| |||||||||||||
|
| |||||||||||||
VMware exec says Windows days are numbered (ComputerWorld)VMware exec says Windows days are numbered (ComputerWorld)Posted Aug 21, 2008 2:13 UTC (Thu) by Sutoka (guest, #43890)In reply to: VMware exec says Windows days are numbered (ComputerWorld) by dps Parent article: VMware exec says Windows days are numbered (ComputerWorld)
There are a few cases where I think VMs/Containers might be very useful on the desktop, primarily with web browsers. Web Browsers are *still* the main point of entry for most infections (not counting the silly ones where the user explicitly downloads, installs, and grants permission) on the desktop, so being able to restrict it as much as possible would greatly help security. If the Web Browser could be thrown inside a very restricted VM or Container you'd be able to greatly limit the impact of most browser exploits (I'm not gonna even think about the case where the user downloads, grants permission to, and runs 'EVILSCRIPT.SH' as thats a completely unrelated problem). If a small chunk of the browser was split off into a helper app that ran in the host system as the user wanting to browse the web (that'd simply be the process responsible for writing any data other than the cache/history/cookies, popping up the file dialogs and etc), that'd allow the user to keep (most) all the functionality while greatly reducing the attack vectors; you'd have to compromise the web browser, THEN either the helper app (which should be *much* easier to audit as the code should be far smaller), the kernel(+VM if not using a container), or Xorg (from what I hear, this'd be a *major* problem). At the very least it sounds interesting to me in theory, a similar approach could be taken for lots of desktop applications (like online games), and Containers sound like they'd be the best way to implement this although I have little experience with them (like can you put an application into a container with an EMPTY filesystem?).
(Log in to post comments)
VMware exec says Windows days are numbered (ComputerWorld) Posted Aug 21, 2008 5:24 UTC (Thu) by Duncan (guest, #6647) [Link] Actually, the concept of a VM browser appliance, it's own little machine, /without/ that helper you mentioned, seems pretty appealing to me. So it gets 0wn3d, so what? Let it run amok in the VM where it can't touch anything else, and where shutting down the browser shuts down the VM, which is reset to a mostly clean state on restarting it. Let the save dialog save in that sandbox, not anywhere out of it, and let the user access the stuff in that sandbox as they would stuff in a chroot from outside it. The user could then cp/mv a file to elsewhere on the the parts of the system they can write to, but the browser and anything (plugins, etc) running in the same VM would have access only to the filesystem and machine in the VM. One could even have a special VM supplied by their bank, that /only/ did banking, and was separate from all the other VMs. Online games and the like could work similarly. Mail? Same thing, it's own VM, limited to writing to its own VM managed filesystem sandbox. That one could have a browser in the VM as well, which would load when you clicked a link, but it too could only write in the common mail/browser sandbox, which would be separate from regular system browser sandbox. The user in the hypervisor could of course copy files and etc between sandboxes or out of the sandboxes into the hypervisor level, but the apps within the VMs couldn't access anything outside their VM. Of course this would play havoc with browser based system updates, since all they'd update would be their little VM, not the hypervisor, which would have to run its own updates, but that shouldn't be a problem. The hypervisor could in fact have its own little update VM (it's a net based update fetching service so it goes in a VM, not directly on the hypervisor), limited to that one special service, with the hypervisor then copying the updates out of it and applying them on the main system. Meanwhile, VMWare's still black-box proprietaryware, and as such, it's out of the question here, as of course are MS OSs in VM or out. KVM or xen, sure; they aren't proprietaryware. Duncan
VMware exec says Windows days are numbered (ComputerWorld) Posted Aug 21, 2008 9:14 UTC (Thu) by NAR (subscriber, #1313) [Link] Well, when I click on a link pointing to a .doc file, Opera opens OpenOffice for me, so the VM should have an OpenOffice too. And a PDF reader. And a media player. Anyway, I'm not sure how this would make anything more secure. I don't know if the browsers have any code that they automatically run on startup (think about Firefox extensions) - for the attacker it's enough to install such code and the host is owned, at least for the purposes of sending spam or trying to break into other hosts.
