Also nobody I talked with knew what he was talking about in regards to how all crashing bugs are exploitable if you use full hardware virtualization. Nobody claimed that this isn't true, but they all say that without technical details explaining the claim that they can not come to any conclusions regarding it. These are people who I think know enough about computer security that they would be aware of full hardware virtualization causing all crashing bugs to be exploitable if it was widely known in the computer security community. Theo really needs to substantiate this claim with technical details. Also, assuming this problem is related to mistakes in architecture virtualization, the risks will (very likely) be greatly reduced with paravirtualization and it shouldn't apply at all to OS virtualization. If anyone has any questions or comments feel free to ask. I still need to do a lot more research on virtualization, everything I have said is correct to the best of my knowledge and I talked with numerous people who know their shit regarding security, but again I am personally not an expert regarding virtualization. I do know a thing or two about computer security though, and compared to corporate security people I am a boss imo . In regards to all of the non-definitive terminology I am using (likely, probable, most likely, maybe, etc), a lot of the discussion is based on theory and a lot of the conclusions are based on probability (it is probable that a given full hardware virtualization has these security issues, although it may not be something that is inherent to full hardware virtualization. Also paravirtualization may have some of the same issues, but since a lot less is being virtualized it is likely that a given paravirtualization solution has a much higher degree of correctness than a given full hardware virtualization solution). For example, full hardware virtualization is much more complex than paravirtualization, so even if there are no currently known flaws in a given full hardware virtualization system or in the hardware that supports them, the potential for flaws is much higher simply because a lot more is taking place. I guess it is even possible that none of the issues Theo is talking about are true (maybe virtualbox did everything right!), it just isn't very probable at all. More academic level research needs to be done regarding many of these things before some of the claims can be definitive instead of just various degrees of 'probable', if that makes sense. Although it is generally accepted as true that complexity is roughly equal to insecurity. On the other hand, the people I talked with suggested that the added insecurity from the complexity of virtualization based isolation does not outweigh the added security of isolating network facing applications away from the external IP address, so in the end more things than simplicity need to be taken into consideration, although you should always use the least complex solution that allows you to acheive your stated goal (hence why paravirtualization is almost certainly better than full hardware virtualization, but full hardware virtualization is better than doing nothing at all).