Big security risk with global sharing

Discussion in 'Parallels Desktop for Mac' started by goron, Jan 24, 2007.

  1. drval

    drval

    Messages:
    490
    I have no double standard. I've posted what I do -- you don't like it. You've said that there are two different perspectives here on what is reasonable and acceptable but then you continue to attack in a personalized way.

    Are there two different perspectives that can be understood and respected or is there only one true way and death to the infidels who don't accept that truth?

    If the answer is the former then just let it go. If you don't/can't let it go with that understanding, then at least it's clear to us all.
     
  2. rjbailey

    rjbailey

    Messages:
    22
    Mongo love Parallels Desktop for Mac. Global sharing scare Mongo. Mongo no like global sharing. Mongo turn off. Mongo wish he knew that drag and drop functionality come with downside. Mongo wish Parallels had told Mongo. Mongo not trust Parallels team quite so much any more.
     
  3. cetuma

    cetuma

    Messages:
    40
    When I'm in BootCamp, I don't get a global share. I do however have MacDisk that will give me complete root level access to the drive. With MacDrive, I don't even have to worry about those pesky files that would require me to sudo within windows... I would much rather have my OSX drive be mountable as a drive in Parallels, but alas since it is in use, the closest I can get is a root level global share.
     
  4. cetuma

    cetuma

    Messages:
    40
    That's is exactly why the security of the VM is the issue. If my VM is secure, then there is no way that VM can make the host insecure. Secure VM = Secure Host. Insecure VM = Vulnerable Host.

    I know as long as my VM is secure, it can not be a threat vector against the host. It's that simple. If I control all data and access into and out of the VM, then I can ensure that data is not malicious.
     
  5. cetuma

    cetuma

    Messages:
    40
    I would hope that bridged networking bypasses the Mac firewall. I would be absolutely amazed if it didn't (as well as very upset when I go to run various test within a VM session. If my Mac firewall is preventing connections from coming into my virtual machine there is an issue. The virtual machine should dump the traffic directly from the VM session onto the card, and onto the wire.. Never once should the Mac Firewall change or adjust that traffic. That would inhibit inbound access (it seems absurd that I would have to configure traffic destined for my VM on both the VM and the Mac.) It would keep me from putting the card into promiscious mode, and several other items.
     
  6. cetuma

    cetuma

    Messages:
    40
    Life's not black and white. Even when I've done vulnerability assessments that attempt to quantify the vulnerability, there is no on or off value. Risk=ThreatxVulnerabilityxCost there is no 1 or 0 here.

    I could go through everything that exists in this world, and determine a level of vulnerability for it. As I stated before, a meteor shattering this planet in two is a vulnerability for everything on this planet. The threat of that is low, which is why we don't debate why we need to have risk mitigation in place for a meteor. Yes, global file sharing is a vulnerability. Heck, turning your mac on is a vulnerability. As i've stated before, I think the risk of running GFS on my system is extremely low. I think the risk for that is lower than me getting in a car accident today, or ending in a plane crash while on route to a client tomorrow. If your risk is higher, either because of 'cost' or 'threat' then by all means, turn yours off and reduce a portion of your risk. You may want to get the tinfoil hat out while you click the checkbox to ensure you do it correctly.

    You want a binary argument the same way? GFS is the preferred method of various users to gain the greatest level of access and control to their physical drive within the Parallels VM. True or False.
     
  7. dkp

    dkp

    Messages:
    1,367
    This wrongly predicts that since your vm is secure today, at this instant, it will be secure moments from now. That is simply unfounded wishful thinking for the vast majority of Windows users, and possibly yourself. The reason being is we don't know yet what the next exploit is going to be. The rate of growth of botnets is evidence that Windows security is globally problematic, regardless of how well any of us as individuals secure our systems. When Microsoft releases an out of sequence patch for an exploit, as recently happened, it tells me we have no reason to feel secure.

    I'm pretty good at security management but I don't believe for an instant that I can declare my systems are fully secure very far into the future.
     
  8. cetuma

    cetuma

    Messages:
    40
    Tarzan love Parallels Desktop for Mac. Tarzan love access with GFS. GFS allow Tarzan to quickly swing from tree to tree with no limitations. Tarzan no like limitations. Tarzan impressed with Parallels team for making means to have access to whole tree, not just certain branches and leaves.
     
  9. cetuma

    cetuma

    Messages:
    40
    I can say with near certainty that I will stay secure on my Windows VM indefinitely.

    Here's how:
    1. Only trustworthy software has been loaded on / in the VM
    2. My virtual machine is connected to air-gap networks and / or remains unconnected.

    The increased threat only arrises when people begin to give up control of their system, its applications and traffic. Not running GFS may or may not make you more secure. If I turn it off, i'm not gaining security, i am only losing functionality.
     
  10. dkp

    dkp

    Messages:
    1,367
    Just a nit to pick here. The risk of a major meteroid impact is 100%. A certainty, in fact. In your lifetime? Now we can do the math.

    You are ridiculing a growing number of people when you insert foil hats into the debate. It has no place here. The discussion has always been about risk and exposure. Parallels has increased the exposure, not the risk. The risk is in the operating system and Windows does not have a good track record here, as you know, hence the growing concern as this exposure is, well, exposed.

