February 27, 2006

Will Microsoft take the VMware bait ?

While listening to one of Mike poor's SANS security talk, he mentioned the problems with untrusted third-party applications. In this age of trojans, even a security expert like him takes precautions before he downloads and tests a new security tool. In fact, he said, that even uncompiled "source code" of trojans have hidden trojans waiting for an unsuspecting security researcher to try it out.

I don't download trojans everyday, but I do play around with tools which want to modify my registry. How many times have you yelled in frustration after finding out that the tool you've been trying to work with (and failed) for last 2 days doesn't uninstall anymore. I have a dozen or two interesting third party broken tools deployed somewhere on my computer which I haven't uninstalled yet.

VMware is in a perfect position to fix this problem. With Microsoft right behind them, they released something called the VMware player. Its basically a stripped down VMware product which can "play" Virtual machine images created by others. What makes it so interesting is that now I can download and run untrusted applications without thinking as much as I used to before. And all those uninstallable tools, which I never got to work, can be easily removed if they were shipped in a VMware image. Its almost like deleting a compressed archive with all the files in it except that in this case you don't have to worry about that tool messing with your operating system.

Coming from a unix admin background I have to tell you how much fun its is to install an unstable version of an opensource tool. Whats worse is that some of them have so many dependencies that by the time you get to use the tool, you would figure out that you broke something else. A perfect example for me was when I was playing with this great Network Monitoring tool called "opennms". If I were its maintainer, I would jump on the VMware bandwagon and release an opennms image ready to go for people like me who want to try it out without wasting time. And with oracle giving away its low-end database engine for free, this is the perfect way for some vendors to release their products preinstalled with oracle/linux inside a VMware image.

Now, Microsoft's Virtual PC is a very strong competitor. They came out from nowhere and literally forced VMware to give out its product for free. And though you might think VMware is on a loosing streak they have one of the best things going for them. The support from the linux/OS community.

The catch with VMware player is that one can't distribute an image of an OS for free if the OS itself costs money. So if you think you are going to get a demo of "Quicken 2006" installed on Windows XP platform, its probably not going to happen soon. But if you want to try out "Squid" proxy server running on Linux, you can have it for free. In fact Community Virtual application page at VMware site lists quite a few applications running on open source OS like Linux and Free BSD.

When pkzip/winzip started gaining popularity Microsoft started building compressed folders right into their OS. When Realplayer started gaining popularity they built the Media player. The IE browser, Internet firewall, MSN Toolbar are all part of Microsoft's effort of killing the competition. (They of course deny it.) So if VMware player gains popularity how will Microsoft compete ? Will they change their licensing policy for distributing Microsoft OS inside a VM image ?

Or worse, will Microsoft, officially, (an openly) claim that Linux runs on Virtual PC ?
Other interesting links on VMware

2 comments:

Jose Ruelas said...

One interesting question. If you create a Windows Virtual Machine (lets say Windows XP), and at the end of all your installation and configuration, you run sysprep (to reset the name, license, and so on). Are you really breaking the law if you distribute a Virtual Machine this way?

Best regards

Jose R.

Royans said...

Interesting question. I don't know the answer to that. If someone else knows please leave a reply.

I always thought that making copies for distribution was always illegal. Also as I said in the article, I think microsoft might think of new ways to sell licenses for Virtual instances.