Virtual machines in Linux may weaken security.

Article Title: virtual machines in Linux may weaken security. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

In terms of sales strategy, Microsoft never seems to be concerned about attacks against competitors. This time, in a report co-authored with another organization, Microsoft also pointed out that virtual machines may become the host of malware, especially for Linux systems.

Of course, once a virtual machine is infected with malware, the current security software cannot detect it. But we don't have to worry about it, because it is really difficult to become a reality.

According to the report, attackers can install a Virtual Machine (VM) program on the target computer. Then, attackers will install various malicious programs in these virtual machines, such as key record programs and Trojan horses, to steal information about the master operating system.

However, this attack requires attackers to modify the original kernel of the system, because the original kernel and the virtualization software themselves prohibit data exchange between different virtual machine systems at the beginning of the design. Furthermore, hackers need to break down the operating system kernel first, such as installing the keyboard record program before they can enter the Virtual Machine for further damage activities.

But it is not easy to get rid of the operating system kernel, at least not as easy as we think. Installing software on a Windows or Linux system requires the installer to have System Administrator privileges, which is not available to common computer operators.

Of course, through the well-known security vulnerabilities in Windows, hackers may modify the system kernel, but this seems a little superfluous. Since this system already has a vulnerability that allows you to access, why bother to install the key Record Program by modifying the kernel.

On the fourth page of this report, it is pointed out that to install malicious programs, hackers must first modify the kernel of the host operating system and then modify the monitoring software based on Windows virtual machines. As we know, the virtual machine Memory Manager (VMM) is a program used to manage computer hardware resources. When multiple virtual systems run on the host at the same time, it can manage disk, memory, and keyboard usage. The report shows that for Linux-based VMM, hackers do not need to make any changes, but the report does not specify the reason why this step can be omitted in the Linux system.

In addition, this report seems to ignore the fact that we are entering a hardware-supported virtualization environment. Both Intel and AMD processors can be used to identify a variety of Virtual Machine software running on the hardware. Therefore, the probability of attacks to virtual machines is negligible.

Despite a lot of bluffing components, this report is still readable. He provided some constructive comments and application methods on the virtual machine technology, which can help implement software troubleshooting and intrusion detection.

In addition, I think any content that can remind IT managers to pay attention to data security is of some value, although some content is alarmist.