Big security risk with global sharing

Discussion in 'Parallels Desktop for Mac' started by goron, Jan 24, 2007.

  1. drval

    drval

    Messages:
    490
    So is it possible that if the relevant apps "play well" with NAT that this COULD BE a possible solution, depending on local utility of Shared Networking?
     
  2. Resuna

    Resuna

    Messages:
    54
    Windows services are not designed to work in a hostile environment. They need at least a packet filtering firewall to block access to listening ports that SHOULD BE bound to localhost only, and Shared Networking provides that. The extra "stealthing" you get from NAT is a secondary bonus. An external firewall is better than an internal one because it can't be disabled by a stealthy piece of malware, but security is like sex... once you're penetrated you're ****ed... so that's a less important issue.

    I would only enable bridged networking on an environment that was either not connected to the Internet or where the entire network was firewalled, and I knew I needed it. It shouldn't be the default. Host-only networking with proxies running on OS X would make me even happier, but then I'm a proxy-loving bastard.

    This is not "the solution", it's a part of the solution, along with things like... not trusting the Parallel's environment, not using dangerous programs inside it, and using the virtual disk mechanism to make snapshots of your boot disk so you can revert to a known good state easily.
     
    Last edited: Feb 12, 2007
  3. drval

    drval

    Messages:
    490
    And this is all of the rest of what I've been saying about these issues throughout this discussion.

    Perhaps our perspectives are not really all that different when everything is taken into account. You do seem to like "proxies" more, and that's fine. I didn't include that comment in here but the point is well taken.

    It is a total solution that is important, not just a single setting within a beta/RC release of Parallels.
     
  4. dkp

    dkp

    Messages:
    1,367
    The shared network method does nothing to prevent inexpert users from downloading malware in a browser, IM exploits, and other interactive application exploits. This is a very big problem at home when you have kids and computers. A VM should be a good way of reducing problems of this kind - get an infection? Throw the VM away and import the master backup from DVD. And I'll bet a lot of people think (well, because it says so on the home page here) that the Parallels VM's provide that isolation. And we know they don't.
     
  5. Resuna

    Resuna

    Messages:
    54
    Nothing will but getting burned a time or two.

    Where precisely did you get the idea that I have said anything different?

    Eg:
     
  6. dkp

    dkp

    Messages:
    1,367
    I didn't - I was re-enforcing my own point. You and I are on the same page.
     
  7. drval

    drval

    Messages:
    490
    And this brings us back to the central point concerning Windows itself, the inherent vulnerabilities there and how to resonse to using Windows in particular.

    Jumping into THAT pool does involve getting wet. How one wants to approach that experience of "getting wet" is what really counts. Personally I wouldn't -- and don't! -- use IM in Windows, nor would I drag an attachment off to an application unless I had requested it from someone else and knew what it was, what it was supposed to do, etc.

    Some of these "rules of thumb" concerning Windows use itself are important to emphasize REGARDLESS of what Parallels or other interoperability platforms decide to implement.
     
  8. dkp

    dkp

    Messages:
    1,367
    Returning to this now that I have a bit of time, because it opens a topic I've been interested in...

    A real market for virtual machines is in the home. If kids are restricted to sandboxed vm's the damage their activities can bring to the home computer are minimized. The trashed vm is tossed out and quickly replaced with a fresh clean copy. The vm lets such users re-evaluate what is acceptable risk - the vm is a throw-away commodity like an empty peanut butter jar that having served it's purpose is tossed out. Safe, convenient, hassle free. This is a compelling argument for vm's in the home with pre-teens. And if the parents are convinced the host system is safe from harm they will happily purchase the hypervisor. This is basically a virtual appliance. A kid-proof computer solution that is cheap to maintain, convenient as rechargeable batteries, and harmless to the host system.

    It's a good market niche, a good idea, and a good product that unfortunately has a misleading brochure, thanks to global sharing. It shouldn't be easy to touch the host system from the vm - it certainly shouldn't be a default condition, and it shouldn't be so easy to get burned if you've followed the instructions.

