So, what security risks does this introduce? The biggest risk is trusting the virtual machines too much and believing...
they are completely isolated from each other (they are not). Virtual machines share an infrastructure, including network connections, parts of the hard drive, some memory and so forth. Also, don't believe a virtual machine is a firewall. Firewalls are firewalls. Our company is currently researching the potential risks of virtual machines. Our biggest concern is that a bad guy may learn how to escape a virtual machine, jumping from one guest into another guest or into the underlying host operating system. This would be bad, and would dispel many security assumptions. However, there are currently no publicly available virtual machine escape tools that let attackers jump from guest to host.
But because of this possibility, you should carefully harden and use security tools (antivirus, antispyware, and personal firewalls) on all of your systems, both real and virtual. Maintain their security and don't implicitly trust the isolation of your virtual environment. While it is possible that we'll never see a public virtual machine escape program, creating such a thing is non-trivial (believe me, I know!). However, because of the risk, don't let your guard down. Carefully protect your virtual machines just as you do your real ones.
Related Q&A from Ed Skoudis
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.