[hga]

Eh, I think you're being overly harsh. He expresses strong disdain for the whole concept on the x86 platform, and it's not unreasonable to extrapolate that to a "this is such a bad idea, so dangerous that we won't supply such an inherently broken thing".

[nickpsecurity]

It's perfectly reasonable to extrapolate his views against virtualization to a general case given these two lines:

"x86 virtualization is about basically placing another nearly full kernel, full of new bugs"

"You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes."

He clearly hates x86 more than most but his point applies in general. He's not the only one whose made it and there's truth in it. It's why high assurance virtualization... well.. applied high assurance to those parts haha. Also, why attempts at robust, resource virtualization typically pushed as much complexity out of the hypervisor as possible upward to the OS's that were on less privileged rings or capability-isolated depending on which system.

However, I said then he was wrong because the hypervisor and even VMM functions are less complex than a whole OS. The past examples showed they can be implemented very simply. We got further confirmation with the NOVA microhypervisor, OKL4 platform, separation VMM's (eg LynxSecure), and so on. People are still finding kernel flaws in the UNIX-like OS's due to architecture, language used, and intrinsic complexity. Many less problems in aforementioned software.

[tedunangst]

Selective reading, as in not even reading an email later in the same thread:

http://marc.info/?l=openbsd-misc&m=119324926326885&w=2

> If people were saying: "Yes, it increased hardware utilization, and the nasty security impact might be low" it would be fine.

[nickpsecurity]

The selective reading might be on you although I'm thinking it's how it's worded rather than readers' fault. Anyone reading your link would catch this line:

"But instead we have many uneducated people saying: 'Yes, it increased hardware utilization, and it improved security too'. And that's complete and utter bullshit."

Whereas, as I referenced, many VMM systems did increase security via isolation with something simpler than the arbitrary OS and monolithic software contained. Lowest TCB I saw with minimum necessary features was in 50-100KB range. What's OpenBSD's + VMM's TCB size, again? :P

Taking 2nd link into account, it still has that thing about it claiming virtualization can't improve security posture, prevention or recovery. That was repeatedly proven false in academic and production systems with some surviving pentests by pro's that regularly tore through UNIX OS's and commercial fodder. So, his statement against security potential of virtualization is "complete and utter bullshit."

Note: As with other link, it becomes true if one is talking about common offerings, esp on x86.