Security industry still doubtful about virtualization?

A critical topic about server virtualization, virtual machines isolation, has never been seriously investigated so far. This largely depends on the relatively small audience it has.
As soon as the technology will become integrated in every operating system, underground communities and worldwide security professionals will take much more attention. Usually when it’s too late to prevent damage.

Meanwhile ZDNet underline as some security firms like Sophos are very careful in trusting virtualization:

Paul Ducklin, head of technology for the Asia-Pacific region at Sophos, told ZDNet Asia that the security vendor takes a “somewhat neutral” stance toward virtualization.

Virtualization, Ducklin noted, can be very handy in analyzing or working with malicious code. But Sophos does not employ virtualization in its virus labs as it “can’t necessarily trust” that the host machine and virtual machine remain as separate and isolated components.

The Sydney-based Ducklin said “there have been bugs and problems” in virtualization programs that could allow malicious code to spillover from the virtual machine to the real machine–though, he admitted, these scenarios were rare…

Read the whole article at source.