Big security risk with global sharing

re: cats and dogs and how they can scratch about at times

These are all your opinions about the inherent dangers of Global Sharing, my perspective is different. I don't see any inherent danger, maliciousness or evil in the implementation -- just a different design decision than what some of you think should be done. But the truth is also that this decision is part of what makes Parallels unique. You think that uniqueness is bad, I don't see it that way. You think Global Sharing should be disabled by default -- and accompanied by stringent, dire warnings of the impending doom it might cause. I think it should be enabled by default (as most want it) and I think that the current warnings are pretty good (for an RC), and will undoubtedly be supplemented in the GA documentation so that they are more than adequate for the task of providing information. But regardless of what you and I think, in the end, the choice really lies with Parallels, doesn't it?

 

It bypasses the Windows firewall, too.

 

Yes, the global shares and shared folders and shared in a different why that doesn't require the network which I'm absolutely fine with, just think users should be warned about it.

With Shared Folders, it isn't so much of an issue. I had to explicitly share folders I wanted the VM to have access to. With the global share it was automatically enabled when you ran the first beta with it in. Only find it by digging through network network locations on XP one day.

Cheers

Russell

 

It is unsound debating principles to redefine entirely what people are saying. Instead of attempting to redirect the debate to your advantage why don't you truthfully and completely answer the questions:

Is it possible for properly constructed Windows malware to harvest information on the Mac file system from the root level to the lowest level, including all user readable remote mounted file system, can a Windows malware copy entire Parallels virtual machines to remote location where they may be installed and run at the thief's leasure, and can a Windows malware plant a native OS X appliation be it binary, Perl script, bash script, in the user's OS X home directory or other writable OS X directory such as /var/tmp, and then modify the user's OS X shell rc file so that it will execute the planted code the next time a shell is started, and can a Windows malware delete from the Mac file system any or all user writable file or files and directories in any directory under the root directory including any user writable mounted file systems? Yes or no?

Yes or no? Just yes, or just no.

 

Exactly what can be done on Windows can be done on Windows.

You don't like that. Others find that acceptable.

 

That was never the problem - others, and many of them, didn't know the situation existed. The good news is this topic has left the room and is now in the blogosphere. Google "Parallels security" to see extended discussions and even references to this thread. Thank you for your help in getting the word out there - we couldn't have done it without you.

 

Please don't blame me for your obsession. That is your own crusade/jihad. But I am glad that you have things that interest and occupy you so thoroughly.

For me, I'm just using Parallels in support of my work and am thoroughly enjoying that!

i wonder if any of THAT sort of message is getting out to the blogs...

 

I didn't blame you for anything - that was a compliment. You helped keep this topic alive. Seriously, it would have died off weeks ago without your input. I appreciate that.

For your second point, it is - and I have and continue to spread the word that Parallels is an excellent product. My wife and I use it every day. My glowing praise of it has generated a lot of sales, in fact. I've demo'd it countless times to friends and co-workers, and to perfect strangers who see me running Windows on my MacBook Pro. They are stunned by the speed and ease of use, and being in the Seattle area as I am, many computer literate but Microsoft centric people were seeing it for the first time. To be honest it is really easy to impress people with this product. It is quite fun to watch the lights go on as they realize the significance of that they can do with their own computing universe. And when they ask if the Mac is vulnerable to Windows viruses I say "no, not if you set it up right". Thanks for asking.

 

I really don't understand why their is so much hostility from some individuals, regarding DKP's suggestion that Global File Share should be set by default to OFF.
The overall integrity or quality of Parallels' product will not change for the worst, and can only help new users (like myself).
I am thankful for this thread, as i did not understand the (potential) consequences from having this switch on, and have now switched it off!
And i would have thought that constructive critism (which i consider dkp' s suggestion to be) is more than welcome when regerding a Beta program?