    While I don't think you and I disagree on this, there are those who do disagree and I find that perplexing. Parallels comes very close to filling the bill for this market space.
     
  9. dm3

    dm3

    Messages:
    46
    You could use VMs for this, however I prefer to use Mac OS X itself. Unlike in Windows, you can effectively use userids in Mac OS X to install their own applications, configure their own desktop, have their own data files, without affecting or disrupting the rest of the system. If they trash their account, you can delete it and create a new one, or try and fix it.
    Plus the parental controls in Tiger and Leopard can also be helpful.
     
  10. dkp

    dkp

    Messages:
    1,367
    OS X is hardly kid proof. Nor is Windows - what makes it work is have the kids play in a sand box and have the ability to toss it all out and replace it with a fresh copy. You wouldn't even need to run an AV tool. In a world of throw-away cell phones, use-it-once cameras, etc., why fight an endless battle with black hats?

    Even better is to have a virtual appliance player like the competition so the kiddies don't fiddle with the settings.
     
  11. drval

    drval

    Messages:
    490
    Yes or educate them on how to interact with the Internet and such.

    Both of my daughters have been using computers -- Macs and Windows -- since they were children and we've not had a problem. But, then again, I set some pretty clear boundaries with them both in re: to their computer use as well as in re: to other behaviors, esp those that can infringe on others.
     
  12. dkp

    dkp

    Messages:
    1,367
    Think day-care center or public library, Val. Believe me, there's a market for a kid-proof computer, or one that is lo-maintenance. I'm looking at this as a way to pad out my retirement income next year.

    I'm trying a kind of fun experiment. I've downloaded a VMWare player to Windows in Parallels, and an Ubuntu 'Edgy' virtual appliance. VMWare won't allow the player to be installed in a VMWare vm, but it installs fine in a Parallels Windows vm. Think it will work?

    Hmmm - if you got WINE to support your alphawave analyzer you could build virtual aw appliances with Linux and this stuff and sell the whole thing on a DVD.
     
    Last edited: Feb 12, 2007
  13. drval

    drval

    Messages:
    490
    I think you could probaby disable GFS and enable Shared Networking and you're already pretty far along in your kiddy "sand box" solution.

    Whereas I haven't developed an "alphawave analyzer" I have looked into Wine and, while it's aninteresting program with lots of possibilities for many applications, there are lots of limitations there, esp for a fully deployed solution in our situation.

    But thanks for thinking about and mentioning it.
     
  14. dm3

    dm3

    Messages:
    46
    Specifically, where is Mac OS X not kidproof? Create a non-admin userid for them and it is a sandbox which can't harm the rest of the system.

    Windows since Windows NT has had file permissions. However the convention for installing applications is that everyone tends to write or overwrite files in windows\system32 and various other directories. To install pretty much any application, you must have administrator privilage. Everyone tends to be an administrator. You end up with an unprotected system which can easily be damaged by an application or user.

    On Mac OS X, you can be a non-admin user and still install applications, however they can only be installed within your userid (or a directory to which you have authority, typically not a system directory).

    Assuming that you run users without administrator privilege in Mac OS X, you have a secure system where the user can at most affect their own userid and not damage the overall system.

    That said, many applications gratuitously require administrator privilege to install. Many of these are unnecessary and create security risks. Applications need to be written carefully to allow them to be installed and run with the minimum require privileges.

    If this is incorrect, I'd appreciate links to concrete descriptions of security topics rather than random Windows vs. Mac opinions.
     
  15. dkp

    dkp

    Messages:
    1,367
    Any time you give a shell account on a unix system to anyone it is only a matter of time before they screw it up. If your goal is to have a very low maintenance easily restored environment you can hardly beat a virtual machine. All your OS and apps fit in 4-5 gig, it can be saved to DVD or CD where it is safe from anything but breakage, loss, or theft.

