Manipulations (VENOM) was able to breach numerous VM products
               that employed a compromised open-source virtual floppy disc driver

               to allow malicious code to jump between VMs and even access the
               host.

               VM escaping can be a serious problem, but steps can be implemented
               to minimize the risk. First, keep highly sensitive systems and data on
               separate physical machines. An organization should already be
               concerned about overconsolidation resulting in a single point of

               failure, so running numerous hardware servers so each supports a
               handful of guest OSs helps with this risk. Keeping enough physical
               servers on hand to maintain physical isolation between highly
               sensitive guest OSs will further protect against VM escaping. Second,
               keep all hypervisor software current with vendor-released patches
               (especially with updates related to VM escaping vulnerabilities). Third,
               monitor attack, exposure, and abuse indexes for new threats to your
               environment.


               Virtualization is used for a wide variety of new architectures and
               system design solutions. Cloud computing is ultimately a form of
               virtualization (see Chapter 9, “Security Vulnerabilities, Threats, and
               Countermeasures,” for more on cloud computing). Locally (or at least
               within an organization’s private infrastructure), virtualization can be
               used to host servers, client operating systems, limited user interfaces

               (i.e., virtual desktops), applications, and more.


               Virtual Software

               A virtual application is a software product deployed in such a way that
               it is fooled into believing it is interacting with a full host OS. A virtual
               (or virtualized) application has been packaged or encapsulated to
               make it portable and able to operate without the full installation of its

               original host OS. A virtual application has enough of the original host
               OS included in its encapsulation bubble (technically called a virtual
               machine, or VM) that it operates/functions as if it were traditionally
               installed. Some forms of virtual applications are used as portable apps
               (short for applications) on USB drives. Other virtual applications are

               designed to be executed on alternative host OS platforms—for
               example, running a Windows application within a Linux OS.