On Wed, 24 Oct 2007, Brian wrote:
> Hi!
>
> I think you are missing the point about x86 hardware being a mess. Theo
> made an excellent point about the architecture itself having so many
> filthy quirks. If a VM is compromised through any means, that attacker
> can now leverage the dirty architecture to bypass the hypervisors
> (supposed) isolation techniques. If the attacker can utilize the VM to
> infiltrate the hypervisor, even more damage can be done.
>
> The entire point is this: You cannot increase security by putting more
> things on one physical server. You can run your different 'Application
> Domains' on different physical servers. That is much closer to security
> than through obscurity.
>
> -Brian
>
Hi!
Sorry, it's YOU that missed the point! I never said or made any comparison
to physical machines - the entirety of that I said is:
"Running services/application domains in VMs increases security." As I
said in a previous email, only an idiot would think that separatey
physical machines would NOT increase security, and I give this crowd much
more credit than that so I did not bother to include such information.
I still stand by my original statement. Running application 'domains' in
VMs instead of on a single server increases security.
Lee
