I'd like to make a recommendation to enhance the security of Parallels for Mac. By default, any standard user can leverage 'prlctl' to execute commands, in an elevated context, within VMs. If your goal is to have a somewhat containerized VM, your options are the 'isolated' mode in which it is completely segmented, or non-isolated with shared folders disabled, but you then introduce the aforementioned ability to allow execution within your VM from the host. My use case involves needing more granularity in between so that the VM is mostly isolated, but still allowing copy/paste between host/guest for some functional convenience. The solution I've found at this point is to remove read/execute permissions on prlctl for all non-owner users. (sudo chmod 700 /usr/local/bin/prlctl). Thus far, Parallels functionality seems unaffected by this change and it restricts elevated execution within VMs for non-elevated user contexts on the host. Apologies if there is a better place to present this information than here. In my professional opinion, if there's not a functional reason to need world executable permissions on prlctl, then the permissions should be restricted by default.
