>>What you're saying, appears to be:
quoted text
>>
>>1)  3 applications in one OS - less secure.
>>2)  3 applications in 3 physical servers - more secure
>>3)  3 applications in 3 virtual servers each running one OS - in
>>between #1 and #2 for security
>
>Yes, indeed!
>
>>What the others are telling you is that you are wrong.  While there is
>>a continuum, is it closer to #1 or #2?  I believe it is closer to #1.
>>This is because, nobody has done an independent security audit of the
>>VMWare ESX platform.  When we say something is more secure, we can
>>show it in 2 ways - a track history, like openbsd, or some 3rd party
>>verification, fips, orange book, certification, whatever.  ESX's
>>recent history is extremely damaging.  Again, go look up all the
>>advisories.  Taking over a guest allows taking over a host?!?!?!
>>Where is your "separation" again?!
>
>The fact that #3 is more secure than #1 is the original hypothesis, at
>least from an 'application domain' standpoint. Others diverted the
>discussion to #2 which, while I assumed everyone would already accept this
>as fact, still proved an excellent discussion.
>

The reason that people are going to #2 is that, if you are concerned about
security, that is the optimal way of setting things up.  One box, one
task.  That is true "separation".  In this light, the question of if #3 is
more secure than #1 is truely a moot point.  BUT....  To argue that a
VM running a service is more secure than a system running that same service
is rather weak... if the service can be exploited, it can be exploited.
Be it on a (#1) single server also running other stuff or a (#3) VM guest.
Give me root access to a box (from an exploit or an account, don't matter)
and I can crash the bitch.  VM... no VM...  No matter.  If I can crash
one guest, there is a whole lot of code to support that guest that may or
may not behave well. If Theo et al say that the separation that you get
from virtualization isn't all it's cracked up to be, then quite frankly
the brain trust of these people is pretty massive and they don't tend
towards just spewing crap for no reason and the fact that you are arguing
about it doesn't make you look all that smart.  Nothing is perfect,
everything fails, everything eventually crumbles.

Let me quote you directly:

quoted text
>L. V. Lammert:
>Virtualization provides near absolute security - DOM0 is not visible to
>the user at all, only passing network traffic and handling kernel calls.
>The security comes about in that each DOMU is totally isolated from the
>the others, while the core DOM0 is isolated from any attacks.

near absolute security?

wow...  strong words...  I think I'll switch today!  I don't think anyone
would say those words about even OpenBSD.  Thats why we watch for patches
like demented hawks.  That's why we have IDS systems on our networks, and
comb through our logs looking for suspicious stuff.

You sir are selling virtual snake oil.  Or at least marketing it pretty
hard.  Feel free to buy in to your own delusion, but don't ask me to.
(funny, I say the same thing to certian religous types...)

s