To quote Wayne Davison <[EMAIL PROTECTED]>,
# On Wed, 15 Nov 2000, Camilo Mesias wrote:
# > I think the point is, if you have a machine with unknown levels of
# > security, (the host machine), how can you make it more secure by adding
# > more software?
#
# You're missing an important step. The network adaptor that talks to the
# Internet must be ignored by the host machine and only used by the guest
# machine. At that point you have exactly the same isolation as using a
# separate physical machine because the Internet traffic has no means of
# access to any machine but the firewall (virtual) machine. To finish the
# setup, the virtual machine would also need to have a virtual network
# connection to the host machine, and the host machine would need to have
# its own network card to talk to the internal network.
Just because the host OS doesn't use the network card, doesn't mean that it's as good
as physical seperation. Also don't forget that the guest OS and the host OS share the
same memory(ie: they use the same chips/banks). Plex86 would have to be nearly
bullet-proof to make absolutely sure that nothing from the guest OS affects the host
OS. The amount of time spent doing that would cost thousands of dollars(if not more)
in man-hours, and it would be much cheaper just to buy a new box.
Besides which, as Kevin has said, plex86 isn't up to the task yet.
Dave
