If I was in a critical business meeting and I ended up in that situation then I'd personally have rebooted (2 minutes, max) and run my presentation natively from within Windows.

Unless of course the presentation revolved around showing how easy it is to run your bootcamp partition through vmware in which I can understand the frustration.

Please forgive me if I sound cranky. Thanks for explaining the rationale behind this feature.

But I think an administrator should be able to disable this feature if he chooses.

I'm the sole owner and administrator of my Mac. I set it up. As the administrator, under System Preferences: Accounts, Mac OS X 10.4 Tiger gives me the option of disabling the user name and password authentication for my profile on bootup of the machine. I can choose things so that when the machine is powered up it automatically logs into my profile and goes straight to the desktop without the password.

Similarly, Windows Vista Business lets me do the same thing. As the administrator, I can disable the log-on when the virtual machine is booted up. I think I made that change in Control Panel: User Accounts, but I can't remember exactly.

So that's what I did. I have set Mac OS X to boot up without requiring user authentication, and I have set Windows Vista Business to boot up without requiring user authentication. You may think this is foolish, but it's my choice.

I think the administrator authentication required to launch a virtual machine in VMware Fusion is unneccessary for my purposes, and I want VMware to give me a way to disable it.

Here's a constructive suggestion. The other option would be to have VMware pass the authentication over to the Mac OS X Keychain Access application. That would be more Mac-like, and that's the way that other Mac third-party applications do it. The Keychain stores multiple passwords for multiple applications and Web site logins (under Safari), and the user can choose to do a single authentication in a single session for all the passwords required by all the applications and Web sites that store user names and passwords in the Keychain.

I'm guessing that a large percentage of users of VMware Fusion are likely to be in my situation--a lone individual setting up his own machine for home use without any network or IT department administration. I believe that a lot of users will complain about VMware's authentication requirement and, like me, ask for a means of disabling it.

I can agree with you -- I was just making sure you understood what was going on under the hood. I hope the Fusion team can see your and others possible frustration with this issue and offer an option to disable/enable the admin password requirement.

Brian

Well, the problem is that VMware obviously needs root permissions to do something. My bet would be to unmount the BootCamp drive and get block-level access to that partition, but I don't know concretely. The only way to get root permissions without needing to go through authservices every time would be to set the actual executable to be SUID and make it owned by root. That is an incredibly[/I] bad idea from a security standpoint, and even from a system stability standpoint. After all, that means that your VMs would effectively be running as root and could potentially stomp all over your filesystem or do other nasty things.

Ok, thanks for your explanations. I'm learning a useful lesson. It's a security thing.

I think that, as a 20-year Mac user, I'm just not as security-conscious as you guys. Us Mac users have never had to worry about keyloggers or trojans or botnets or spyware or viruses that spread over the Internet or networks. The last virus I heard about on a Mac was around 1988, and it only spread by floppy disks. \[the Macs in the college computer lab didn't have hard drives at all, and they certainly weren't connected to the Internet.]

Even though I've been working with Windows systems and networking, occasionally in corporate settings, going back about twelve years, I don't think about running my Mac in the same light as I do about running a Windows box.

Being a Mac user, we don't normally have to think about things involving keeping your operating system secure. Apple has taken care of all of that for us up until now, and the malware developers have never gotten a foothold on the platform.

You VMware developers understand security at all levels, and think from the enterprise perspective. You see the big picture.

Now that I'm running a multi-platform virtualization product designed by enterprise security people, I may need to start behaving differently.

I think a more immediate reason to learn to think about security is that you (are or will be) running Windows, even in a virtual machine

etung, you are absolutely right.

I should know better. I am a technical support professional. I hold a few certs. I know enough about Windows security already, and I practice it properly on the two Windows XP computers that we have in our home. (I have, at least, commercial antivirus protection on my Boot Camp Windows Vista partition.)

I have just, conceptually, failed to translate that thinking to the new relationship of running Windows as a virtual machine on my Mac in my home.

One of the reasons that people have bought Macs, in the last ten years, is so they can operate a home computer without needing to worry about security. Apple has taken care of the security for us.

The idea of a malicious person hacking into my Mac and running processes on it without my knowledge is unthinkable. It just never happens in the real world. But the idea of a malicious person hacking into a Windows computer, installing hidden code, and running processes secretly--everybody knows that happens all the time. On Windows computers, I've seen malware, and I've seen zombies on botnets, in my professional work.

I'm running Vista on my Mac because I want to educate myself about how Vista works in order to be able to provide tech support to Vista users. I'm also working with Office 2007 for Windows (and I don't like it very much!).

Your point is that as long as I'm running Windows on my Mac, I can no longer afford to think merely as a Mac user. I have to think and act like a Windows user all the time.

Well, not \*all* the time. Just when you're running Windows.

A large part of the reason that I'm a Mac user is that I was an information security guy first and I don't want to bring my work home. I deal with security issues all day long and I don't want to have similar problems at home.

You're right, the security model of OS X is normally pretty good. From what I've seen, it's certainly less obtrusive than Vista's. The problem you ran into is that it's not too forgiving of mistakes that people really do make. You wouldn't believe how many times I've seen people mistype the password on their enterprise-grade firewalls and lock themselves out for several hours. UNIX in general gets very hostile the moment it thinks you aren't who you say you are.

Would be nice if Apple included a way to modify the number of attempts you get. I guess they just didn't run into this frequently enough in usability testing to make it adjustable.

I just want to chime in to note (as Bob Zimmerman correctly surmised): the authentication request is indeed for us to unmount the Boot Camp partition and access it directly, and this only happens with Boot Camp VMs.

Fusion won't ask you to authenticate to run a normal/pure VM that's stored in .vmdk files; this only happened because the VM in question was using the Boot Camp partition.

I'll also say that while I don't want to downplay security, running a VM on your host is nowhere near as dire a security risk as bflad pointed out in the 2nd post here, IMO. That's why we don't require a password to start every single VM.

Thanks magi for the clarification

Brian

I'm thinking about installing Windows Xp on my fusion IMAC. I don't want to do this if there is any chance of virus spread to my windows virtual pc. (or to the mac component either) Will the mac virus software protect against the windows viruses and spybots, etc? don't the viruses all have to go through the mac internet connecton?

You bought OS X Anti-Virus software?

You can relax a little, Mac malware does not exist outside of labs just yet. Now, if you catch something in your Windows VM and that Windows VM has access to OS X over a share, for instance to access your documents, then that virus could trash those files it has access to.

I have Norton antivirus for MAC. Shouldn't that clear any mac infected files from virtual windows xp? I guess i'll need a windows antivirus software also? I hate to go back to all that hassle with windows and intruders.

I'd be more concerned with Windows Antivirus/Firewall software more so than Mac OS. If anything should attack your computer, 99.999% of the time it will be because of Windows.

Brian

I became sufficiently annoyed with the password request, I googled how to get rid of it, and I landed on this forum.

I think Wheat gets it. There are security risks whenever one runs Windows (with or without a VM). I understand that there are security risks, but what are security risks but frustrating delays? A risk is something that has a potential to exist, but a password prompt (or the inability to complete a presentation) is a reality. We've all seen over the past decade what fear of "security breaches" can do to a country (this coming from a Republican).

At any rate, that's my two cents. I hope you guys can figure out a way to pull that out of an otherwise fantastic program. The vmware registration mentioned we could share our blogs, so here's mine: www.teknosophy.com. Thanks and I'm enjoying the forums!

-Marc