I printed out the "SubVirt: Implementing malware with virtual machines" paper I have yet to read it in depth. So I don't know if it is in the realm of Sci-Fi or not as I am still waiting to read the paper.
> > I've done that with VMware and Windows NT 4.0. Not recently, though. > I had a machine with WNT running natively. Made it dual-boot Linux. > Installed VMware. Set up VMware under Linux to boot the existing WNT > partition as a guest OS. Yes from my experience with VMware you can do that or you can write a virtual disk to a file some where on your system. Well I say you can do that under Linux I don't know about Windows. I don't see why it would not work the same under Windows as it does under Linux. > As I recall, it's part of VMware's normal config options to use an > existing disk (partition?) as the guest's root. > Is that what you were asking? > > As for the claim that you wouldn't notice your machine had been > virtualized, that's patently false. VMware is way too slow and buggy > to not be noticed. VMware my be slower than Xen, I have yet to play with Xen as well. What about VirtualPC which is a Microsoft Product and I would guess optimised to run well on Windows since they have all of the hidden API's that Microsoft loves to use. > For example, VMware only supports one virtual NIC. If you used to > have a RealTek, and suddenly you have an AMD NIC, would you notice? > Also, graphics are slow and jerky on VMware. Xen is allegedly faster, > but I haven't used it. Does Xen support graphics? If I remember correctly yes VMware does only support one virtual NIC. I don't think that is the case for Xen and I don't know about VirtualPC. I do know that VMware ESX does support more than one NIC for guest OS or you can use VLAN trunks into Linux to support whatever VLAN you would like that machine to be on. I am guessing that VMware GSX lets you do the same on a Windows or Linux install. I guess one of the things I pointed out with EFI was you might be able to put a VM that EFI loads on the next reboot. I see this could cause all sorts of havoc and a lot of nightmares for people that that are in charge of the information security department or are the information security person for the company. Or if some one was to get access to a Linux machine and install or startup a small Xen environment to do what every they want on your network. One thing I see in a lot of businesses is they don't pay attention to who inside the business is getting on the network. They have firewalls IDS boxes but if you find a network jack inside the business you can plug right in. Another issue I see lacking is understanding of the security issues of WLAN and properly securing WLAN networks and seeing who is connection to your network. I would be more worried about those issues than some one starting up a VM on a machine somewhere in the enterprise. I would be interested if the writers of this paper looked at container based VM's? I know with Solaris 10 ( 9 Maybe ) it allows you to have containers instead of VM's for different environments in your current install. I can't find the link right now but there is a OpenSouce project that is bringing containers to Linux like the Solaris container feature. Mike Miller _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
