VMware moves to plug security holes

VMware, the virtualisation vendor, this morning announced the introduction of a new security technology called VMware VMsafe, designed to protect applications running in virtual machines.

Dr. Mendel Rosenblum, VMware chief scientist unveiled the new technology at the vendor's first European user conference, VMworld Europe, saying it was capable of protecting software running in the data centre in ways previously not possible in physical environments.

"It's a better model for protection engines to sit within the virtual infrastructure because here we can see into the memory, CPU, disk and I/O systems," he said. "That is why we have published APIs [application programming interfaces] to encourage the security industry to develop products to sit on top of the virtual environment."

He added that the VMsafe APIs could allow vendors to develop advanced security products that combat the latest generation of malware, by enabling integration at the VMware hypervisor layer and providing the transparency to detect, prevent or eliminate threats and attacks such as viruses, trojans and keyloggers from ever reaching a virtual machine.

The company said 20 security vendors have already signed up to the VMsafe technology and are building products to enhance the security of virtual machines.

One such vendor is McAfee, whose chief technology officer and executive vice president of product development and research, Christopher Bolin, endorsed the VMsafe strategy presented by Rosenblum.

He said: "Virtual machines remain just as vulnerable today as the software running in traditional data centre environments. That's why we've been working with VMware these last months to develop VMsafe and make sure its open to other security vendors."

A case in point was demonstrated earlier this week when US security vendor Core Security Technologies highlighted an unpatched flaw it said it had discovered in VMware's virtualisation software. It said the fact that VMware has no way of properly validating PathNames to its shared folders feature could potentially allow an attacker to create or modify executable on the host operating system using a custom-coded PathName.

A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.

Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.