[Dshield] VMware

Neil Richardson neilr at ieee.org
Fri Oct 14 04:54:00 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
on 10/12/2005 12:33 PM David Taylor said the following:

> I use VMWare 5 as well and love it. As others have stated I
> haven't seen any direct guest to host problems.

- ----->8 ===== [ snip, snip, snip ] ===== 8< -----

> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Semper Securus
>
>
> I also use VMWare 5 WS quite a bit and have had no issues with any
> guest to host contamination. A couple of items for consideration:

- ----->8 ===== [ snip, snip, snip ] ===== 8< -----

First, although I'm not the original poster I want to thank you guys
for the good advice; I'm looking into using virtual PC software for
parallel reasons (a sandbox to learn security, although in my case for
VPNs and remote access).

One question, though:  In a recent issue of PC Magazine, they made the
following comments[1] :

> With host OS, VMM, and guest OS instances all running in ring 0,
> heroic (and slightly dicey) software techniques must be used to
> keep each guest OS isolated from the host and the other guests. (
> ... ) This can be messy?and potentially insecure against malware.
> The current state of the /x/86 architecture doesn't allow for
> "clean" virtualization of software operating at ring 0.
>
This brought me to a screeching halt.  Are there known
problems/exploits with the sandbox breaking and the host PC being
compromised?  Or is this just warning against
theoretically-possible-but-unlikely-in-practice dangers and
attacks...a magazine equivelent of the  EULA that says "We don't
promise that this will work" ?

[1] Tiny-URL: http://tinyurl.com/c2hxv
Unencoded URL: http://www.pcmag.com/article2/0,1895,1854448,00.asp


Thanks again for all the enlightenment!

- -Neil R.
- --
Supreme Lord High Commander and Keeper of the Holy Potato
- ----------
PGP Fingerprint: A663 1ACB 84E6 F4DE B86E  0AA1 7A36 F817 E098 F32E
- ----------
It really bothers me when people cut me o
 
 
 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFDTznnejb4F+CY8y4RAnQ8AJ43Spcgbtp4l3w+Rc9JjXdZnng3vQCfaQRN
JSPVmhVwBdEdKLEqcNvFfMY=
=vNRs
-----END PGP SIGNATURE-----




More information about the list mailing list