Big security risk with global sharing

OK you guys win. I was totally wrong. I went to this site with IE 7 in my XP VM, and out of the blue my virus software went crazy, about some trojan.bot.firewall.eater.script.mal.exe trying to acces my files. Next thing I know, my Mac starts getting these crazy errors about the drive being out of space. Then my XP VM blue screens, and 5 seconds later my Mac "Grey Screens".

So I force it off and try to reboot, and it says it can't find file mach.dll? Whatever that means. So then I try to reboot, and the battery burst into flames, and my MacBook Pro goes up in smoke.

So I call Apple and they tell me that they don't support Windows problems.

I think this is all Paralles fault for forcing me to use this BETA software, and adding all of theese "features" to make my life "easier". If I just would have listened to you all from the get go, I would have never had this problem.

Today I am going out and replaceing my MacBook Pro with a brand new calculator with "Touch sensitive" buttons. I realize I will loose some features that I would have with a full blown computer, but at least I will be safe. And instead of the internet, I will do all of calculations, and then write a letter to someone and mail it to them.

HaHa virus/script kiddies... I win. I bet you can't get me now!

That's wierd? My calculator is saying something about missing hall.dll? Whatever that is? Can't be serious thow, I have the firewall turned on, and my files are now all hand written in a fileing cab...

OH SHIT, MY OFFICE IS BEING EATEN BY A BIG PAC-MAN LIKE VIRUS!

DAMN YOU PARALLELS! DAMN YOU!

 

Not funny, neosublime. The problem is real. I absolutely NEED a sandbox environment in which to run a guest that may self destruct and try to take everything it can find with it. I can't trust a partial solution. The ONLY acceptable drag and drop solution is one that requires physical action to show operator presence. Anything that CAN be accessed by ANY software running in the guest is totally unacceptable and must be disabled. There is no half way solution here. It's safe or it isn't. The hackers are smarter than I am if for no other reason then that there are more of them and they spend all their time trying to find ways to attack me and I have to react.

Others may just want to pretend Windows apps are really mac apps, including all the eye candy, but this is useless to me. I need a totally isolated virtual environment that absolutely CANNOT damage the host, period. This is not a theoretical or statistical issue.

If you can't see that, then you really need to look around to find some folks whose requirements are different form yours. There are lots of us out there.

 

Then it is up to you to configure your VM according to your needs. You do have the ability to turn off global file shareing. You so have the tools to create a completely sandboxed environment.

 

And all we've asked for (on other threads discussing this) is that in the final release (this is still an rc) not to enable this functionality be default, so at least the user can be warned when enabling it about what it does exactly. I'm not saying remove it from the product, I'm sure many people like it. For me, I'm happier with the global option disabled and Parallels using the previous method for dragging and dropping files which didn't involve a share at all.

Cheers

Russell

 

The point is that they do not have to know you are running Parallels.

There are viruses out there that already infect files over open SMB shares. While the Mac could not catch the infection, it can be a carrier. As soon as you distribute an infected file you get blamed by your friend for trying to infect them (or worse: it infects them and they don't even know it)

Parallels is being marketed as being "easy to use" and "for the masses". If this is true then it should at least (by default) be secure, like most other unix-y software. I can see someone who knows nothing about VM software running this without a virus scanner, getting infected on the Mac side, and blaming Parallels or even worse: assuming all VM software has holes like this.

 

The point here is that with care and caution these problems don't GENERALLY occur and, if they do, you should have a backup strategy in place that lets you be "up and running" within 1 hr. If you don't, you're really not taking care of yourself, your equipment and your customers.

And let's be clear. That Unix script is a problem NOT because of Windows but because of Unix underlying the Mac OS

The defautl should be ON for file sharing with a warning about what to do to turn it off IF you're concerned or, as I would say, overly paranoid because of what others having been saying to scare you -- and Parallels -- away from this really creative, intuitive and amazingly useful way of having two competiting OSs work in the same box, at the "same time", transparently.