    Pretend for a moment you are a single mom with 2.5 jobs and 2.5 kids. You have little time and less patience with computer problems and your good for nothing boyfriend just sits around the flat watching porn on the cable. This would be a great tool to have, a real time saver, and very easy on the pocket book.

    All true - but it is something you do once then you save it to DVD and you're done.

    And when the kiddies screw up their account, mom has to catch the late bus to job #2 so she can reconstruct the account because "stupid" is too busy watching football highlights.

    I think any application that opens tcp/ip sockets needs a note from God before installing, but otherwise you have good points.
     
    Last edited: Feb 12, 2007
  16. dkp

    dkp

    Messages:
    1,367
    You're welcome. The experiment failed as expected - no vm in a vm, at least with Windows. There goes my retirement.

    Solaris 10 virtual machines (they call them containers) do nest with Parallels, though, but I don't think I'm going to get the Penticton PTA to convert to Solaris.
     
    Last edited: Feb 12, 2007
  17. joem

    joem

    Messages:
    1,247
    Nope. Object lesson. You messed up the computer, and now you're without it until the weekend when I have a chance to fix it.

    Number of screw-ups per week will likely decline as kids learn to be more careful since there are real consequences for getting it wrong.

    BTW, where do I sign up for the no-good boyfriend who has nothing to do but watch TV all day job? I could forget about all these "discussions" we're having and get on with building my beer gut.
     
    Last edited: Feb 12, 2007
  18. dm3

    dm3

    Messages:
    46
    Can you give a concrete example? I don't see why an account is anymore likely to get screwed up than anything else. Why emphasize "shell" account, I don't expect kids to be running around in a terminal window.

    I must not be getting it. Why is it any harder to restore an account than it is to restore a VM? In either case if you have to wipe it out and start over you've lost whatever customizations and data that have been stored since the last restore. Generally unpleasant. Better to have an environment that can't easily be messed up. A restricted, non-admin account in Mac OS X would be pretty resilient. Of course it depends on what types of applications you want to run. Surfing the web, playing music, videos, some simple games should all be pretty easy. If you want to run games or educational software that only runs in Windows then you have a different issue.

    No. You can install applications locally without admin privilege that open sockets. As an example you can install Firefox in your local account.

    This topic is of personal interest since I've been planning to buy a Mac Mini specifically for the kids because of the ability to have userids that are pretty secure and independent of each other. My 4yr old already has an id on my Macbook. He can't play with my Windows XP box more than a few minutes without trashing the desktop or deleting files. But so far he's done pretty well with his account on the Mac.
     
  19. Resuna

    Resuna

    Messages:
    54
    My daughter is good evidence that it's significantly more kid-proof than Windows... Windows 2000, anyway.

    I got tired of reinstalling her PC every six months, and when I was able to get Jaguar running on one of my upgraded 7600s I gave her the other, then replaced it with a G3, and finally a Mac mini.

    At one point I discovered that she had removed most of the applications she didn't use, including Terminal.app, and was still happy as a clam with the resulting system... though I had to ssh in to reinstall a few of them I figured were important. Including Terminal.app. This gave me an insight into how she'd managed to trash Windows so effectively.

    Yep, she'd been deleting files in "Program Files" and %systemroot% when she ran out of space.

    I've yet to have to do a clean reinstall of OS X on her box. It's got a rather eccentric subset of the standard apps by now, but it's still working fine.
     
  20. dkp

    dkp

    Messages:
    1,367
    dm3 - there are thousands of pages written about the security virtues of sandboxed systems. It is a fact of life that they improve system security by their very nature of isolation. That Parallels makes recovering sandboxed environments so very easy is just one more reason to encourage their use. It is possible to build a local account on your Mac that will give your kids access, and yes, there are methods of restoring accounts, but all local accounts (shell accounts) by their very nature share common resources which can be depleted, abused, or exploited. This is eliminated with sandboxed systems, or better put perhaps, isolated away from shared resources to a sacrificial container that is easily replaced. Sandboxes may or may not be the best solution for you, but isn't it a fantastic thing that Parallels has made them easily available and manageable.
     

Share This Page