Virtualization Is Rootkitting

This page should possibly be titled RootkittingIsVirtualization, but due to WikiLanguageCannotExpressReflexiveRelations, a choice had to be made, which has an unwanted effect on the provocation potential of this page.

Eh? You should use VirtualizationIsTheNewRootkitting. ^_^

The discussion about the possibility of virtualization rootkits has brought the idea to security researcher mainstream, but from the pattern point of view, it extends a lot farther. When analyzing the pattern, it must be realized that virtualization and rootkitting technically describe the same thing: creating a layer between execution environment and applications that ideally doesn't make any difference to the applications when compared to operating without the layer. This situation poses additional questions about ethical considerations on developing those technologies and technical considerations on sharing knowledge between both areas.


Virtualization is not the brightest idea anyway. It ends up with a poor version of one OS handling many applications, which is exactly what it was created to avoid. Said another way, it is like a MicroKernel, but with a worse performance hit. I would much rather have the kernel provide separate process spaces in some way (bsd jail is very good in that respect) or even not mess with separating the applications at all.

Applications hove to be designed to run in a separate process space as soon as this situation is visible by the applications. Virtualization was invented to allow stock software to be ran in a similar manner.

The performance issue is a topic of its own. These days, there is some effort to create hardware which nearly eliminates the performance impact of virtualization.

I just love when people write slanders about MicroKernels, when they themselves use an operating system which implements a wide variety of services in a typical client/server model. OK, maybe disk, video, and networking is kept resident in kernel space, but as a general rule, even on Windows, most software to get things done exists as user-level processes which expose a very microkernel-y interface. X11, anything at all COM, DCOM, or CORBA based, etc. Someone really needs to tell the pot to stop harassing the kettle. -- SamuelFalvo?


See:MetaSignal


EditText of this page (last edited February 11, 2011) or FindPage with title or text search