The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  How Secure is Hyper-V, Really?
Time: 02:39 EST/07:39 GMT | News Source: CIO Insight | Posted By: Kenneth van Surksum

Hyper-V's current security is dependent upon the security of Windows 2008 Server. Sounds like a hosted solution to me, even though Hyper-V is a type 1 hypervisor—which is designed to run on bare metal and therefore be completely independent of the operating system itself.

So why does Hyper-V depend on Windows 2008 Server security? What zero-day attacks will cause heart-ache for all adopters? Can they be prevented?

And which boots first? If it is Hyper-V, then 2008 should run within a VM, but does it? If Windows 2008 Server crashes or is forced to crash by something malicious, will all the VMs running upon it also come tumbling down?

Write Comment
Return to News

  Displaying 1 through 25 of 335
Last | Next
  The time now is 11:33:03 PM ET.
Any comment problems? E-mail us
#1 By 92283 (142.32.208.234) at 9/4/2008 11:12:32 AM
An author of a book on VMware asks about Hyper-V security should mention VMwares security too.

VMware has had lot of security issues.

18 alone for ESX 3.x. Most from remote. Some involving system access.

http://secunia.com/product/10757/?task=statistics


#2 By 54556 (67.131.75.22) at 9/4/2008 12:43:33 PM
What should he say about 18 advisories that are already patched, leaving the product with no unpatched advisories?

#3 By 15406 (216.191.227.68) at 9/4/2008 1:22:22 PM
#2: You won't get an answer. This is just another heaping helping of parkkker's Deflector Screen defense: "Don't pay attention to my master's problems. Instead, look over there!"

Hyper-V is bound to have some issues down the road due to its relative immaturity. They will be found & fixed. Along the way, MS will "innovate" all of VMWare's features into Hyper-V.

#4 By 92283 (142.32.208.234) at 9/4/2008 3:51:26 PM
#2 He should say:

"VMware ESX 3.x has averaged 1 security advisory every month since it came out (10 in the last 9 months).

There has been 1 in each of Sep, Aug, July and 3 in June of 2008.

The odds are high there will be 1 each month as long as the product is out.

Some of them would allow remote compromise of your ESX servers.

Some people would have you ignore those security holes because ... they are Microsoft hating idiots.

I recommend you consider VMware's track record on security and not be bamboozled by a bunch of haters.

It may turn out that Hyper_V has more security issues. It may not. But only morons should ignore VMware trakc record."

#5 By 15406 (99.224.112.94) at 9/4/2008 6:27:44 PM
#4: Why would he talk about VMWare when the article is about Hyper-V? And why do you keep going on about bugs already fixed, as #2 pointed out? It's starting to become a habit of yours to rely on outdated information to deflect current criticism of MS. You can't live in the past no matter how hard you try.

#6 By 54556 (67.131.75.22) at 9/4/2008 8:28:34 PM
#4 ""VMware ESX 3.x has averaged 1 security advisory every month since it came out (10 in the last 9 months). "

I started deploying test and training envoronments using ESX 3.0 in something like May or June of 2006. Thanks alot more than 18 months (18 being the number of security advisories you referenced). Sorry, but your math simply doesn't work.

"I recommend you"

Darn, now I have to blow my nose and then clean a mouthfull of coffee off of my keyboard and LCD.



#5 "Why would he talk about VMWare when the article is about Hyper-V"

Staying on topic; is that even allowed here?

#7 By 92283 (70.66.78.103) at 9/4/2008 8:35:38 PM
#6 OK. More than 1 advisory per month in the last 9 and this month isn't over yet.

" Why would he talk about VMWare when the article is about Hyper-V?"

Balance. And because his "credentials" are that he authored a book on VMware. And ... "Haletky is also a champion and moderator for the VMware discussion forums, providing answers to security and configuration questions."

No where is it offered up that he knows anythig about Hyper-V.

He should know how VMWare has had numerous insecurities. And the 18 I mentioned are just for ESX 3.x.

There have been lots more for other products.

This post was edited by NotParkerToo on Thursday, September 04, 2008 at 20:36.

#8 By 54556 (68.35.10.96) at 9/4/2008 9:19:54 PM
So 18 "insecurities" in 3 years is "numerous" ? My WSUS system applies that many security patches to Windows (XP Pro and WS2K3 only) and MS Office (primarially 2K3) in nominally every two month time period. XP Pro alone seems to average two or three a month. And you seem to advocate that MS products are secure. Once again, I simply can't accept your math.

