Yes, I think that's fair---except for the fact that SMB file sharing on Mac OSX uses a password system that is less secure than Mac native passwords. But in general, yes, I did not mean to suggest that a WinXP VM could somehow end up corrupting your Mac OSX host. I just mean that your VM could get hacked just like any other Windows machine
I'm not sure I understand this. I have SMB service running between Mac OSX and the WinXP guest right now. It works perfectly. Furthermore, SMB is being served only through the Parallels host-only network so it's secure from outside attack.
Agreed. But I think you might be confusing terminology here. When I say host only I am talking about the network connection, not the file service. Parallels Shared Folders or (PSF) is the proper name for Parallel's file service. I do agree, though, that currently PSF is buggy and slow and SMB works better. I have disabled PSF altogether and am running SMB right now.
Nothing I am suggesting prevents that. I have a totally secure SMB connection between MacOSX and WinXP right now, and my WinXP guest is free to surf the Internet and connect to other SMB shares. Perhaps I wasn't clear, but my solution is very specific and minimal---it's objective is simply to prevent Mac OSX's SMB service from being visible to the Internet while it is serving your Parallels guests. That's it.
Ah, OK, I think I see your point. If you need inbound access to your Windows guest, then using a host-only network by itself is not going to work for you. You are right.
However, you can still use the firewall approach I talked about: configure your Mac OSX firewall to serve and respond to SMB/NMB packets only to/from your guest VM's IP address. Outside Internet users should not be able to detect that you are offering SMB service on your Mac at all. And the Windows machine will have the same access it has always had.
Ideally, it would be great if Parallels would allow you to create two network adapters on your guest VM: one host-only networking adapter and one bridged networking adapter. Use the bridged networking adapter to get all of your regular Internet service, and use the host-only network to do host-guest communication. Set up SMB service on MacOSX to serve only that adapter.
Alas, I don't think that's currently possible. It ought to be, though!
Last edited: Jun 28, 2006