News
With Determina, VMware Drops Fortress Mentality
VMware says it has received a bad rap when it comes to security. It hopes to use its Determina acquisition to turn that image around.
By Robert McMillan, IDG News Service (San Francisco Bureau)
Still, there have been some high-profile bugs found in the software. In April 2007, Liston demonstrated an attack on VMware Workstation that allowed him to run unauthorized software on a VMware system. And in February of this year, Core Security reported a similar flaw, also in VMware's desktop software.
Mulchandani says that these disclosures have further confused users, who wrongly assume that the bugs also affect the company's widely used data center product, called ESX.
ESX, he says, has a completely different architecture from the VMware Player, Workstation and Server products that have been hacked by security researchers. These products have many experimental features that may never get included in ESX, he said.
IntelGuardians' Liston says the fact that a major flaw has not been found in ESX does not prove it is immune to bugs. "I would be willing to bet my paycheck that at some point in time, somebody's going to be able to find one of them," he said.
But the most intriguing part of the VMware security question may not relate to bugs at all. Nearly a year after the Determina acquisition, customers are still waiting to see what the company plans to do with its software, which scans the memory of Windows machines to block certain types of attack.
Mulchandani declined to comment on his company's product plans, except to say that his team is integrating the Determina software into the VMware platform.
But others say there is an obvious next step.
Because VMware ESX is already widely used in the data center to host Windows, it would be natural for the company to start selling a version of VMware that would secure Windows by default, according Thomas Ptacek, a principal with Matasano Security.
Liston agrees that Determina may help VMware stay one step ahead of Microsoft, which is readying its own virtualization software.
"VMware is on a mission to tighten up their virtual infrastructure and to provide some things that they couldn't have provided before," Liston said. "They really sit in the perfect spot to do that kind of overall machine monitoring."
Other stories by Robert McMillan
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Discover whether hosting is your smartest choice for enterprise messaging.
To host or not to host? Thats the question for many CIOs as the volume and complexity of enterprise messaging continues to skyrocket.
- Moving Past Enterprise Single Sign-On (SSO): Securing Internet SSO
- Enterprise Management Associates: Taking the Botnet Threat Seriously
- Understanding Data Location is Imperative for Data Loss Prevention
- Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
- 5 Strategies for Reducing the High Cost of Online Consumer Authentication
- Guide: 5 Steps to Secure Outsourced Application Development
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