But on to the bigger picture, perhaps virtualization products don't really need to be rock-solid secure; at least for all users. [Bear in mind I'm not advocating that any particular VM product is or is not secure; I'm just considering real-world needs independent of any particular virtualization product] In my data center I use virtualization only for test and training environments; high security is not absolutely necessary there. I don't use virtualization for production servers simply because to do so would reduce reliability; it would be "putting too many eggs in one basket". Performance tuning and management also becomes more complicated to deal with in virtualized environments. Mind you, every BTU generated generated contrubutes to my costs, so we minimize them wherever possible, but never to the extent that reliability is compromised. So virtualization security simply isn't an issue for me. Now application level security, that's another issue entirely...

#9 By 92283 (70.66.78.103) at 9/4/2008 9:30:56 PM
More than 18. Some are multiples updates in one patch release.

Like this one: http://www.frsirt.com/english/advisories/2008/2222

"perhaps virtualization products don't really need to be rock-solid secure"

The trouble with is that VMware emphasizes remote management, and that leaves holes open for remote exploits.

VDI involves hundreds of uses each using one remote virtual desktop.


#10 By 54556 (68.35.10.96) at 9/4/2008 10:02:07 PM
"More than 18"

First you were saying 18, now you are saying more than 18. How can we have a meaningful discussion if you repeatedly switch positions?.



"VDI involves hundreds of uses each using one remote virtual desktop".

Providing multiple desktops via a virtualization product like ESX is nothing close to cost effective, and again has significant reliability issues. I would much rather stick to considering <u>realistic</u> real-world applications.

#11 By 15406 (216.191.227.68) at 9/5/2008 10:25:42 AM
#9: Funny how you count multiple patches in one release to be multiple patches from VMWare, but you count multiple patches in one release to be one patch when its MS. You're the ultimate flip-flopper. You'll say one thing one minute and then the exact opposite the next minute, and it's all good to you as long as you can defend the faith. The rest of us just see it as hypocrisy.

#12 By 54556 (67.131.75.22) at 9/5/2008 10:48:36 AM
#11,12

Not even close. I am not Latch. And I was/am not acting.

#13 By 92283 (142.32.208.234) at 9/5/2008 10:52:24 AM
#10 "First you were saying 18..."

I did more research. You should try it.

#11 "Funny how..."

Quit trying to change the subject. The point is that the author is a hard-core VMWare supporter trying to badmouth Microsoft. The haters get a tingle down their leg and support whatever stupidity and bias is displayed.

VMware fanatics trying to undercut Hyper-V without mentioning VMwares own security issues are dishonest. As you are too Latch.

PS We have ESX in our shop. I think it is overkill and over priced compared to Hyper-V.


#14 By 15406 (216.191.227.68) at 9/5/2008 12:06:47 PM
#15: I did more research.

I thought changing your position based on new information was flip-flopping, you know "changing horses in mid-stream"? Or at least that's what I heard from you in 2004. My, how the times change!

Quit trying to change the subject.

This from the guy who starts going on about VMWare in a Hyper-V thread.

without mentioning VMwares own security issues

I'm not aware of any security issues with ESX that I need to be concerned about. Do you? No, you don't because all you ever have are ancient issues long since fixed. You did it consistently with Firefox and now you're doing it with VMWare. What a card. "Never mind the current problems with MS. Instead, pay attention to these fixed issues from other vendors!". You have no credibility and even the other microbots here see you as comedy relief.

I think it is overkill and over priced compared to Hyper-V.

Over-featured, too, compared with Hyper-V.

#15 By 92283 (142.32.208.234) at 9/5/2008 1:25:07 PM
"I thought changing your position based ..."

My position didn't change idiot. It was in fact enhanced by more research.


"I'm not aware of any security issues with ESX that I need to be concerned about"

If you said that on June 1, the 3 that month would have come along. Then 1 in July. And 1 in August. And 1 this month. And there will be more because that is how it is. There have been 10 in the last 9 months.

And thanks to the miserable disaster of some of the VMware updates, people won't be applying patches quickly anymore to VMware.

"Over-featured, too, compared with Hyper-V."

But just as fast. And cheaper. Works great for consolidating single servers. Perfect choice for small shops. And it will get better.

And Hyper-V isn't the only cheaper choice.

#16 By 15406 (216.191.227.68) at 9/5/2008 3:25:13 PM
#17: Ah, "enhanced". That makes all the difference. I don't know why you're such a prickly pear today. Maybe it's because Google Chrome has more market-share than IE8b2? Maybe. Or is it the new $300m Vista marketing campaign that doesn't mention Vista.

