Q: How secure is virtual machine (VM) technology when VMs of different organizations or untrusted users are being hosted on the same host system? We’re considering contracting for a virtual server instead of dedicating a server for our Web site.
A: The answer to your question depends
partly on the VM software that’s used (e.g.,
Microsoft Virtual Server or VMware’s GSX or
ESX product). Recently, Microsoft released
security bulletin MS07-049 (www.microsoft.com/technet/
security/bulletin/MS07-049.mspx) regarding its Virtual PC and Virtual
Server products. The vulnerability addressed
by the bulletin lets administrators in one
guest VM gain administrator authority
on the host server. (For some reason, this
bulletin was rated as Important instead of
Critical, which I disagree with because security
architects rely on insulation between
guest VMs and the host.) Installing a security
update or upgrading to the most recent
versions of Virtual Server and Virtual PC fixes
the vulnerability.
However, guest VMs are generally very insulated from one another and can—from a security point of view—be treated the same as physical computers with the following caveat: You’re depending on the honesty and security practices of the administrators of the host system. For example, if the administrator of the host system fails to load patches to the VM software, guest VM administrators can exploit the unpatched host, break out of their VM, and gain administrator authority to the host system. Also, all guest VMs are vulnerable to rogue host administrators. Host administrators have the equivalent of physical access to the guest VMs, and according to the so-called immutable laws of computer security, anyone with physical access to a system can break into the system. Note that hackers are now building malware that can detect if the malware is running on a VM.
—Randy Franklin Smith