I am new to Mac, and vmware, and I am just curious about any possible security issues that may arise by having a Windows installation running on my Mac. Is it possible for a Mac to catch a virus from a Windows machine?
Thanks for any input, and for patience with the noob...
peace,
tj
Yes, absolutely, and this is an important issue that I am surprised a journalist or media person has not picked up on in order to educate the general public on things they should be aware and what they need to do. This information is true for both Parallels and Fusion.
1) When you install Windows in Fusion, depending on your network configuration (bridged), you are creating a Windows machine on your network with an IP address sitting, listening, sharing, waiting to be hacked. So, all the precautions of a Windows machine on the Internet should be followed: firewall, set a password, don't setup open network shares in Windows without passwords, etc.
2) Depending on how you have setup the guest operating system, you are giving the machine access to certain shared folders on your Mac. It is possible a destructive virus could overwrite or delete files on your network drives, which means files on your Mac in your home directory or files in one of OS X directories you designate and setup as shared. When a file is deleted from a share, it is not moved to the trash, it is GONE, GONE (without very expensive and highly specialized data recovery tools that only have about a 75% chance of working). An antivirus application is a good idea if you use the client machine to surf the web or there are ANY incoming files on the machine originating from the outside which might be compromised or infected.
It's a great question, and a lot of people probably do not realize the exposure on the "virus free Mac" they bought.
Basically he's saying that you need to properly secure both machines like you normally would had they been separate machines. To some degree, firewalls and AV/AS help, but that still leaves you open for being hacked. Having an IPS is what will save you from attack, but IPS is slowly taking wave and isnt very common in home products. Taking the least privileged route is best, basically turning off anything unneeded, unused, and something you can do more securely (like SSH and SFTP are native to OSX, but not Windows, and are secure versions of telnet and FTP that allow complete secure communication).
Anyway, thoughts on security from an engineer.
How do you control which folders are shared with Fusion?
Bring up the Virtual Machine Settings window, go to Shared Folders. You can set folders to be Read Only and only choose to share the folders you want to share.
Mr. Moderator: For the purpose of this topic some recent history with another vendor's virtual machines is noted. Don't hesitate to delete it if you feel is is inappropriate.
It was pretty well hashed out here: http://forum.parallels.com/thread8127.html and here: http://blog.washingtonpost.com/securityfix/2007/02/perils_in_parallels_1.html. At least for Parallels things got worse when they allowed Windows to execute applications in OS X. At that point I uninstalled it and have not gone back.
The concern is a simple Windows infection can copy your virtual machine(s) to a remote site and run them just fine. More interesting is a Windows infection can install a virtual machine on your system, and at least in Parallels, run it. I hope this capability doesn't come to VMWare.
Avoid sharing out your entire home directory to Windows, and definitely avoid global sharing and you can prevent some of these problems.
Are the folder(s) selected under Settings/Shared Folders the only ones the guest has access to?
Yep. Unless you have Windows File sharing specified already in OSX > System Prefs > Sharing, then that would apply also.
Wow...thanks for the helpful info -- I forgot to mark this as 'watched' and forgot about posting it.. nice to come back to great info!
I'll have to look further into security settings for Mac -- I wasn't even aware that Mac had firewall and Anti-Virus apps... I've had my Mac for 2 weeks...
Thanks again for the input.
peace,
tj
I can only select 1 file at the time in this menu option. What am I missing?
I can only select 1 file at the time in this menu option. What am I missing?
What exactly are you trying to do? If you want to share more than one folder, set up more than one shared folder.
Sorry for not being more clear.
I'm trying to share the folders 'Documents', 'Movies', 'Music',
'Pictures' from OS X > Places > Marcel with XP.
I have the connection figured out, I have a drive in XP that will show
all the folders from OS X > Places > Marcel, including the 'Library'
folder for example.
I think that under Virtual Machine Settings in Fusion I can determine
which folders from OS X will show in XP. Once I get to this option, I
can select 'choose' but can only select either 'Marcel' (which will
show all folders) or Documents (which will not show Movies, Pictures,
Music).
How do I fine tune this to get the result I want?
I'm sure I'm missing the obvious, still new to this but trying!
Thanks.
Right, that's normal. If you want to share both your Documents and your Movies, you need to set up two different shared folders; e.g. select Documents for one; add another with the plus button in the lower left of the Settings pane, and set that to Movies.
Got it! Just had to think about it a little different.
I added the folders I needed and in XP mapped to the VM Shared Folders
file. Works exactly as I want now.
Many thanks for your help!
Marcel.