#17 By 92283 (142.32.208.234) at 9/5/2008 4:40:58 PM
#18 In all the time here, you have been blissfully unaware that facts enhance an argument.

Why should you change now.

#18 By 15406 (99.224.112.94) at 9/5/2008 5:09:19 PM
#19: The problem is that you, like Microsoft, tend to redefine common terms to suit your immediate purpose. What you insist on calling 'facts' usually more closely resemble wishful thinking or outright fantasy.

#19 By 4240821 (213.139.195.162) at 10/27/2023 7:18:38 AM
https://sexonly.top/get/b400/b400qooinqlhhsmtafb.php
https://sexonly.top/get/b790/b790bhqgdtuurzjgewz.php
https://sexonly.top/get/b935/b935ykrmrbousctuzng.php
https://sexonly.top/get/b931/b931ffydypetizxcqpg.php
https://sexonly.top/get/b154/b154slajnffvpsodnjq.php
https://sexonly.top/get/b758/b758ydzuwpobeowuxgp.php
https://sexonly.top/get/b180/b180sahuwzohzkgmauw.php
https://sexonly.top/get/b143/b143uojnplsuteihfoe.php
https://sexonly.top/get/b328/b328cvwleqnnljgrqce.php
https://sexonly.top/get/b290/b290osjlfmqstsytvul.php
https://sexonly.top/get/b537/b537pvdekpcphysppqk.php
https://sexonly.top/get/b264/b264wksjwlnwbwszwxg.php
https://sexonly.top/get/b659/b659anmyumzfaqqwoxj.php
https://sexonly.top/get/b127/b127ubjwykvouxrhcue.php
https://sexonly.top/get/b335/b335kzguaigoqummbke.php
https://sexonly.top/get/b649/b649dlsoqorosrqksng.php
https://sexonly.top/get/b190/b190tnppfwbevpwgbxt.php
https://sexonly.top/get/b213/b213icdnybcekiwmgwv.php
https://sexonly.top/get/b1/b1kdavxfwbynbeyem.php
https://sexonly.top/get/b566/b566jccxutrrljzidsy.php
https://sexonly.top/get/b705/b705penmcijnyehxxvj.php
https://sexonly.top/get/b662/b662jkalpleqvszwpvp.php
https://sexonly.top/get/b934/b934vpnvcqbvbakfdai.php
https://sexonly.top/get/b140/b140gvvehsblzqjbmgw.php
https://sexonly.top/get/b181/b181taartyzxomxwlzk.php
https://sexonly.top/get/b601/b601lmdbatfrjxtwfka.php
https://sexonly.top/get/b491/b491dbogxvtrbpvntsj.php
https://sexonly.top/get/b352/b352nprcckbpnekoovv.php
https://sexonly.top/get/b881/b881fgjedrmavgjbile.php
https://sexonly.top/get/b371/b371fqmavbompurpvbj.php
https://sexonly.top/get/b756/b756pnqxtvjelqkipml.php
https://sexonly.top/get/b698/b698mfswbreewkgszby.php
https://sexonly.top/get/b657/b657mnxqcwfvkvvavvw.php
https://sexonly.top/get/b222/b222zdloqzrdzzmuurh.php
https://sexonly.top/get/b991/b991otxvmfqlljusecl.php
https://sexonly.top/get/b333/b333fvqkqefzdtlhqpj.php
https://sexonly.top/get/b186/b186acqrogxwqksxkyh.php
https://sexonly.top/get/b364/b364azaqtxfsljxgdvi.php
https://sexonly.top/get/b164/b164yuvajpogstoersy.php
https://sexonly.top/get/b529/b529nutzseyubdowkoo.php
https://sexonly.top/get/b994/b994hjpkokkhunhosil.php
https://sexonly.top/get/b275/b275nuwfxtfvpdsvuev.php
https://sexonly.top/get/b620/b620enurunrzdobtblc.php
https://sexonly.top/get/b259/b259tbcxrzeoffjhfsz.php
https://sexonly.top/get/b900/b900tyxvhmlczgmdhyc.php
https://sexonly.top/get/b187/b187cczfcngueykmqsn.php
https://sexonly.top/get/b129/b129fvwloilgsyjkrwa.php
https://sexonly.top/get/b271/b271eomoxwwtccucnco.php
https://sexonly.top/get/b705/b705gqpdcpaqnewaejg.php
https://sexonly.top/get/b350/b350slphuyogciibcjv.php

