I'm running Windows XP via Parallels Desktop 4 on an iMac with Snow Leopard. The internet connection in the Windows partition is disconnected. I do share files between the two systems and of course Snow Leopard is connected to the internet. My question is do I need antivirus protection for the Windows partition?
Probably--Mitigating Risks to Mac Host from Windows Guest With your XP virtual machine not interacting with the Internet, you've greatly reduced your attack exposure. However, as your question implies, you're concerned about the documents and files that you bring into the XP virtual machine. I heartily agree with this concern. Antivirus would scan any of the documents that you brought in for KNOWN infections. Unfortunately, altering the signature of attack code within a document or file is trivial. Doing so ensures that no signature exists for detection. On the plus side, most AV products have some form of heuristics and generic signatures that double protection from recently altered malware. Even so, if your were hit with a targeted attack, your AV wouldn't detect the attack. It might detect the infection days, weeks, or months later. Targeted attacks do not go after consumers. If you're in an enterprise with stuff worth stealing or controlling, then may you might get hit someday. Install Microsoft Security Essentials in your XP machine. Its free for non-business machines with less than 11 employees. As for Mac AV products, I do not know if they are scanning for Windows based malware. And, I do not know how often they update their signatures, as often as Windows AV do. If the answer is 'yes' to these last two points, then perhaps a Mac AV would do fine for both. One of the reasons I am looking through this forum today is because I'm looking for some security best practices guide. You see, if a virtual machine is totally isolated from its host, then the remaining risk from malware operating in the VM is trivial. However, with Coherence/Crystal modes, the guest machine can read/write to the host hard drive and other drives. This represents a major security risk. I believe there's a way to set up a shared drive/directory that both host and guest can access but guest cannot access anything else. To minimize risk, one must find a way to suppress executable/application and script launches from within this shared drive/directory. Why? Because an attack generally needs to drop some executable/application into the environment to do what the attacker wants done. Take this away and there only remains very sophisticated attacks, which represent less than 15% of today's attack vectors in the consumer community. And even if these take place, I presume the Parallels virtualization would NOT allow some executable/application (e.g., Internet Explorer or some unknown executable dropped into the Windows user-space) within the guest VM to alter anything outside the shared drive/directory in the host. So, I'd like to learn more about this from a Parallels perspective myself. Obviously, selecting the settings in Parallels that totally isolate a guest machine are fairly straightforward. However, I don't want total isolation. I'd like to share documents/drives/directories as was as copy/paste among my OS's.
Antivirus software Yes you do need antivirus protection if you wish to stay virus free. Get any good antivirus that is fast and reliable.
