I really want to buy this software but am a little bit worried that after I buy the software, it won’t perform the tasks I am looking for, and that will be X dollars down the drain.
As ronald mentioned, we offer a money back guarantee on everything we sell. If you’re unhappy for any reason, we’ll happily refund the full purchase price. We simply don’t want unhappy customers; life is too short for that kind of thing. So, if you don’t find the software provides a great value, we want you to have your money back.
I research HyperVM and heard alot about its security issues. What type of steps does cloudmin take to reduce the risks of exploits?
Security isn’t any single feature or coding practice, and so it’s not really useful to say, “Webmin supports SSL, password timeouts, and has been audited by security professionals, and thus our products are secure”. Networked software is always under attack, and new exploits are being discovered every day. With our products, we do the best we can to mitigate security risks. We take security issue reports very seriously. And, the security history of Webmin (and related products) is quite good, given the size and value of the target (millions of users, runs as root, often has access to other systems, etc.) and how often it is the target of attacks.
The most important thing about Webmin/Virtualmin/Cloudmin, however, from a security standpoint is really just that it is very actively maintained. We don’t have any secret knowledge or amazing skills that would allow us to write completely bug-free code; but when problems are found, we fix them quickly. Unmaintained code is pretty much guaranteed to be insecure code at some point, and Webmin/Virtualmin/Cloudmin has never been unmaintained and is at no risk of becoming unmaintained (we are a real company with real stockholders and three people with plans to grow further in 2010; it is not a one-man operation nor is it on the verge of financial collapse or anything else catastrophic that would put the code at risk).
So, the best thing we can offer as evidence of future security is our history of security and active maintenance. It’s been pretty good for over a dozen years, so you can probably trust that we’ll do a decent job in the future, too. We aren’t arrogant enough to say that we’ll never make mistakes, including security mistakes. In addition to our own concerns about security, there are a number of generous security professionals (some of them Virtualmin customers, even) who periodically audit the code and let us know about the problems they find. Needless to say, we’re grateful to those folks.