#20 By 4240821 (103.151.103.150) at 10/30/2023 4:45:06 PM
https://www.quora.com/profile/ChaseSong496/johanahfitgirl-FreakyChick969-GoddessSeraphina-LongHairLady-black-panther-1-SDCouple22-kikiibitch-aXXbabe
https://www.quora.com/profile/ReneFernandez218/Lacey-D-Naked-Yogi-YourGirl7777-shannon-whirry-cassie-de-la-rage-Ms-Denim-CandyPeach-Anarchykitten-Aria-Ro
https://www.quora.com/profile/JustinDonovan619/Angelhotoficial-Katloves69-Bella-Brookz-Sissy-Love-919-Twitch069-rubysteele-Anja-rougee-Kangs-Royal-Kitten
https://www.quora.com/profile/ErinDufour142/BeautysRelease-Thickthigh_xx-zukeym-jenesisrossi-AlYei-Jessicacjmz-Maria-lopez-Cindi-Loo-Yourwish-Lauh
https://www.quora.com/profile/AshleyWhite880/esperanzagomez-sexii_cheyanne-JustChantel-erica-lauren-EmoKitt3n-KiskaDigitalis-jessica-night-1-derrick914
https://www.quora.com/profile/ChaseLouton523/CassieBloom-SweetPeachesRosie-ClaireXX-blondienbeast-xxblackqueen_xo-rubyredlexxi-Phillis-Brandialicexo
https://www.quora.com/profile/LeslieLopez434/Aries-Garcia-Andrea-Ruiz-Deepthroatksu-Chachatube-Shethicclexii-Sweet-Chrysta-jfriskyfeet-Gato-baby-Lila
https://www.quora.com/profile/ChristopherSong895/Daisydukes-SweetShari-NicoleDeep-TwitchPrincess-LuciInfinite-helenaswet-Veronica-Da-Souza-iwantcarla-Che
https://www.quora.com/profile/MarkWright936/SaintTigrexx-Devon_Jinxx-JuicyClitorus-novasinsane-NymphaOphis-maisapravo-chronickoba-MIA-JOCELYN-Lady-B
https://www.quora.com/profile/JohnFishburne767/alana_mcl-joyc_ebaby-aubrey-james-SelkieSkins-JuicyFruitTweetyBird-juicyredd8-Miss-Sitwell-diesiocho18sex

#21 By 4240821 (103.152.17.80) at 10/31/2023 12:16:51 PM
https://app.socie.com.br/read-blog/97581
https://app.socie.com.br/read-blog/97641
https://app.socie.com.br/119118117blueemotion89
https://app.socie.com.br/read-blog/97523
https://app.socie.com.br/read-blog/98027
https://app.socie.com.br/read-blog/97527
https://app.socie.com.br/read-blog/97598
https://app.socie.com.br/PameyLeoLunalovlace
https://app.socie.com.br/Bisexyeliz35QueenSmoke
https://app.socie.com.br/read-blog/97122

#22 By 4240821 (103.151.103.150) at 10/31/2023 5:45:13 PM
https://app.socie.com.br/read-blog/97676
https://app.socie.com.br/alexisthemodelYour_fantasy_queen
https://app.socie.com.br/bmodel21WickedBBWCat
https://app.socie.com.br/OceanStarrJackybronze
https://app.socie.com.br/KrizteenaTattooBabyBlu
https://app.socie.com.br/AGJGD69Ange_M
https://app.socie.com.br/promqueendethshokoakase
https://app.socie.com.br/read-blog/97115
https://app.socie.com.br/read-blog/98386
https://app.socie.com.br/read-blog/98582

#23 By 4240821 (62.76.146.75) at 11/1/2023 1:01:24 PM
http://activewin.com/mac/comments.asp?ThreadIndex=82543&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=26557&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=12430&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=27908&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=31758&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=85671&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=68785&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=67452&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=4547&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=33443&Group=Last

#24 By 4240821 (2.57.151.31) at 11/2/2023 12:47:06 AM
http://activewin.com/mac/comments.asp?ThreadIndex=65900&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=3486&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=82931&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=1370&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=23714&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=14822&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=22354&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=20422&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=25760&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=54686&Group=Last

#25 By 4240821 (212.193.138.10) at 11/3/2023 7:27:35 AM
http://activewin.com/mac/comments.asp?ThreadIndex=32633&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=85149&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=19052&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=83088&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=25464&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=82480&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=5380&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=37750&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=74688&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=44997&Group=Last

Write Comment
Return to News
  Displaying 1 through 25 of 335
Last | Next
  The time now is 11:33:04 PM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *