View Single Post
  #9   (View Single Post)  
Old 26th November 2008
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102

Originally Posted by tingo View Post
Well, you are free to do some research and post any definite findings that indicate the this virtualization product (or any other virtualization product on the Intel PC platform) is less secure than running on a physical server. After all, vmware have been running for a few years now. And the Hypervisor concept and first implementation is now ancient. :-)
This is my last post on the topic as I do not want to get into any kind of flame wars. People will do what
they want to do no matter what. If you want to run firewalls on the top of WM it is your choice.
It might be a good choice if you wan balance your desired level of security and cost of deployment.
A real good solution might be cost prohibitive.

Now back to my answer.
Let me para-phrase Theo De Raadt:"Running your crap on the top of somebody else crap is not going to make your crap any better". Any peace of code (even couple lines) is prone to bugs. Adding another layer between
your crappy OS (yes even OpenBSD is crap as well just far less than other Operating System) and a crappy PC machine (if nothing else sparc64 is at least less prone to buffer overflow) is not going to make you safer.

If OpenBSD which is debugged for more than 10 years now still have bugs
I can just imagine WMWare. When OpenBSD was firstly ported to Motorola 88000 new bugs were discovered on weekly basis. Some of them
were in BSD Unix for more than 20 years. I am sure WMware team have ported WMware on 10 different processor architectures like OpenBSD just to find the bugs. So how long did you run WMware on Motorola 68000 or 88 000 processors. How long have you run it on SGI Mips architecture?
Does it run flawlessly?

Last edited by Oko; 26th November 2008 at 10:45 PM.
Reply With Quote