OSNews

>>Can this be used to insulate a potentially dangerous application like a web browser or any other network based application in a diferent virtual machine, and then run them side by side, the host holding the local documents and projects and most work the user has, with the emulated virtual system executing everything web-related (browsers, im and all that stuff) ?<<

>>I don't know if it would be feasible, since it would probably waste a lot of disk space and memory running things like this but... is it possible ?<<

This is overkill for this type of thing, depending on which OS you are using there are things that already do this, examples are 'Jails' or 'Chroot' ing applications.

If you want a reasonably technical view of how this works with applications http://www.openbsd.org/faq/faq10.html#httpdchroot is a good example. It describes how Apache HTTPD on OpenBSD is isolated from the rest of the system and how you as an operator have to work with it. Even if you don't use OpenBSD it is a good primer to the concepts and how they affect the operation of the rest of the system.

You can run virtual servers to contain applications you wish to isolate but for many applications there are tools to isolate them safely already, there are always exceptions to the rules. Sometimes there may be an application that ties into so many aspects of the server and was so deeply integrated that it is not possible or practical to isolate it and that is where virtualisation can be useful.

In an ideal world there would be no need to run something you don't trust, sometimes circumstances dictate that you have to.

Before people start flaming about trustworthy applications, HTTPd is a trustworthy server, infact the most popular HTTP server on the net (sources Netcraft, but this time I think they are about right ) the OpenBSD team chrooted it after a spate of vulnerabilities a long time ago, but it does make sense for a hostile Internet facing server.

Anyway I only wanted to post the link then got distracted...