Comments on: Parallels security issue? http://aralbalkan.com/841 Changing the world through technology and oratory. Fri, 21 Nov 2008 23:25:14 +0000 http://wordpress.org/?v=2.7-beta2 hourly 1 By: Markus Zeller http://aralbalkan.com/841/comment-page-1#comment-191567 Markus Zeller Fri, 24 Oct 2008 12:00:41 +0000 http://aralbalkan.com/841#comment-191567 I doubleclicked a *.sql file and it opened with Notepad in Windows inside Parallels. Then I was absolutely shocked being able to see ALL the files of my Mac - even the system files. So made some searches and found this post and read the statement of the Paralles worker. Then I decided to do some tests. Of course I love my TimeMachine saving my files and bring it back in case of failure. Now, I copied some files from /bin and other important folders to the Windows disk. I could READ them all and SAVE over the copies, but NOT the originals on my Mac. My conclusion: It is quite safe and in case of Trojans only documents could be corrupted. Security is also belonging to the user - so don't install any shit! If it installs a virus (is there any known??!) to my Mac I need to start the "app" by myself and Finder notes me when I first start an app I never did before and asks me to trust the source. At least then, it's my task to use my brain. I doubleclicked a *.sql file and it opened with Notepad in Windows inside Parallels. Then I was absolutely shocked being able to see ALL the files of my Mac - even the system files.

So made some searches and found this post and read the statement of the Paralles worker.

Then I decided to do some tests. Of course I love my TimeMachine saving my files and bring it back in case of failure. Now, I copied some files from /bin and other important folders to the Windows disk. I could READ them all and SAVE over the copies, but NOT the originals on my Mac.

My conclusion:

It is quite safe and in case of Trojans only documents could be corrupted. Security is also belonging to the user - so don’t install any shit! If it installs a virus (is there any known??!) to my Mac I need to start the “app” by myself and Finder notes me when I first start an app I never did before and asks me to trust the source. At least then, it’s my task to use my brain.

]]> By: Possible security issue with Parallels « noah little http://aralbalkan.com/841/comment-page-1#comment-75528 Possible security issue with Parallels « noah little Mon, 08 Oct 2007 11:17:35 +0000 http://aralbalkan.com/841#comment-75528 [...] Possible security issue with Parallels February 13, 2007 at 11:49 am | In tech notes and tools | Tags: mac, parallels From Aral Balkan’s post Parallels Security Issue? : [...] [...] Possible security issue with Parallels February 13, 2007 at 11:49 am | In tech notes and tools | Tags: mac, parallels From Aral Balkan’s post Parallels Security Issue? : [...]

]]> By: dkp http://aralbalkan.com/841/comment-page-1#comment-10640 dkp Fri, 16 Feb 2007 19:59:19 +0000 http://aralbalkan.com/841#comment-10640 Actually, I am the same dkp. Anyway, email addresses of the form username site@blablabla.com will fail. The site component is the apparent problem. Plus'ing an email name is a means of tracking where spammers find your address. Everything from the to but not including the @ are ignored by the mail delivery systems but it should be preserved. I also did not like serv's response and said as much in the forum. The good news is with the build 3170 RC3 release the default is to disable the global share. It still seems like a lame way to provide the functionality but the 'high astonishment factor', to quote Mike Cowlishaw, is gone. Actually, I am the same dkp. Anyway, email addresses of the form username site {at} blablabla(.)com will fail. The site component is the apparent problem. Plus’ing an email name is a means of tracking where spammers find your address. Everything from the to but not including the @ are ignored by the mail delivery systems but it should be preserved.

I also did not like serv’s response and said as much in the forum. The good news is with the build 3170 RC3 release the default is to disable the global share. It still seems like a lame way to provide the functionality but the ‘high astonishment factor’, to quote Mike Cowlishaw, is gone.

]]> By: Pauline McNamara @ NTE » Blog Archive » Possible security issue with Parallels http://aralbalkan.com/841/comment-page-1#comment-10459 Pauline McNamara @ NTE » Blog Archive » Possible security issue with Parallels Tue, 13 Feb 2007 10:49:11 +0000 http://aralbalkan.com/841#comment-10459 [...] From Aral Balkan’s post Parallels Security Issue? : [...] [...] From Aral Balkan’s post Parallels Security Issue? : [...]

