Evaluating How Secure Guest VMs Are on a Host System

Q: How secure is virtual machine (VM) technology when VMs of different organizations or untrusted users are being hosted on the same host system? We're considering contracting for a virtual server instead of dedicating a server for our Web site.

A: The answer to your question depends partly on the VM software that's used, such as Microsoft Virtual Server or VMware's GSX or ESX product. Recently, Microsoft released security bulletin MS07-049 (http://www.microsoft.com/technet/security/bulletin/MS07-049.mspx) regarding its Virtual PC and Virtual Server products. The vulnerability addressed by the bulletin let administrators in one guest VM gain administrator authority on the host server. (For some reason, this bulletin was rated as Important instead of Critical, which I disagree with because security architects rely on insulation between guest VMs and the host.) Installing a security update or upgrading to the most recent versions of Virtual Server and Virtual PC fixes the vulnerability.

However, guest VMs are generally very insulated from one another and can—from a security point of view—be treated the same as physical computers with the following caveat: You're depending on the honesty and security practices of the administrators of the host system. For example, if the administrator of the host system fails to load patches to the VM software, guest VM administrators can exploit the unpatched host, break out of their VM, and gain administrator authority to the host system. Also, all guest VMs are vulnerable to rogue host administrators. Host administrators have the equivalent of physical access to the guest VMs, and according to the so-called immutable laws of computer security, anyone with physical access to a system can break into the system. Note that hackers are now building malware that can detect if it’s running on a VM.

For more insight into VM protection, see "15 Tips for VMware Security" (http://www.securityprovip.com/articles/articleid/97424/97424.html).