Asay recent blogged about how Novell might be in the market to make an acquisition this year in the virtualization space. He lists XenSource and Altiris as possible targets.

    If Novell wants to maximize the potential of their Microsoft alliance and bring about a scenario like Canonical founder, Mark Shuttleworth, outlined in a recent Red Herring interview...

    Microsoft is going to claim that deploying Linux anywhere, unless you pay Microsoft a patent fee, is a violation of their patent and they haven�t proved that yet. But they certainly seem to be positioning themselves in such a way that they could do so.

    ... then you have to think they'll buy XenSource.

    Why XenSource? Because it's at the heart of Red Hat's pending RHEL 5 virtualization features.

    If you're into doomsday scenarios -- and you kind of have to be these days -- you have to wonder to what extent Novell would be willing to use as a competitive weapon the agreement with Microsoft that excludes Novell customers from patent litigation.

    If Microsoft has a patent covering Xen-like virtualization tucked away somewhere in their intellectual property vault then Novell could use that to plant doubt in customers minds about upgrading to RHEL 5.

    Novell paid handsomely for that patent indemnification -- both in cash and community PR -- you have to assume they're going to put it to use and acquiring XenSource would put them in a position to leverage it.

    Of course all of this idle speculation on a slow news day could amount to nothing. But regardless of whether the intellectual property threats are real or implied, the Open Source market seems to have graduated from feature wars to information wars. The open solutions of 2007 could start to be judged not just by if they solve technical problems but if they also pass muster with a company's Chief Legal Officer.

    And that's a shame. The last thing that Open Source vendors need is customers asking, "Is it safe?" It's what SCO aimed for and failed to accomplish.

    But if done correctly, Novell could show SCO a thing or two about how the game is played.