]]> By: aral http://aralbalkan.com/841/comment-page-1#comment-10366 aral Mon, 12 Feb 2007 10:40:43 +0000 http://aralbalkan.com/841#comment-10366 Hi dkp (not the one from the forums, I'm assuming). I read serv's response but don't find it satisfactory. Later in the thread he says that that it's his personal opinion and shouldn't be taken as the official response from Parallels. When you disable the global share, it's been my experience that you can still cut and paste files so, at least for me, the additional convenience is not worth the security risk. I agree with dkp (on the forums) that security should be the primary consideration here and that virtual machines should be sandboxed from the host machine. Regarding the email issue -- it's the first time I've heard of it. If you email me (my first name at the name of this domain), I'll look into it with your email address and share the fix, once I have it, with the k2 people. Hi dkp (not the one from the forums, I’m assuming). I read serv’s response but don’t find it satisfactory. Later in the thread he says that that it’s his personal opinion and shouldn’t be taken as the official response from Parallels.

When you disable the global share, it’s been my experience that you can still cut and paste files so, at least for me, the additional convenience is not worth the security risk. I agree with dkp (on the forums) that security should be the primary consideration here and that virtual machines should be sandboxed from the host machine.

Regarding the email issue — it’s the first time I’ve heard of it. If you email me (my first name at the name of this domain), I’ll look into it with your email address and share the fix, once I have it, with the k2 people.

]]> By: dkp http://aralbalkan.com/841/comment-page-1#comment-10358 dkp Mon, 12 Feb 2007 00:57:17 +0000 http://aralbalkan.com/841#comment-10358 The global share requirement was explained by "serv" from Parallels here: http://forum.parallels.com/post41289-49.html I've not tried it as it isn't anything I would need, but others will certainly appreciate the convenience. BTW, your comment page does not accept legitimate mail addresses. The global share requirement was explained by “serv” from Parallels here:

http://forum.parallels.com/post41289-49.html

I’ve not tried it as it isn’t anything I would need, but others will certainly appreciate the convenience.

BTW, your comment page does not accept legitimate mail addresses.

]]> By: Savvas http://aralbalkan.com/841/comment-page-1#comment-10339 Savvas Sun, 11 Feb 2007 14:14:31 +0000 http://aralbalkan.com/841#comment-10339 I couldn't agree more Aral. My current problem is that some of win apps(Flash, Flex Builder, IE, Acrobat) when running in XP don't show up on dock and i can't keep them there in order to open them directly.. (you select the application you want in the dock, control-click and select Add to favorites from the context menu.) Any ideas? I couldn’t agree more Aral.
My current problem is that some of win apps(Flash, Flex Builder, IE, Acrobat) when running in XP don’t show up on dock and i can’t keep them there in order to open them directly..

(you select the application you want in the dock, control-click and select Add to favorites from the context menu.)

Any ideas?

]]> By: aral http://aralbalkan.com/841/comment-page-1#comment-10323 aral Sun, 11 Feb 2007 01:04:13 +0000 http://aralbalkan.com/841#comment-10323 Hi Savvas, I just checked and I can still drag and drop. Not entirely sure what d&d functionality I've lost. Turning this option off seems to be a good idea in general. Hi Savvas,

I just checked and I can still drag and drop. Not entirely sure what d&d functionality I’ve lost. Turning this option off seems to be a good idea in general.

]]> By: val brown http://aralbalkan.com/841/comment-page-1#comment-10319 val brown Sat, 10 Feb 2007 19:20:34 +0000 http://aralbalkan.com/841#comment-10319 Welcome to the wonderful world of Windows. Jump in the pool, you get wet. You don't want to get wet -- AT ALL -- then don't jump in the pool. For me, I've been working with Windows, Mac, Unix etc for quite a while now and am very comfortable in switching amongst them so Parallels' transparent interoperability is wonderful. i just remember it's Windows and partly that involves remembering that the vast majority of OS implementations in the world actually ARE Windows. So there are benefits to it, despite the risks. Welcome to the wonderful world of Windows. Jump in the pool, you get wet. You don’t want to get wet — AT ALL — then don’t jump in the pool. For me, I’ve been working with Windows, Mac, Unix etc for quite a while now and am very comfortable in switching amongst them so Parallels’ transparent interoperability is wonderful.

i just remember it’s Windows and partly that involves remembering that the vast majority of OS implementations in the world actually ARE Windows. So there are benefits to it, despite the risks.

]]> By: Savvas http://aralbalkan.com/841/comment-page-1#comment-10259 Savvas Fri, 09 Feb 2007 08:53:29 +0000 http://aralbalkan.com/841#comment-10259 Neither do i. It asks me to connect to "my machine" as Guest.. Aren't you able to drag and drop? Neither do i.
It asks me to connect to “my machine” as Guest..
Aren’t you able to drag and drop?

]]>