VMware Communities
tj_baker
Contributor
Contributor

Curious about security....

I am new to Mac, and vmware, and I am just curious about any possible security issues that may arise by having a Windows installation running on my Mac. Is it possible for a Mac to catch a virus from a Windows machine?

Thanks for any input, and for patience with the noob... Smiley Happy

peace,

tj

Reply
0 Kudos
15 Replies
aliasme
Enthusiast
Enthusiast

Yes, absolutely, and this is an important issue that I am surprised a journalist or media person has not picked up on in order to educate the general public on things they should be aware and what they need to do. This information is true for both Parallels and Fusion.

1) When you install Windows in Fusion, depending on your network configuration (bridged), you are creating a Windows machine on your network with an IP address sitting, listening, sharing, waiting to be hacked. So, all the precautions of a Windows machine on the Internet should be followed: firewall, set a password, don't setup open network shares in Windows without passwords, etc.

2) Depending on how you have setup the guest operating system, you are giving the machine access to certain shared folders on your Mac. It is possible a destructive virus could overwrite or delete files on your network drives, which means files on your Mac in your home directory or files in one of OS X directories you designate and setup as shared. When a file is deleted from a share, it is not moved to the trash, it is GONE, GONE (without very expensive and highly specialized data recovery tools that only have about a 75% chance of working). An antivirus application is a good idea if you use the client machine to surf the web or there are ANY incoming files on the machine originating from the outside which might be compromised or infected.

It's a great question, and a lot of people probably do not realize the exposure on the "virus free Mac" they bought.

BP9906
Expert
Expert

Basically he's saying that you need to properly secure both machines like you normally would had they been separate machines. To some degree, firewalls and AV/AS help, but that still leaves you open for being hacked. Having an IPS is what will save you from attack, but IPS is slowly taking wave and isnt very common in home products. Taking the least privileged route is best, basically turning off anything unneeded, unused, and something you can do more securely (like SSH and SFTP are native to OSX, but not Windows, and are secure versions of telnet and FTP that allow complete secure communication).

Anyway, thoughts on security from an engineer. Smiley Happy

Rzn8tor
Enthusiast
Enthusiast

How do you control which folders are shared with Fusion?

Reply
0 Kudos
Pat_Lee
Virtuoso
Virtuoso

Bring up the Virtual Machine Settings window, go to Shared Folders. You can set folders to be Read Only and only choose to share the folders you want to share.

Reply
0 Kudos
dp_fusion
Enthusiast
Enthusiast

Mr. Moderator: For the purpose of this topic some recent history with another vendor's virtual machines is noted. Don't hesitate to delete it if you feel is is inappropriate.

It was pretty well hashed out here: http://forum.parallels.com/thread8127.html and here: http://blog.washingtonpost.com/securityfix/2007/02/perils_in_parallels_1.html. At least for Parallels things got worse when they allowed Windows to execute applications in OS X. At that point I uninstalled it and have not gone back.

The concern is a simple Windows infection can copy your virtual machine(s) to a remote site and run them just fine. More interesting is a Windows infection can install a virtual machine on your system, and at least in Parallels, run it. I hope this capability doesn't come to VMWare.

Avoid sharing out your entire home directory to Windows, and definitely avoid global sharing and you can prevent some of these problems.

Reply
0 Kudos
Rzn8tor
Enthusiast
Enthusiast

Are the folder(s) selected under Settings/Shared Folders the only ones the guest has access to?

Reply
0 Kudos
BP9906
Expert
Expert

Yep. Unless you have Windows File sharing specified already in OSX > System Prefs > Sharing, then that would apply also.

Reply
0 Kudos
tj_baker
Contributor
Contributor

Wow...thanks for the helpful info -- I forgot to mark this as 'watched' and forgot about posting it.. nice to come back to great info! Smiley Happy

I'll have to look further into security settings for Mac -- I wasn't even aware that Mac had firewall and Anti-Virus apps... I've had my Mac for 2 weeks... Smiley Wink

Thanks again for the input.

peace,

tj

Reply
0 Kudos
marcelairmail
Contributor
Contributor

I can only select 1 file at the time in this menu option. What am I missing?

Reply
0 Kudos
admin
Immortal
Immortal

I can only select 1 file at the time in this menu option. What am I missing?

What exactly are you trying to do? If you want to share more than one folder, set up more than one shared folder.

Reply
0 Kudos
marcelairmail
Contributor
Contributor

Sorry for not being more clear.

I'm trying to share the folders 'Documents', 'Movies', 'Music',

'Pictures' from OS X > Places > Marcel with XP.

I have the connection figured out, I have a drive in XP that will show

all the folders from OS X > Places > Marcel, including the 'Library'

folder for example.

I think that under Virtual Machine Settings in Fusion I can determine

which folders from OS X will show in XP. Once I get to this option, I

can select 'choose' but can only select either 'Marcel' (which will

show all folders) or Documents (which will not show Movies, Pictures,

Music).

How do I fine tune this to get the result I want?

I'm sure I'm missing the obvious, still new to this but trying!

Thanks.

Reply
0 Kudos
admin
Immortal
Immortal

Once you select "choose", you should get a standard OS X file selection dialog, which should let you choose any folder you want. Is this not happening for you? What do you see (you can take a screenshot of a portion of the screen with cmd-shift-4)?

Reply
0 Kudos
marcelairmail
Contributor
Contributor

Here you go..... I'm getting here but can only select 1 folder at the

time.

For example, I can select Documents, but NOT Documents and Movies.

Reply
0 Kudos
admin
Immortal
Immortal

Right, that's normal. If you want to share both your Documents and your Movies, you need to set up two different shared folders; e.g. select Documents for one; add another with the plus button in the lower left of the Settings pane, and set that to Movies.

Reply
0 Kudos
marcelairmail
Contributor
Contributor

Got it! Just had to think about it a little different.

I added the folders I needed and in XP mapped to the VM Shared Folders

file. Works exactly as I want now.

Many thanks for your help!

Marcel.

Reply
0 Kudos