VMware Communities
ncalsurfer
Contributor
Contributor
Jump to solution

How to make MS Office file open in Windows XP VM?

Hi All,

I finally abandoned Paralells and made my way to VM Fusion! Already the stability and ease of use have made me so happy!

Parallels has a cool feature where I can be working in OSX and when I want to open an MS Office file, it would switch to my Windows XP VM and open the file in the proper application: Word, Excel, etc.

Is there any way to do this in VM Fusion?

Thanks much!

Reply
0 Kudos
1 Solution

Accepted Solutions
admin
Immortal
Immortal
Jump to solution

Fusion does not currently support cross-platform file associations. Before you ask, the developers are aware the people would like this functionality, but VMware policy is to not comment on unannounced features, products, timelines, etc. so I can't say more.

View solution in original post

Reply
0 Kudos
9 Replies
admin
Immortal
Immortal
Jump to solution

Fusion does not currently support cross-platform file associations. Before you ask, the developers are aware the people would like this functionality, but VMware policy is to not comment on unannounced features, products, timelines, etc. so I can't say more.

Reply
0 Kudos
ncalsurfer
Contributor
Contributor
Jump to solution

Thank you for the quick reply!

Ouch! This is such a great feature for me and many other people I know. I imagine there are many who would not switch to VM because of it. Had I known, I might have reconsidered. I'm sticking with VM because of the speed, reliability, and ease of use.

Please guys - this is the killer feature which many Paralells users would love!

Cheers!

Reply
0 Kudos
BrianBender
Contributor
Contributor
Jump to solution

Just for the record, this isn't a unversally loved/wanted feature. Smiley Happy

There are a bunch of us (quite a lot, I'd guess, coming from VMWare use on other platforms, but that's just my guess) who would see this kind of cross-sandbox integration as a huge security risk.

I want VMWare to be a sandbox -- nothing in the VM should be able to touch the host unless I tell it to, and I don't want to see any back-channel paths for doing that. I treat guests as networked computers, and any sharing that needs to be done happens over normal network protocols. This is historically where VMWare comes from on other platforms; I'd hate to lose this isolation out of some perceived need to compete feature-for-feature with Parallels.

I don't envy the VMWare product managers trying to reconcile these two completely different personalities. Smiley Wink

Not flaming you or anything, ncalsurfer, just trying to make sure "my side" is represented in the forums, too.

Reply
0 Kudos
ncalsurfer
Contributor
Contributor
Jump to solution

Hey Brian - no doubt. I absolutely hear your love of VM as a pure sandbox environment. My sys admin and developers want the same! There are definitely two distinct groups of people (if not more). I'm the everyday Mac user who needs some windows programs (because Office 2008 still can't read Office 2007 and earlier files correctly all the time and my contractual agreements are important!). Then of course a more techincally minded group (you and my tech team) who want the pure sandbox enviro.

Can I just have the option of risking my whole system to open my legal docs in Windows Office? Bury it however deep you want, make it accessible only after agreeing to a bunch of additional terms and agreements, fine with me. The chance of Microsoft "fixing" Office for Mac, well let's just say I know better than to hope for that!

Cheers!

Reply
0 Kudos
Bob_Zimmerman
Expert
Expert
Jump to solution

Strictly speaking, it isn't that much of a security risk. After all, the guest cannot have any security from the host because processes on the host can potentially examine and modify arbitrary locations in the guest's memory directly.

For me, it's more an issue of isolation. I don't ever want my VMs doing anything I don't explicitly tell them to. I hate Windows' tendency to think it knows better than me what I want. Cross-platform file associations would be a cool feature to have because implementing that properly would require some extremely interesting things to be implemented first, but I want the ability to turn it completely off.

Really, since this is a consumer product, cross-platform file associations should probably work by default or have a dialog the first time you start Fusion that says "Hey! We have a cool new feature that lets you open files on your Mac in programs in your VM!". As long as those of us who don't want it are aware of the feature and have a way to disable it, I certainly wouldn't mind it existing.

Reply
0 Kudos
Bob_Zimmerman
Expert
Expert
Jump to solution

Oddly enough, iWork does a bang-up job of reading the new Office formats (docx, pptx, &c.). It manages to handle them better than the official Microsoft file format converters they used to let Mac users work with the files before Office 2008 came out.

Reply
0 Kudos
ncalsurfer
Contributor
Contributor
Jump to solution

My experience has been it reads them very well, but of course I need to write back to the same formats. I just refuse to choose "Export" every time I want to save in office format and then have two types of files for every thing I work on. Very frustrating!

