On 2007 Oct 23, at 5:57 PM, [EMAIL PROTECTED] wrote: > Virtualization seems to have a lot of security benefits.
``Seems'' is the key word, here. On hardware like an IBM mainframe that can acutally support what's necessary for secure virtual machines, sure. On x86? Well, it'll keep your kid sister out.... Virtualization is wonderful for simultaneously running different operating systems on the same (beefy) computer, especially for development or testing purposes. If you occassionally need to run something on an operating system other than your preferred one, it's great -- saves you the extra hardware or the reboot, lets you do snapshots, etc. For Windows, it's also wonderful. You basically have to be nuts to have a single Windows server* doing more than one thing, but virtualization lets you do exactly that with relative impunity. It's like splinting a broken leg and giving a huge shot of painkillers to the victim -- you'd never know the leg was broken. But that's about it. I suppose running Windows virtual machines on a real OpenBSD machine might ``have a lot of security benefits'' in some perverted sense of the words, but it's not like the VM is magically going to protect the virtual machines or anything. And if the Windows virtual machines can still talk to the outside world or to each other (via simulated network interfaces, for example), even those ``security benefits'' won't mean much. Cheers, b& * Yes, the full stop here is appropriate. [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
