Q: How secure is virtual machine
(VM) technology when VMs
of different organizations or
untrusted users are being hosted
on the same host system? We’re
considering contracting for a
virtual server instead of dedicating
a server for our Web site.
A: The answer to your question depends
partly on the VM software that’s used (e.g.,
Microsoft Virtual Server or VMware’s GSX or
ESX product). Recently, Microsoft released
security bulletin MS07-049 (www.microsoft.com/technet/
security/bulletin/MS07-049.mspx) regarding its Virtual PC and Virtual
Server products. The vulnerability addressed
by the bulletin lets administrators in one
guest VM gain administrator authority
on the host server. (For some reason, this
bulletin was rated as Important instead of
Critical, which I disagree with because security
architects rely on insulation between
guest VMs and the host.) Installing a security
update or upgrading to the most recent
versions of Virtual Server and Virtual PC fixes
the vulnerability.
However, guest VMs are generally
very insulated from one another
and can—from a security point of
view—be treated the same as physical
computers with the following caveat:
You’re depending on the honesty and
security practices of the administrators
of the host system. For example, if the
administrator of the host system fails
to load patches to the VM software,
guest VM administrators can exploit
the unpatched host, break out of their
VM, and gain administrator authority to
the host system. Also, all guest VMs are
vulnerable to rogue host administrators.
Host administrators have the equivalent
of physical access to the guest VMs, and
according to the so-called immutable
laws of computer security, anyone with
physical access to a system can break
into the system. Note that hackers are
now building malware that can detect if
the malware is running on a VM.
—Randy Franklin Smith