DISQUS

Hello! BabyGotMac is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

babygotmac.com/ Jump to website »

Subscribe
- New Comments
Community
Top Commenters
- sandyalso
  10 comments · 1 points
- MCJunkie
  6 comments · 1 points
- scottmcdaniel
  5 comments · 1 points
- urbanhiker
  2 comments · 1 points
- msblachberry
  2 comments · 1 points
Popular Threads
- Win an iPhone from BabyGotMac!
  2 weeks ago · 61 comments
- Our iPhone contest winner announcement!
  2 days ago · 1 comment
Recent Comments
- With the technology changing rapidly, I am not surprised that most of the gadgets are becoming multitasking!
  1 day ago by back
  
  in myMassage 1.2 released - Has your iPhone Given you a Massage Today?
- WOW how COOL I jus WON the IPhone contest :D!!!! now I can get the Rob Thomas app an carry him around in my pocket!!!!!
  1 day ago by jennifer
  
  in Our iPhone contest winner announcement!
- I agree - bought my car with built in ipod connector - use it for long road trips - totally unacceptable that ipod did not tell or notify about change in connectors - still using my 1st gen ipod in...
  1 day ago by A
  
  in Apple is screwing us again - cases and chargers edition
- Thanks for having a great contest! Crossing my fingers that I win...
  3 days ago by Lauren
  
  in Win an iPhone from BabyGotMac!
- I've entered and am crossing my fingers!!
  4 days ago by Slurpee Fan
  
  in Win an iPhone from BabyGotMac!

BabyGotMac

Mac stuff that gets you sprung!

Jump to original thread »

Author

‘Perils in Parallels?’, asks the Washington Post…

Started by scottmcdaniel · 10 months ago

No excerpt available. Jump to website »

4 comments

Banitsa
2 years ago

As I read the article, the author was saying a hacker could drop code into OS X and compromise the guest OS. This is not a Windows bug, but a potential problem in Parallels. Lets say a hacker dropped a hacked version of a system driver onto OS X and adjusted the startup scripts. OS X would execute the code at the next startup. Nothing to do with Windows.

Lets hope this never happens.
p.s. I use a mac not windows.

reply

Brian
2 years ago

Banitsa: I don't believe that's what is being implied at all. The scenario is that Windows malware could be made smart enough to figure out that it's running in a Parallels VM (which wouldn't be hard to do), and could then use Parallel's GFS feature to get root-level access to the Mac OS, wreaking whatever havoc the writer could figure out how to create (drop a payload for later delivery, figure out a way to propagate itself, wipe the drive via a UNIX command, etc.).

I can't see how people believe this is a problem for Microsoft, rather than Parallels. It's Parallels, not Windows, that is granting root privileges to the Mac environment. Parallels should shut the feature off by default, and should go to some length to make the user aware of the hazards of turning it on. Too many people are going to start from the assumption that their sandboxed Vista VM is safe and can't touch their Mac stuff, which appears not to be true at all, with GFS on.

reply

Banitsa
2 years ago

Hi Brian,

in your 1st paragraph you have said exactly what I mean, just a different way. i.e. a hacker could drop a new OS X program into the system via windows.

Parallels needs to bolt that door up.

Victor

reply

Graham Fluet
2 years ago

Unless you have Parallels running as root, you would get a request for password from OS X when Windows tries to do anything funny with the libary or the system, if you are a LUA then also with the applications folder, and some places in your home folder. so, unless you just type in your password in the dialouge box then click OK without looking, it should be OK.

reply

Add New Comment

Returning? Login