Sunday, October 21, 2007
A different kind of Zombie Server lurks ahead.
I'm not sure how I missed this, but I have finally realized that server virtualization
is going to be a security nightmare, creating a class of zombie servers that will be hard to kill. Now that it is fairly easy to get old software off of old hardware and onto modern, reliable hardware we may (will) end up with vast fleets of obsolete software living well beyond its normal life. The pain of hardware upgrades is often a driving factor in forcing software upgrades; "do it once, and do it right" may be out the window with simplified hardware upgrades. We can keep the old (obsolete, unpatched, and insecure) software running indefinitely, occasionally providing it with a fresh body to inhabit. Virtualization will become a form of life-support, creating vast armies of undead servers.
As insecure as they will be, thanks to the wonders of virtualization-enhanced Disaster Recovery, these zombies will be hard to kill, too- they'll just keep coming back to life.
Far-fetched? Wait 'till the bean counters figure out that they can force software to live longer (and perform better) by simply doing sporadic hardware refreshes.