VM Security Debate
Comments debate the security isolation provided by virtual machines, questioning their effectiveness against host OS compromises, VM escapes, hypervisor vulnerabilities, and side-channel attacks.
Activity Over Time
Top Contributors
Keywords
Sample Comments
Host OS being compromised is one thing. Hardware compromised? VM won't help you
Does this solve a real problem? Such as, hardware owner leaking stuff from VMs was an issue?
Beware that VMs are not necessarily secure. They can be escaped!
That works on bare metal you control. If you rent something with VM / hypervisor the mitigations are important to protect from other VMs on the machine.
I'm not sure I get this - are you saying that you are more at risk due to the VM host layer?
VMs still provide better isolation and security, or is that no longer true?
The VM is easily vulnerable to the host OS, so running in a VM only protects the activities you do in the VM in the sense that the software pwning the host might not be looking for it. So not really.
Counts what you are afraid against. There's always some side channel attack that could possibly used to gain information, even on VM's this is true. Off the top of my head there could be some timing attack to gain information on which libraries others are using by reading in libraries and seeing if they are warm in the buffer cache, counts if you care about sharing the same kernel. I generally find them secure enough considering how fast they can be brought up and down.
How does a VM not break privacy barriers?
Wouldn't a vm help with security?