On 2007 Oct 23, at 5:57 PM, adam.getchell@gmail.com wrote:

 > Virtualization seems to have a lot of security benefits.

``Seems'' is the key word, here.

On hardware like an IBM mainframe that can acutally support what's
necessary for  secure virtual machines, sure. On  x86? Well, it'll
keep your kid sister out....

Virtualization is  wonderful for simultaneously  running different
operating  systems on  the same  (beefy) computer,  especially for
development or testing purposes. If  you occassionally need to run
something on  an operating system  other than your  preferred one,
it's great -- saves you the extra hardware or the reboot, lets you
do snapshots, etc.

For  Windows,  it's  also  wonderful. You  basically  have  to  be
nuts  to  have  a  single  Windows server*  doing  more  than  one
thing, but virtualization  lets you do exactly  that with relative
impunity. It's like splinting a broken  leg and giving a huge shot
of  painkillers to  the victim  -- you'd  never know  the leg  was
broken.

But that's about it. I suppose running Windows virtual machines on
a real OpenBSD  machine might ``have a lot  of security benefits''
in some perverted sense of the words,  but it's not like the VM is
magically going  to protect the virtual  machines or anything. And
if  the Windows  virtual machines  can still  talk to  the outside
world  or to  each other  (via simulated  network interfaces,  for
example), even those ``security benefits'' won't mean much.

Cheers,

b&

* Yes, the full stop here is appropriate.

[demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]