John Hebert <[EMAIL PROTECTED]> writes: > IMO, it exposes you to more risk, for the simple > reason that it adds complexity to the system. As you > have pointed out, no software is perfect. Software is > an expression of logic by humans; humans are by nature > goofy, ergo software is not perfect. > > But of course, the risks are weighed against the > benefits. Obviously it depends on the case where it is > being used. I assume that most organizations use VMs > in the "soft underbelly" of their networks; > internally. I therefore assume that the reverse is not > true; organizations wouldn't use VMs on a server on > the edge of the network, like a webserver.
Actually, hosting providers do this all the time these days. Either using VMware or something like user mode linux to provide their customers with a full "box" for them to host their site on. Again, cost vs benefits weighed against the potentially increased risk of a VM compromising the host and bringing down multiple hosting customers. > Maybe I can frame your question in another way: Does > using a VM provide more security by adding layers of > restriction? Again, I would say no, for the reason you > have already mentioned. IMO, if the VM is not open > source, it is less secure at least because it is not > open to peer review. A closed source VM would require > me to have faith in the software publisher's security > programming efforts, and I don't feel as comfortable > with that. > > John Hebert > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Tax Center - File online by April 15th > http://taxes.yahoo.com/filing.html > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > -- Scott Harney<[EMAIL PROTECTED]> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
