BabyGotMac Sponsors: 1Password, The Most Popular Password Manager for Mac
  Submit News   Archives   Search   Contact
Popular Tags:

‘Perils in Parallels?’, asks the Washington Post…


Greetings, friend! Looks like this is your first time here. As such, we encourage you to subscribe to our site via RSS feed or by email so you can get updates as they happen. Thanks for stopping by!


Perils in Parallels? - Security Fix

A technology blogger for the Washington Post has posted an article about the extreme danger that Mac users are in by running Windows inside a Parallels VM.

Aside from a few ’slippery slope’ allegations, the underlying implication is that it is Parallels, not Windows, that provides the security issue.

Granted, Parallels could make things clearer in these dialogs:

Parallels2

Parallels1

For instance, making ‘Read Only’ the default setting might be a good idea, with a popup message saying “By making this share writable, you could allow malicious Windows code to execute and damage your OS X folder and file structures”. That or a big red ‘caution’ sign with a label denoting the same; either of the two would get the message across: this is not your fathers Mac.

But again, the issue isn’t that Parallels is insecure, it is that Windows allows such arbitrary code execution.

So, is this FUD or is it accurate? What do you think?

  •   Local and Technorati Tags:


Related Links from the Web

Related Links on BabyGotMac

  • No related posts.

Viewing 4 Comments

    • ^
    • v
    Unless you have Parallels running as root, you would get a request for password from OS X when Windows tries to do anything funny with the libary or the system, if you are a LUA then also with the applications folder, and some places in your home folder. so, unless you just type in your password in the dialouge box then click OK without looking, it should be OK.
    • ^
    • v
    Hi Brian,

    in your 1st paragraph you have said exactly what I mean, just a different way. i.e. a hacker could drop a new OS X program into the system via windows.

    Parallels needs to bolt that door up.

    Victor
    • ^
    • v
    Banitsa: I don't believe that's what is being implied at all. The scenario is that Windows malware could be made smart enough to figure out that it's running in a Parallels VM (which wouldn't be hard to do), and could then use Parallel's GFS feature to get root-level access to the Mac OS, wreaking whatever havoc the writer could figure out how to create (drop a payload for later delivery, figure out a way to propagate itself, wipe the drive via a UNIX command, etc.).

    I can't see how people believe this is a problem for Microsoft, rather than Parallels. It's Parallels, not Windows, that is granting root privileges to the Mac environment. Parallels should shut the feature off by default, and should go to some length to make the user aware of the hazards of turning it on. Too many people are going to start from the assumption that their sandboxed Vista VM is safe and can't touch their Mac stuff, which appears not to be true at all, with GFS on.
    • ^
    • v
    As I read the article, the author was saying a hacker could drop code into OS X and compromise the guest OS. This is not a Windows bug, but a potential problem in Parallels. Lets say a hacker dropped a hacked version of a system driver onto OS X and adjusted the startup scripts. OS X would execute the code at the next startup. Nothing to do with Windows.

    Lets hope this never happens.
    p.s. I use a mac not windows.

Trackbacks

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus
By choosing one of the links below, you can send this story to your favorite site, with some information being pre-filled.
Powered by ShareThis