 

I'm always amazed at what can be accomplished with a little ignorance and penchant for mediocrity.

 

I find this thread very confusing. It is CLEARLY a mistake to allow unrestricted access to the mac filesystem from guest VMs UNLESS the user is well-educated in secure networking. Parallels is a product intended for easy use by technically unsophisticated users. This functionality should be disabled by default and should require scary-looking warnings to be read before it is activated.

The vast majority of modern security problems are NOT programs that maliciously destroy data; they are programs which attempt to hide themselves and leave the user alone, while taking advantage of opportunities to gather personal data, infect other machines, and possibly transmit spam.

I run restrictive firewalls in my virtual machines, and I keep the logs. During the past two hours, this Debian GNU/Linux machine has blocked 28 attempted connections, of which several are clearly malicious. Many of them are "fishing expedition" requests for common administrative filenames using various file-sharing protocols. Since there is no file sharing between Linux VMs and OS X I have no risk in this regard, but it would be a different story if I used Windows and shared file access.

 

It sounds like you are not confused at all and understand exactly the problem some here are trying to downplay. Thanks for your timely real-life experience and I agree it is an unhealthy thing to set up people of every skill level with this kind of breachable security hole. The proliferation of Windows drones and spambots, a growing problem, should be the kind of self-evidence that would sway even the most staunch Parallels apologist. Hopefully the debate will provide thinking people with some reasons to question the wisdom of what the developers have created here.

 

Gee, I run similar programs on Windows and also catch the nasties. That doesn't really address the issue does it, because the issue is interoperabiity. It seems that you really want to constrict it, label it as inherently dangerous or otherwise criticize Parallels for releasing it. That's striking -- and committed. If safety were really your interest it would be best to suggest what users could do to actually protect their systems IF THEY WANT TO USE THIS FEATURE. Instead you're lobbying very hard for its essential removal.

Post productively about what to do so as to make this feature as safe as possible -- if you're interested in helping people protect their systems IF THEY WANT TO USE THIS FEATURE. That would actually be helpful...so, is that what you want?

 

I'm calling for its replacement, not removal - 'it' being the drag and drop methodology. The global share has no other reason to exist. Do try to follow the conversation.

Edit: I was disrespectful in my unedited response to Dr. Brown. He and I see this problem from two perspectives but both find a benefit in the objective of the Parallels team to provide a useful functionality. This disagreement does Edit: Not! open the door for disrespect.

I'm confident he feels as I do that any constructive conversation on this subject that reveals both the risk and the benefit of the path the developers have chosen is in the best interest of the reader.

 

drval's claim...

If you believe that myth -- that Macs haven't been penetrated because of their smaller market share -- then you would have to believe that not one competent hacker is interested in hacking into the advertising industry, Apple, Inc., the music industry, the movie industry, the publishing industry (including virtually every magazine and newspaper in the Western world), the television industry, the Human Genome Project, the National Laboratories, JPL, the Naval Research Laboratory, CIA, NSA, FBI, Department of Defense, the National Institutes of Health, the Space Telescope Science Center, NASA... and the list of high-profile Mac users goes on and on.

I am familiar with the experiences of certain of the above listed organizations, and the Macs in those organizations have been probed and subjected to penetration attempts tens of thousands of times, but not one attempt has succeeded. In the Windows world there have been successful attacks against specialized server software used by fewer than 1,000 computers on earth; a small user base doesn't seem to deter Windows hackers.

What conclusion am I to draw from this?

*****

"Yes, PC World is produced on Macs." http://www.pcworld.com/article/id,114464-page,1/article.html

 

I don't think windows in an inharently "unholy" OS...

However, if you have a box at home running Parallels the OS that is most likely to get infected IS Windows.

Properly administered, windows can be as secure as anything else... however this is not the problem.

Parallels is marketed towards people who do not know what they are doing. The ad at the top of this page says "Its EASY!". Those people do not need the added hole of Windows being able to mess with their Mac's filesyetem, because they probalby know very little about administering Macs as well...

