| First, let me apologize for my erroneous cut-and-paste (leading to lots of repetition in my parent post). The real ending was: "congratulations to both you and Rod on this successful roll-out!"
Your understanding is exactly correct: a vmware "Linux" environment on LINUX is almost as safe as running Linux natively, whereas running a vmware "Linux" on WINDOWS is exposed to nearly all of the vast numbers of Windows vulnerabilities. (Only those IP ports which vmware and Linux have "taken over" are "immunized", e.g. you have an Apache Web Server instead of an IIS.) There is much higher safety with either vmware "Linux" on Linux, or Linux-native, even if there are lots of Windows XP machines on the local network. For example, I make way too large a portion of my income fixing Windows machines, although only about 1/3 of my Window System repairs are malware-related. My Linux machine (this desktop) has been, for many years, totally immune to anything these Windows Systems have attempted to infect it with after I plug them into my Router. They've never found a vulnerability in Apache or ProFTPd, and just about everything else is locked down, or simply immune to Windows-based attacks. (Remember, Windows XP simply can't be locked down adequately: it uses this horribly insecure RPC mechanism for communicating between different parts of Windows XP inside the box, and you can't tell the RPC Service to refuse communications from outside.) The same advantage I have would be true of any Linux Server in an environment full of Windows machines. Now, your vmware Virtual Environment adds another layer, but it mostly just "takes over" the Apache listener, the associated modules (PHP4, SSL, etc.) and the MySQL operations, rather than adding new things. In contrast, vmware running on Windows XP (or Windows Server 2003, which would be SLIGHTLY better) can EASILY have the rug pulled out from under it... because once your Windows box is "0wn3d", EVERYTHING running on it, and all of its files, are "owned". Although the network at work isn't Internet-connected, I suspect that you plug in the portable at home from time to time. So, it can become infected, and subsequently infect other Windows machines at work. BTW, if Internet is disabled, how do you keep those machines up-to-date on maintenance? (And, you do the billing on paper?) Speed should not become an issue unless you start composing your own Database Queries, scanning hundreds/thousands of longtext fields for specific words and phrases. And don't forget, both Linux and your Hard Disks do very helpful file caching to speed that up. If you ever see a speed issue developing, it's probably best to add memory first (allowing Linux to cache more aggressively), and only mess with the disk configuration later. Again(?!?!) my congratulations! |