Reply
0 Kudos
BrianBender
Contributor
Contributor
Jump to solution

After all, the guest cannot have any security from the host because processes on the host can potentially examine and modify arbitrary locations in the guest's memory directly.

Sure, that's a given. I don't think anyone is expecting any protection of the guest from the host OS. But I'm not worried about the host -- my host (be it Fusion on OS X or Workstation on Linux) is already trusted, that's why it's hosting the VMs in the first place.

What I'm extremely concerned about is VM escape of the guest -- it shouldn't be able to touch or influence anything in either the host or other guests.

Really, since this is a consumer product, cross-platform file associations should probably work by default or have a dialog the first time you start Fusion that says "Hey! We have a cool new feature that lets you open files on your Mac in programs in your VM!".

I don't really agree with that. The average consumer has already shown he doesn't understand the security implications of running an out-of-the-box Windows install with an internet connection. Providing any means of VM escape by default for that situation sounds like a recipe for disappointment/disaster to me.

Personally, if Fusion were to add those sorts of features, I'd be most comfortable if VMWare offered two different builds (or at that point broke it into two different products), one with the actual code that provides those back-channel paths removed. Just disabling the features with config params or such is better than nothing, but I'd rather have no chance of some unrelated issue escalating into a VM escape via those codepaths...

- Brian

Message was edited by: BrianBender (formatting)

Reply
0 Kudos
Bob_Zimmerman
Expert
Expert
Jump to solution

After all, the guest cannot have any security from the host because processes on the host can potentially examine and modify arbitrary locations in the guest's memory directly.

Sure, that's a given. I don't think anyone is expecting any protection of the guest from the host OS. But I'm not worried about the host -- my host (be it Fusion on OS X or Workstation on Linux) is already trusted, that's why it's hosting the VMs in the first place.

What I'm extremely concerned about is VM escape of the guest -- it shouldn't be able to touch or influence anything in either the host or other guests.

Cross-platform file associations could be something as simple as a stub application on Mac OS that just shuffles the file into a temporary shared folder then sends a command to Windows to open the file. It could even stuff the file into Windows' own temp directories on the virtual drive. That doesn't require any communication functionality that does not already exist in Fusion.

The best way I can see it working would require dynamically setting up a shared folder with a hard-link to the file, giving the guest R/W access to said shared folder, mounting it in the guest, and opening the file. That way, changes are made on the actual file. Detecting when the file closed and tearing down the shared folder would be a little weird and would probably involve new functionality in Tools to monitor the number of open handles to the file in question. This would also make temp files weird. The way to get around that would be to just share the parent directory of the original file and work on it directly, but that would let the guest potentially see more files than it should.

Really, since this is a consumer product, cross-platform file associations should probably work by default or have a dialog the first time you start Fusion that says "Hey! We have a cool new feature that lets you open files on your Mac in programs in your VM!".

I don't really agree with that. The average consumer has already shown he doesn't understand the security implications of running an out-of-the-box Windows install with an internet connection. Providing any means of VM escape by default for that situation sounds like a recipe for disappointment/disaster to me.

Note the "or" in my statement. I personally don't like the idea of enabling it by default, which is why I suggested the dialog. Kind of like iTunes' MiniStore dialog the first time you ever launch it.

At any rate, the only real security risk would be to the VM, which already has no security other than what the host provides. As long as the VM can't request arbitrary files from the host (i.e., the files or shared folders are pushed), then malware in the VM could only affect things the host lets it affect. Similarly, malware on the host could already do whatever it wants to the guest, so that direction doesn't matter.

Personally, if Fusion were to add those sorts of features, I'd be most comfortable if VMWare offered two different builds (or at that point broke it into two different products), one with the actual code that provides those back-channel paths removed. Just disabling the features with config params or such is better than nothing, but I'd rather have no chance of some unrelated issue escalating into a VM escape via those codepaths...

They know that quite a lot of us want a version of Workstation, but that is probably a lower priority than Fusion, which is explicitly a consumer product. I wouldn't expect the code paths to be removed from Workstation Mac or whatever, if it is ever actually made. Rather, they would probably be implemented as things that you would either install or not install in Tools and enable or disable in the VMM.

As I mentioned above, there is at least one way to potentially implement this functionality that would not require any more "VM escape" potential than already exists via VMware Tools.

Reply
0 Kudos