I think the idea is wonderful. Drag-n-drop is very useful, however the implementation needs to be re-done. They __CAN__ do this without using a global SMB share.

 

Wow, hold up. If the WHOLE point is that there are current Windows users who want to run Windows apps on a Mac platform -- don't you think it's POSSIBLE that they may actually know just a little about the need for anti-virus, firewalling, anti-spyware and such? And if these users are Mac'ers who want to run some form of Windows app, don't you think they've heard about the DIRE PROBLEMS posed by "Windoze"?

Come on, who's trying to "protect" whom from what exactly?

 

What we know is you are not. The threat is absolutely real. Ask your self, Dr. Brown - is 3120 more secure because they have opened up the root folder of OS X and all it's contents including attached file systems to Windows, the most hacked OS in history, or is it not? I assure you, sir, it is not. There is nothing you can contribute that can refute that absolute fact. It is characteristically impossible to create a security breach of this scale without there being a down side. If you cannot see it rest assured others can. We do see it and we have vocalized our feelings. Your playing it down will not nor can silence it. The very earth is tumbling off it's axis from the rolling of eyeballs in the circle of computer security professionals who cannot fathom what the otherwise sane engineers at Parallels were thinking when they dropped this stink bomb on paying customers. It must be replaced and if not in the next release a mea culpa presented to the public that this feature represents a security breach of unheard of scale.

This methodology, whether you or I agree, will never make it in the market place. Ever. No company is so stupid as to allow this on their extended intranet. It is dead on arrival. Still born.

 

You sound like you might be working for or with some competitor, like VMWare and are HOPING that this feature won't go into general release -- because you can't actually compete with it. Those of us who've been around for awhile have seen the strategy. Raise an issue -- that relates to a core feature of a competitors product -- and insinuate that under no circumstance can that feature EVER BE USED SAFELY, or that it's hopeflessly "buggy" or no one in their right mind would want it or, or, or...All the while distracking everyone from noticing that this supposedly catastrophically aweful feature simply isn't available in the competitor.

I've given the very clear ways to deal with the issues posed by Windows security problems IF one wants to assume the use of global drag and drop. You simply don't like that solution and that's fine -- then don't use it. Do something else instead. Post your recommendations of what you find to be a more reasonable, safer, saner -- whatever descriptor you like -- way of working. That would be a real benefit.

But stop trying to scare others who don't know better than to be scared by your preferences or sensibilities not being agreed with.

 

You might be interested in looking at:

http://blogs.zdnet.com/Ou/?p=165
*/ and follow ALL of the links to see ALL of the controversy surrounding even this article, eg /*
feed://osvdb.org/blog/?feed=rss2&p=93
http://securosis.com/2006/11/20/mac-vs-windows-security-its-a-whole-new-game-and-doesnt-matter/
http://www.kernelthread.com/publications/security/uw.html
http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html
http://www.xvsxp.com/system/security_local.php
http://www.matasano.com/log/644/safety-vs-security-2/

The URL is good IMO for pointing out the difference between safety and security as well as indicating that talking WITH EACH OTHER is far preferably to throwing around slogans and, thereby, not actually carrying on a dialogue.

 

For the record:

I actually WANT drag-n-drop to work.

Here is a suggested alternative:
Run a FTP server on the Windows side that has been modified to also take in curserXY.
On a drop, send the file and the curserXY to the ftp server, which then recieves the file into a temp location then moves it to the directory under the curser.
The FTP server can be hard-coded to only work with the IP of the host machine, to make sure there are no security problems.

This would get the same functionally, without the global SMB share.

 

And if that's how you want to implement that kind of functionality then do so; however, the majority of users will NOT be able to setup such an arrangement. For them the far better approach IMO is to implement COMPLETE Windows security arrangements (anti-virus, firewall, anti-spyware), and use backups regularly.

And I'll continue to use Coherence ans well as global drag and drop because they are central features for my experience with Parallels and the development work that I do.