 

Hostility? About the suggestion for a setting? No, it's not hostility and it's not about the suggestion -- at least not for me. It's about the adamant and personalized ways in which the accusation was raised that people who don't agree with that suggestion don't know the issues, don't care about security, etc, etc. A difference of opinion is one thing, even a strong difference in opinion. I have not only have no problem with ANY of that, I welcome it and am used to it in my professional field.

FWIW, I said before:

"These are all your opinions about the inherent dangers of Global Sharing, my perspective is different. I don't see any inherent danger, maliciousness or evil in the implementation -- just a different design decision than what some of you think should be done. But the truth is also that this decision is part of what makes Parallels unique. You think that uniqueness is bad, I don't see it that way. You think Global Sharing should be disabled by default -- and accompanied by stringent, dire warnings of the impending doom it might cause. I think it should be enabled by default (as most want it) and I think that the current warnings are pretty good (for an RC), and will undoubtedly be supplemented in the GA documentation so that they are more than adequate for the task of providing information. But regardless of what you and I think, in the end, the choice really lies with Parallels, doesn't it?"

 

I just re-read Goron's original post #1 in this thread and I didn't see any of that. You've somehow internalized the suggestion and rolled it into that which it is not. Secondly, the series I offered of possible exploits a Windows malware can do to OS X is not a matter of opinion, but a matter of undisputable fact. And people have a right to know so they can make the best possible choices for themselves.

Where my opinion comes it is the feeling that Parallels owes a better explanation of this potential security hole to the users, and that I feel the default condition should be to have global sharing disabled, not enabled. That's it for opinion here.

Have we come to a point where we cannot make rational, honest statements of fact and base an opinion on them? It is fine that your opinion differs from mine, but recall from your training that opinions are neither right nor wrong, but only held in higher or lower regard by the audience who takes the time to judge them. If we never air them they cannot be considered and that would be the greater loss.

The best possible news is there are at least two well-represented opinions to do with this subject, and examples of why they should be a concern have been provided. If you have verifiable examples of why they should not be a concern then I for one would be interested in hearing them. If you believe my scenarios to be impossible to implement then you will really have my attention. But if your entire argument is only that a well-secured environment will protect you then you are whistling past the graveyard.

 

That's correct. I didn't either -- in that post. And the comments to which my note were directed didn't concern that original post either, but specific additional posts that came later on in the thread. Such as...

That's one of the "lighter" comments that have been seen by me and others as beginning to be hostile and personalized. And that didn't originate from me.

If I were to continue in THAT vein I might ask rhetorically:

Are you really scared by a graveyard?
or
So in what way does a graveyard need to be secured?

But none of that is the point is it?

Yes, two clear statements of perspective and, in the end, the decision will be Parallels based on whatever critieria they think are most important.

 

I presume you are not aquainted with the phrase - it did not originate with me, of course. I'll try not to include such objet d'art to my writings if it confuses you.

 

I think it's possible that you're confusing me with you. I'm not at all confused by what you've posted.

 

Stop the VM, if it's running. Edit/Shared Folders and then uncheck "Enable global sharing..."

 

Coupla things:

Your inner PeeWee Herman is showing, you're now reduced to bickering, and you've inarticulately avoided my questions from a couple posts up as you have all questions asked of you. We can not advance this further as you are not holding up your end.

 

Again, you're looking in the mirror and seeing yourself.

I already replied about Windows being Windows and knowing those risks and accepting them.

 

Yah - I see you went blogging today and spread that message far and wide. So would that be an obsession or a Jihad? I just wish you had more to offer than empty assurances and a personal testimony that reads like a Billy Beer lable (http://en.wikipedia.org/wiki/Billy_Beer). There's got to be more to advocacy than comforting the patient. Folks are going to need answers when the next VLM-like virus comes out of nowhere.

 

Is it possible for you to not personalize your posts?

I've given the information about what I do to protect my system and the systems that I configure. You don' t like that stance, believe it's dangerous, whatever.

There are two perspectives here -- as you said. Why is it so difficult for you to just let that be?

 

Sorry, my friend - I just thought it was consistent with your suggesting I was on a Jihad. I like a double standard as much as the next guy - which shall we use?