LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Microsoft starts supporting, er, Linux (Register)

Microsoft starts supporting, er, Linux (Register)

Posted Apr 4, 2006 10:05 UTC (Tue) by drag (subscriber, #31333)
In reply to: Microsoft starts supporting, er, Linux (Register) by MortFurd
Parent article: Microsoft starts supporting, er, Linux (Register)

"Given Windows' tendency to hang...."

Not only that, but with Xen the operating system operating in the DomU ring (that is the one having direct hardware access for items like disk formatting and such) has direct and unfettered access to not only the files on the server but to the consoles on the running system.

(for those reading this that don't know yet keep in mind that Xen operates in a similar fasion to the VMware ESX server stuff.. That Xen is the first thing to boot up on your computer and then it loads the domU kernel on top of itself.. which then launches the other VM enviroments)

Obviously if your running a insecure operating system as the domU item then all the operating systems running on the virtual machine are going to share that system's vunerabilities...

That is, say, your running Linux on domU and it has a apache version with a root exploit you could use that root exploit to help you take over a locked down OpenBSD system running in Dom0.

So obviously you want to have the absolutely most stripped down and locked down system imaginable for the domU stuff. Totally disable everything except maybe ssh access.. and even then you have to think very carefully about that. (It may be more smarter to connect the server to a central workstation via serial cable with a different login password then what that workstation may use)

And then given that you can access all the files, network, and such on all the hosted systems from the DomU system then it makes sense to exploit (as a administrator) that and use normally-difficult-to-deploy tools like IDS systems (snort), archive log files, tripwire, anti-virus/rootkit stuff on the domU system.

So obviously given Windows difficult nature with security and 'odd' or unusual configurations and the fact that these sort of security tools are easier to use and generally perform better on Linux shows that Windows is a poor system to deploy virtualised enviroments on compared to stuff like Linux or one of the BSDs.

So I can't realy think of a good reason why on earth one would want to deploy a windows-hosted vm enviroment when you have the options of things like Xen and Vmware.

(Log in to post comments)

Microsoft starts supporting, er, Linux (Register)

Posted Apr 4, 2006 13:57 UTC (Tue) by jonabbey (subscriber, #2736) [Link]

s/domU/dom0/g;

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds