Gallery

The spam is out, but the viruses are in

Posted on 3 Mar 2009 at 17:50

This month, Steve Cassidy offers his take on spam, and finds that version 2 of VMware doesn't live up to first appearances.

Don't get me wrong, I'm sure this is a rich field of competitive development, and that they're all toiling away with our best interests at heart. My objection is that this battlefield is not the place to be trying to use a core tool for your server functions. I don't want to discover that the embedded ActiveX or EJB, or whatever-the-hell-else-it-is, which solicits for my domain administrator's username and password as part of accessing VMware Server has fallen foul of somebody's Daily Horoscope Toolbar (and keylogger), simply because it seemed like a good idea to roll the product out in a state that requires a lower-security browsing environment.

I agree with all of you in the tattered "A-Team" T-shirts, you big-time corporate beardies who are smart enough that you don't have to wear suits to work, and who specialise in architecting secure networks. VMware Server is a backbone application, and there should be no penalty for running its browser controls in "unsafe" ways because it should never be found in "unsafe" places, only inside your server room. Every new package makes us jump through a few more hoops, and often it seems as though the more useful the package the bigger and more numerous the hoops. But this is a small networks column, and I'm dealing with how VMware Server will be handled by smaller businesses that are imperfect places. It's trivially easy to book yourself a security audit run by external consultants who'd hang you out to dry for lowering the security level in your server or ops-room internet browsers.

Basically, VMware Server 2 is released as a free trial. But having to fiddle around in Browser Hell doesn't make for a good introductory demo experience.