« Bill Gates, confused or deluded? | Main | Updated Parallels out of beta! »
February 12, 2007
Parallels Users, Beware of Windows Exploits impacting OS X
| It sounds obvious that Parallels users who run Windows need to keep on top of Windows security and patches. However, a recent addition to the Parallels Beta, called Global Sharing, can open up OS X itself to possible attacks from the Windows side. |
The basic issue is that this Global Sharing option, which allows easy drag-and-drop app launching between OS X and Windows, is given carte blanche access to your Mac hard drive. Worse yet, this option is enabled by default, at least in beta build 3150 which I am currently running. Users upgrading from a previous version, to get awesome features like Coherence Mode, booting from Boot Camp partitions, and full USB support, may be vulnerable without even realizing this feature was slipped in.
The basic problem boils down to privilege separation. Parallels runs with the full rights of your OS X user, so in theory an attack could be developed and spread via Windows vulnerabilities that could then drop malicious code into OS X. It could also delete files or alter security and other settings.
Allowing Windows, known to be so insecure, to have this sort of access rights to the host operating system is a major misstep by the Parallels team. So if you run Parallels betas, please make sure you disable this feature (Edit -> Virtual Machine -> Shared Folders then uncheck the "Enable global sharing for drag-and-drop" checkbox and save. You'll need to shut down the virtual machine to have access to change this setting.
Posted by Kevin Railsback at February 12, 2007 11:28 AM
Trackback Pings
TrackBack URL for this entry:
http://mt.railsback.com/mt-tb.cgi/97
Comments
Post a comment
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)