SmartStart - How to Disable? Security Concern

Discussion in 'Windows Virtual Machine' started by DerekS, Jun 8, 2007.

  1. DerekS

    DerekS Member

    Messages:
    60
    SmartSelect - How to Disable? Security Concern

    I was quite dismayed to discover all of my Mac applications accessible from inside of Windows.

    I realize for some folks this is a feature, but for me it's a big problem.

    I use Windows to run a couple applications only. I consider Windows an untrustworthy environment, and part of the reason I run it in a VM is to make the whole experience more secure.

    I do not want this cross-pollination between Windows and OSX on my system; I just want to be able to run XP safely and drag files into/out of the VM when required.

    I tried setting security to high and that didn't change it.

    Can someone help?

    Edited by Andrew @ Parallels:

    Please download latest Parallels Desktop 3.0 Build 4560 update:
    http://forum.parallels.com/thread14504.html

    It includes many bugfixes and improvements for SmartSelect feature and it is also support SmartSelect disabling option.
     
    Last edited by a moderator: Jul 18, 2007
  2. Sir Atilla

    Sir Atilla Junior Member

    Messages:
    10
    SmartAssist

    I think the ability to control this feature is necessary. I have office installed on the OSX side and 1 VM with Office Viewers installed. If I start one of the viewers then the next time I launch a say a Powerpoint file on OSX it wants to the launch the viewer. Going through I can delete the alias in "Windows Applications" which resolves it or doing a Get Info on the OSX side and changing the default application. I don't want to have to do this every time I launch a new VM and and applications that may open a file I have on OSX.

    I find the lack of control of this quite disturbing. I hope I am over looking something.

    Carlin Smith
     
  3. dkp

    dkp Forum Maven

    Messages:
    1,367
    One way is to uninstall Parallels 3.0 and re-install Parallels 2.5. Another way is to uninstall Parallels 3.0 and Install VMWare Fusion. This will probably be my solution if it cannot be shut off.
     
  4. Sir Atilla

    Sir Atilla Junior Member

    Messages:
    10
    The easiest way to shut it off is to do a manual install of Parallels tools and de-select that functionality. Parallels won't do it then. At that point it is totally off but I would prefer that until some fine grain control can be created.
     
  5. dkp

    dkp Forum Maven

    Messages:
    1,367
    That didn't work here, so I uninstalled Parallels Tools and re-installed it with all the dangerous stuff unchecked. That didn't work, either, so I shut off Parallels and am going to request a refund. What an idiot thing they've done here.
     
  6. Andrew @ Parallels

    Andrew @ Parallels Parallels Team

    Messages:
    1,507
    dkp,

    Could you please clarify your concern with shared Mac applications? What harm can be done from Windows using native Mac applications on Mac side?

    PS: Anyway we will add an option to disable it in the nearest update.

    PPS: Pity no one from beta testers complained about this.
     
  7. SnakeEyes

    SnakeEyes Member

    Messages:
    33
    I don't see what the concern is. Those links simply allow for the launching and opening of files (there are probably other nice uses I haven't discovered yet) from the Windows Desktop for those that want interoperability. Everything of importance is still being handled on the Mac side so any vunerability would have to already exist on the Mac side and if that is the case you are vunerable with or without Parallels or it's feature.
     
  8. dkp

    dkp Forum Maven

    Messages:
    1,367
    Let's try this: I see from the list of SmartApps that the OS X terminal program is listed. Let's assume one other non-essential thing: Global or local sharing is enabled. Suppose the VM is infected by a well-crafted Windows virus that copies a Linux vm to the user's OS X home directory. Trivial thing to do, I think we can agree. Then suppose that virus uses the OS X terminal to launch that Linux VM. Think of the things that can happen next.

    All the security issues of Global sharing are apparently magnified by this new feature, but global sharing is not needed to create mischief.
     
  9. Sir Atilla

    Sir Atilla Junior Member

    Messages:
    10
    Concerns

    While not addressed to me I don't have a concern so much with the applications showing up in the Windows Start Menu - just don't see a value in it either at the moment. I am much more concerned with the VM apps being automatically assigned to open up my native OSX files.

    Thanks,
    Carlin Smith

     
  10. dkp

    dkp Forum Maven

    Messages:
    1,367
    If you have global sharing enable then Windows has all the same access to your Mac that you have. A Windows virus can copy your VM's to a remote site where they are loadable and executable, for example. Certainly any data you can read is wide open to a Windows virus. This extends to any shares you have attached to your Mac on your local network. If you have only local sharing enabled then the scope is reduced to your account and home directory. With SmartStart the rules change and while this is untested, I don't see why Windows can't start an OS X terminal or any other application including one the virus installs, and feed it a script that can do anything the Mac is capable of.