VMware exec says Windows days are numbered (ComputerWorld) Posted Aug 22, 2008 1:30 UTC (Fri) by Sutoka (guest, #43890) [Link] >Well, when I click on a link pointing to a .doc file, Opera >opens OpenOffice for me, so the VM should have an OpenOffice >too. And a PDF reader. And a media player. This is what I was thinking the helper app would be useful for, it could also mediate for the other applications (although if you wanted to EMBED them inside the browser that would take more work). >Anyway, I'm not sure how this would make anything more secure. >I don't know if the browsers have any code that they automatically >run on startup (think about Firefox extensions) - for the attacker >it's enough to install such code and the host is owned, at least >for the purposes of sending spam or trying to break into other hosts. You could use things like SELinux and firewalls (on the host and/or VM) to limit what the browser in the VM could do. You could have the host+vm drop all out going mail connections based on port, as well as dropping all incoming network connections. You could make the malware author's job a bit harder by having a high-level firewall (layer 7 firewall, was it called?) that'd drop non-http/https connections. None of this is meant to be The One Solution, but just yet another layer of security (security is all about layers, remember? :P). This wouldn't protect you against all issues, but it'd help minimize the impact as well as compartmentalize the damage.
VMware exec says Windows days are numbered (ComputerWorld) Posted Aug 22, 2008 10:00 UTC (Fri) by NAR (subscriber, #1313) [Link] This is what I was thinking the helper app would be useful for, it could also mediate for the other applications (although if you wanted to EMBED them inside the browser that would take more work).I don't really know how this helper application would work, but either it should be able to communicate out from the sandbox VM (e.g. to an already running OpenOffice instance), which is an obvious security threat, or there should be a complete OpenOffice, etc. installation inside the sandbox VM - in that case the synchronization of the preferences, etc. would be inconvinient. You could use things like SELinux and firewalls (on the host and/or VM) to limit what the browser in the VM could do. You don't really need a separate VM for that. You could have the host+vm drop all out going mail connections based on port The problem is that the user might want to send an e-mail from the VM (think about mailto: links). This setting would break this feature. as well as dropping all incoming network connections. On a typical desktop the host firewall drops these kind of connections anyway. just yet another layer of security (security is all about layers, remember? :P) On the other hand yet an other layer is yet an other piece of software that can contain bugs, can be misconfigured and annoys the users (think about the need to move files in and out of the VM). I think that given the integration of browsers into the desktops, we've passed the point when a browser could have been put into a sandbox.
VMware exec says Windows days are numbered (ComputerWorld) Posted Aug 22, 2008 1:49 UTC (Fri) by efexis (guest, #26355) [Link] "Meanwhile, VMWare's still black-box proprietaryware, and as such, it's out of the question here"Far from it, vmware already have an appliances download section on their website, and [at least] one of them is a browser vm; a small linux install which boots to browser you can run in vmware-player or -server (free downloads) on windows or linux.
VMware exec says Windows days are numbered (ComputerWorld) Posted Aug 22, 2008 15:08 UTC (Fri) by jhardin (guest, #3297) [Link] "Far from it"? How does the availability of open-source VM guest images refute the claim that VMWare itself is a proprietary black box? That's like claiming the availability of open-source Windows programs means Windows itself is not proprietary..."Meanwhile, VMWare's still black-box proprietaryware, and as such, it's out of the question here"Far from it, vmware already have an appliances download section on their website, and [at least] one of them is a browser vm; a small linux install which boots to browser you can run in vmware-player or -server (free downloads) on windows or linux. If VMWare is not a proprietary black box, then please post a URL where we can download the buildable sources for it.
VMware exec says Windows days are numbered (ComputerWorld) Posted Oct 14, 2008 2:38 UTC (Tue) by efexis (guest, #26355) [Link] How does the availability of open-source VM guest images refute the claim that VMWare itself is a proprietary black box?It doesn't, it refutes the claims that vmware being proprietary means things are "out of the question" for it, such as "Let it run amok in the VM where it can't touch anything else, and where shutting down the browser shuts down the VM, which is reset to a mostly clean state on restarting it". VMWare may be proprietary, but these things are possible with it.
|
|
||||||||||||