Final advice before I dive into Parallels for Mac?

The issue IS a Windows issue because the concern is for vulnerabilities generated FROM Windows, not from other Guests, presumably because Global Sharing is ONLY available currently when the Guest is Windows. Or, let me say this another way, you have reported using Solaris fairly extensively and I have yet to hear you report this as a potential problem re: Solaris.

Why is that?

The issue is precisely Windows and the vulnerabilities of Windows -- that are known and are responded to already by the User Communities involved with Windows.

BTW, I'm not talking about known mechanical problems with airplanes. I'm talking about what can be done with perfectly intact and mechanically proficient airplanes.

 

We have a big picture/small picture problem. The problem is one OS, regardless of it's pedigree, has casually established read/write access to the root drive and all mounted drives of another OS, also regardless of it's pedigree. Specifically, the OS's in this discussion reside on the same machine and are running at the same time but that is not a factor in respect to the principles of security.

The risk arises from the fact stated - one system has extreme access to another and it is provided rather silently by a user level application. In this case the mechanism is Parallels. In the case of Solaris the mechanism can be sshfs and it is a real problem today but not Parallels' problem. The same principle applies.

What makes it a security problem is that this is a default configuration that happens as a consequence of creating a virtual machine in Parallels. To date only Windows vm's are set up this way but perhaps as the product develops this method will be applied to other supported guest OS's.

What makes this a social problem is that while the situation described is real, there are those among us who would prefer this not be discussed and/or believe the problem is not a real problem at all. Keeping such important information from the end user is unwarranted. What harm can come from end users knowing the risks associated with this feature?

That is a community I at least have never been a part of, but explain please how so many Windows users know about this problem when it only came to light with RC 3150 or thereabouts? Historically Windows users have never had the ability to tunnel into another OS's hard drive before Parallels introduced it. I'd think people would be curious about what it means.

[Fargo] No, see, no, there are no airplanes, there's just... No. There's no airplanes![/Fargo]

 

Windows users know about security issues and how to deal with -- from the Windows side -- using tools that have been around for a while.

 

Are you just not paying attention? http://www.eweek.com/article2/0,1895,2029720,00.asp

 

Yes, and the whole point of that concerns "unpatched" systems. A little common sense, anti-spyware and anti-virus software and monitoring og CPU and internet activity, goes a long way towards handling the problem for an individual.

I'm not getting into a flame war with you. You have a very different perspective on this and that's great. But there are many "out there" who truly want interoperability, are comfortable with Windows, and will work to make the overall experience as safe as possible.

 

Yes, and the whole point of that concerns "unpatched" systems. A little common sense, anti-spyware and anti-virus software and monitoring og CPU and internet activity, goes a long way towards handling the problem for an individual.

I'm not getting into a flame war with you. You have a very different perspective on this and that's great. But there are many "out there" who truly want interoperability, are comfortable with Windows, and will work to make the overall experience as safe as possible.

 

Exactly - and the number of unpatched systems being discovered by black hats is growing. That is why it is important for people to know the consequences of opening up the host OS to another OS. And that even with patched systems there is that exposed drive there vulnerable to the next day one virus/trojan attack.

I've not seen any flames to this point, nor have I said people shouldn't have access to global sharing. If that is what they want then who am I to prevent it? I couldn't even if I tried. The OP asked for last minute advice and I'm replying to the fullness of my ability. Regarding the global share I'm simply providing the rest of the story and some demonstrable examples to back up my comments. Think of it as grass roots documentation, Val - it's a free public service because you won't find a word of this in any of the dox that come with the product.

 

Nor any of the specific recommendations that I've made to make using Windows as safe as possible.

 

Securing Windows is not Parallels' responsibility - that is Microsoft's job. Keeping Parallels operations and activities secure is quite another story. Let's agree we're both interested in the best security possible and that we have a minor disagreement regarding whom is responsible for what.

 

I've not suggested that securing Windows is the responsibility of Parallels. I have, however, offered suggestions for users of Parallels that will help them maintain security while also enjoying the benefits of interoperability offered by Parallels.

 

I've not suggested that securing Windows is the responsibility of Parallels. I have, however, offered suggestions for users of Parallels that will help them maintain security while also enjoying the benefits of interoperability offered by Parallels.

 

Do you ever mention that this paragraph from Parallels' Learn More page is not entirely true, that in fact everything after the second comma is wrong (in the current RC)?

 

Have you seen the discussion in http://forum.parallels.com/thread8548.html concerning the differences between Shared Networking, Bridged Networking and Host Only Networking?

There are reasons that I use Shared Networking with the array of anti-virus, firewall, anti-spyware, etc tools in Windows that I use. Others may make different choices -- for whatever reason they choose to do so -- but the point is well taken that we both are sharing information so that others can make informed choices, even if those choices differ from what we do.

 

Yes - that is standard IP stuff, well known to me, at least.

So long as you (we) understand that any hostile web pages you visit, or email you accept into Windows, or other service you connect to (IM, IRC) are still the same threat regardless of your networking type.

You don't answer many questions.