BabyGotMac: ‘Perils in Parallels?’, asks the Washington Post…
Banitsa
· 2 years ago
As I read the article, the author was saying a hacker could drop code into OS X and compromise the guest OS. This is not a Windows bug, but a potential problem in Parallels. Lets say a hacker dropped a hacked version of a system driver onto OS X and adjusted the startup scripts. OS X would execute the code at the next startup. Nothing to do with Windows.
Lets hope this never happens. p.s. I use a mac not windows.
Brian
· 2 years ago
Banitsa: I don't believe that's what is being implied at all. The scenario is that Windows malware could be made smart enough to figure out that it's running in a Parallels VM (which wouldn't be hard to do), and could then use Parallel's GFS feature to get root-level access to the Mac OS, wreaking whatever havoc the writer could figure out how to create (drop a payload for later delivery, figure out a way to propagate itself, wipe the drive via a UNIX command, etc.).
I can't see how people believe this is a problem for Microsoft, rather than Parallels. It's Parallels, not Windows, that is granting root privileges to the Mac environment. Parallels should shut the feature off by default, and should go to some length to make the user aware of the hazards of turning it on. Too many people are going to start from the assumption that their sandboxed Vista VM is safe and can't touch their Mac stuff, which appears not to be true at all, with GFS on.
Banitsa
· 2 years ago
Hi Brian,
in your 1st paragraph you have said exactly what I mean, just a different way. i.e. a hacker could drop a new OS X program into the system via windows.
Parallels needs to bolt that door up.
Victor
Graham Fluet
· 2 years ago
Unless you have Parallels running as root, you would get a request for password from OS X when Windows tries to do anything funny with the libary or the system, if you are a LUA then also with the applications folder, and some places in your home folder. so, unless you just type in your password in the dialouge box then click OK without looking, it should be OK.
All Comments
Lets hope this never happens.
p.s. I use a mac not windows.
I can't see how people believe this is a problem for Microsoft, rather than Parallels. It's Parallels, not Windows, that is granting root privileges to the Mac environment. Parallels should shut the feature off by default, and should go to some length to make the user aware of the hazards of turning it on. Too many people are going to start from the assumption that their sandboxed Vista VM is safe and can't touch their Mac stuff, which appears not to be true at all, with GFS on.
in your 1st paragraph you have said exactly what I mean, just a different way. i.e. a hacker could drop a new OS X program into the system via windows.
Parallels needs to bolt that door up.
Victor