Andy Elvey wrote:
> I have a query re Xen and security. If I''m using the
''net (browsing,
> email) while I''m running a Xen-enabled kernel, does that make it
more
> difficult for the bad guys out there to pop a rootkit or virus onto my
> PC? I tend to envision Xen as making everything "virtual", so
that if
> they did try to rootkit my PC, they couldn''t actually _install_ it
> onto my system, (as I''m running a "virtual environment"
).
> So, if I understand correctly, any "damage" that they try to do
is
> *totally* limited to the session I''m running, and when I next fire
up
> my PC, all will be well.
Practically speaking, Xen doesn''t really do what you describe. Xen is
not a silver bullet when it comes to security. It''s all about how you
use it. For the scenario you describe, your as safe in Xen as you would
be in Linux (it all depends on what you run as root in Linux and what
you run in dom0 in Xen).
What Xen allows you to do, from a security perspective, that something
like Linux doesn''t really is to run two virtual machines and have them
be isolated from themselves. Even if you used multiple users in Linux,
you''re sharing a considerable amount of resources between the two users
which makes total isolation difficult. Isolation in Xen is much easier
because there''s almost no shared resources.
When it comes from protecting you from external attackers, Xen is no
different than Linux. An admitted simplification but I think you get
the idea.
Regards,
Anthony Liguori
> Is my description pretty much accurate? Very many thanks in advance
> for your replies!
> Bye for now -
> - Andy
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users