    But you know? I may be wrong. But this article is worth reading:
    http://blog.washingtonpost.com/securityfix/2007/02/perils_in_parallels_1.html
     
  11. Andrew @ Parallels

    Andrew @ Parallels Parallels Team

    Messages:
    1,507
    Sir Atilla,

    1. Automatically assigned only those documents which didn't associated with any Mac applications. Such as XLS (if Office for Mac is not installed).

    2. Even if you don't like it you can right click on running application in Dock, click SmartSelect and switch all assosiations with Windows applications off.
     
  12. Andrew @ Parallels

    Andrew @ Parallels Parallels Team

    Messages:
    1,507
    OK. I see it will be able to launch empty Terminal in Mac. But how it will issue any comands to run in this terminal (to run Linux VM for example)?

    PS: Anyway thank you for feedback and your position. If it does worry someone we will make an option to disable it in the nearest update.
     
  13. dkp

    dkp Forum Maven

    Messages:
    1,367
    Which of the following is wrong:

    Using a Windows malware executable program:
    1. It is impossible to start an OS X AppleScript file from Windows
    2. It is impossible to start an OS X Perl script from Windows
    3. It is impossible to start an OS X shell script from Windows
    4. It is impossible to start an OS X application and give it a file to load and operate on
    5. It is impossible for Windows to install an executable in OS X and launch it
    6. It is impossible for Windows to launch scp in OS X and copy entire directory trees to a remote site
    7. It is impossible for Windows to install a vm appliance in OS X and launch it
     
  14. leaseme177

    leaseme177 Bit poster

    Messages:
    3
    HELP - I THINK it is SMARTSTART

    Not a techie -

    I use parallels infrequently for 1-2 apps. I just installed 3.0 (thought it would be a better user of CPU- it is not - still very slow) - problem - when I try to click on .doc file in OSX Mail - it opens parallels and trys to open word - my computer is so slow - I just want it to open in Word (on the OSX side) - ditto when I am using spotlight - how do I disable this effect - need help quickly!!!:mad: :mad: :mad:
     
  15. Andrew @ Parallels

    Andrew @ Parallels Parallels Team

    Messages:
    1,507
    To do all of the above you have to open Global or Local sharing. But

    1. Using security slider you can disable all kind of sharing (Local, Global, Reverse and so on).
    2. By default Mac sharing to Win is disabled.

    So malware won't be able to transfer any malicios script to Mac side to execute it there.

    PS: And even more - all Mac applications are started from Parallels with current Mac user security permissions. So if current user is not root - it can't do any real harm even if Global sharing is enabled. Mac OS X embedded security will take care of it.
     
  16. Andrew @ Parallels

    Andrew @ Parallels Parallels Team

    Messages:
    1,507
    Try to click on menu Applications->Reset Windows Applications. It should clear SmartSelect assotiations.
     
  17. DerekS

    DerekS Member

    Messages:
    60
    Can someone confirm or disconfirm that doing the custom install of parallels tools stops this behavior? I have already rolled back to 3188 (and downloaded VMWare, though I don't want to use it.)

    To the parallels folks, let me make something very clear:

    I never want Windows to have access to my Mac in any way.

    Frankly I am shocked this feature made it in without a toggle and security warning; I thought you guys learned from the backlash on global sharing.

    As for the comment that nobody in beta complained - clearly the beta program was not wide enough.
     
  18. dkp

    dkp Forum Maven

    Messages:
    1,367
    I remember reading something about sharing being disabled by default now. Interesting thread. But maybe now it doesn't matter.

    So I wonder if it is true that it is impossible for a malware program in Windows to execute wget or curl or ftp or scp in OS X and download to the OS X file system from the internet a file called UROwned.pl (just a made up name), and then execute Perl in OS X to run that script? I will leave it to the reader's imagination what such a Perl script might do.

    If that is impossible then surely it is impossible for a malware program running in Windows to launch something like bash -e "rm -r ~/*" in OS X. But if it could, that would be a pretty interesting thing for it to do, wouldn't you say? Some might think that would be creating real harm.
     
  19. DerekS

    DerekS Member

    Messages:
    60
    I agree. In addition to the security concerns, I just don't want the feature. I don't want automatic, cross-os file associations.

    The main reason I upgraded to this release was to (hopefully) get some relief from the "unexpected shutdown syndrome" of Parallels dying when debugging ASP.NET apps in VS.NET 2005.
     
  20. Sir Atilla

    Sir Atilla Junior Member

    Messages:
    10

    Correct which is why I never enable global sharing. Now that I have just altered my tools install to turn off shared applications etc I am satisified with the configuration.
     

Share This Page