On 2007 Oct 23, at 5:57 PM, adam.getchell@gmail.com wrote:
 > Virtualization seems to have a lot of security benefits.
``Seems'' is the key word, here.
On hardware like an IBM mainframe that can acutally support what's

necessary for  secure virtual machines, sure. On  x86? Well, it'll

keep your kid sister out....
Virtualization is  wonderful for simultaneously  running different

operating  systems on  the same  (beefy) computer,  especially for

development or testing purposes. If  you occassionally need to run

something on  an operating system  other than your  preferred one,

it's great -- saves you the extra hardware or the reboot, lets you

do snapshots, etc.
For  Windows,  it's  also  wonderful. You  basically  have  to  be

nuts  to  have  a  single  Windows server*  doing  more  than  one

thing, but virtualization  lets you do exactly  that with relative

impunity. It's like splinting a broken  leg and giving a huge shot

of  painkillers to  the victim  -- you'd  never know  the leg  was

broken.
But that's about it. I suppose running Windows virtual machines on

a real OpenBSD  machine might ``have a lot  of security benefits''

in some perverted sense of the words,  but it's not like the VM is

magically going  to protect the virtual  machines or anything. And

if  the Windows  virtual machines  can still  talk to  the outside

world  or to  each other  (via simulated  network interfaces,  for

example), even those ``security benefits'' won't mean much.
Cheers,
b&
* Yes, the full stop here is appropriate.
[demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]