VMware researcher Oded Horovitz got an earful when he told a group of security buffs his company's virtualization software was theoretically impenetrable. Speaking at the CanSecWest conference in Vancouver, his hour-long presentation, titled Virtually Secure, included a slide titled "VM Escape" that carried the following bullet …
"Though impossible by design..."
"Though impossible by design, the hypervisor can still have implementation vulnerabilities."
How true of so much software. Remember, NT4 is can be configured to pass C2 security compliance. While the "design" may be "perfect," theory usually is. The reality is that it's left to developers to implement these theories. Any software is only as secure is its least skilled developer.
Words to the Wise
Nothing is impossible in the Virtualised Field...... although some things will have no valid future prospects if they abuse the Field...... which will identify ITs Abusers/Crass Users. It is just the Semantic Nature of the Medium which makes it so.
And that Offers .......... well, Infinite Possibilities limited only by Poor Imagination.
Suck IT and See. Wanna do something Really Imaginative and BetaTest IT? :-)
design and small print
Although Monsieur Guilmette is correct is pointing out that NT4 had C2 certification, it came with small print. It excluded hosts with network connectivity and a few other things (I seem to recall a problem with the default bootloader). With the small print, it made the certification pretty worthless.
The greatest problem occurs between the design and implementation. Almost all security issues and faults occur due to poor implementation.
So while not ignoring the need for good design and proving the security of the design, the implementation needs to be controlled also - not using C would be good start.
software is only ever completely perfect, secure and stable in one place: marketing literature.
anything created by humans has flaws, because humans can not imagine every possible use case, over an indefinite period of time (easy example: the creators of SMTP failed to design for spam). if one starts with that assumption, a VM is just another target to compromise. just like antivirus/security apps, a virtualized environment can provide a more effective way to hide malware.
the bullet point was likely (hopefully) produced by the marketing department, because if their engineering team came up with that clanger, they need to hire some less optimistic code jockeys, soonest.
VMsafe to prove that they are dead serious about security
and yes, it's not only VMware alone developing this in a quiet chamber - it's being co-developed and audited by anything that holds a name in the security sector.