    It's true, but only because it is the only method provided to have the greatest access possible. That has never been argued. We are concerned only with the impact that convenience may have, and whether Parallels has done enough to educate their users about the potential problems this feature allows. Some have gone on to express the opinion that the default should be to disable this feature. If you've been following this and other threads you know that people are trickling in who say they were totally unaware of this exposure. That is the principle problem to address. No foil hats required.
     
  11. dkp

    dkp

    Messages:
    1,367
    You are individualizing a solution to a global problem. Your solution does not scale in the real world, as you know. GFS increases the exposure and also the opportunities presented to malicious software writers. Users have a need and a right to know this. I doubt you would argue this.
     
  12. drval

    drval

    Messages:
    490
    Actually the solution scales exactly, and in the precise terms that cetuma has expressed. And no one is saying that there is NO RISK AT ALL associated with GFS. The issue is what in other contexts would be called "due diligence" and "duty to warn" on the part of Paralles (and those who produce such software) as well as the "obligation to read and educate oneself" on the part of the those who use Parallels or other such software

    We are still dealing with BETA and RC releases -- clearly anyone who works with software should realize that there are "rough edges" in such interim, works in progress. In particular, documentation is NEVER COMPLETE or thorough in such situations. How could it be? The ground is, quite literally, moving as releases come and the general presumption is that users KNOW IT'S BETA or RC and act accordingly. Moreover, everyone should really be aware of the risks -- and benefits -- of working with WIndows, either in stand alone systems on in those using the interoperability of WIndows in Paralles or similar scenarios.

    None of this is hidden. All of these possibilities have been discussed, essentially ad nauseum at this point IMO.

    What more do you really think should be done besides what you've already said: viz, GFS off by default and some stringent, clear "skull and cross bones" warning messages in place? What about if Parallels decides to NOT set GFS off default but does put in even clearer warnings? Is that sufficient?

    I believe that those who are scared by Windows -- let's be clear by the vulnerabilities of WIndows -- have clearly stated their position. We've heard it.

    Can we please move on?
     
  13. dkp

    dkp

    Messages:
    1,367
    No, Val. The great majority of users are not going to run with air-gap networks.

    That is all that is being asked of Parallels, you know. The only response from them so far has been to insult the users by suggesting this is all hysteria.

    Two statements from the Parallels home page:

    "Parallels Desktop for Mac is the first solution that gives Apple users the ability to run Windows alongside Mac OS X in a secure, isolated virtual machine."

    and

    "New! Updated with the great new features! Update RC2 is now available."

    No caveats, no warnings that this is a work in progress - in fact it is touted as an update, and it is stated it provides a "secure, isolated virtual machine". Not even an asterisk.

    As you know I have championed separating the beta program from the released product in these forums. Recall too that you didn't like that idea, either.

    Worse than hidden, a Parallels employee suggested this whole topic is much ado about nothing (that's another objet d'art, sorry).

    I think these forums are being used effectively to inform users. This thread is quoted and referenced around the world. Each day new points are raised, and each is an opportunity to grow our knowledge and understanding of this problem and for us to provide to users that which Parallels has yet to provide. You're not going to suggest that is a bad thing, are you?

    I've yet to see anyone express fear of Windows. I've seen people seeking understanding and clarification.

    Please do.
     
  14. drval

    drval

    Messages:
    490
    You are really unbelievable, well actually you're quite believable and quite predictable.

    RC means Release Candidate and, as RC1, it would actually be an update to the prior BETA version.

    And it is actually you who has been quite insulting, both to me individually and to a whole range of users.

    There are two perspectives -- that is ALSO what you said.

    Now it's time to move on.
     
  15. JollyRoger

    JollyRoger

    Messages:
    46
  16. dkp

    dkp

    Messages:
    1,367
    I'm afraid you'll have to include Parallels in that. So far here is the response from them:
    http://forum.parallels.com/post41289-49.html

    I'd hoped for better.
     
  17. dkp

    dkp

    Messages:
    1,367
    Don't know if you've seen this, but sshfs (Secure Shell File System) uses ssh as the transport layer and allows user space mounting of drives between sshfs capable systems. The client is the specialty component - the server needs only to have ssh running with sftp enabled. Google has provided the MacFuse client and surely there are Windows sshfs clients out there. It allows mounting a drive to any system that is running ssh and on which you have a shell account.

    There is a bit of a performance hit over the network because of the data stream encryption, but across the backplane of your Mac it should be quite brisk - it is here. The mounts show up in Finder or File Explorer as do any other remote mounts. You can attach anywhere you like in the remote system. As an ISP I'm not a big fan of this and am seeking a chroot method to correct it, but that's just me. Ssh in Windows uses cygwin technology.
     
  18. drval

    drval

    Messages:
    490
    Actually, if you really want to be secure follow the advice of never connecting your system to the web or any removable device. Keep it completely isolated whether the OS is Windows, Mac, Unix or whatever.

    Absent that, it's a question of what you feel is an acceptable level of risk. I've never said ANYTHING other than that.
     
  19. dkp

    dkp

    Messages:
    1,367
    Two things fascinate me about this. One is that you thought the poster was talking not about you, but to you, and that you didn't move on as you said you would.

    But since you brought it up, acceptable risk is a daily exercise. Driving for example - especially in Vancouver, eh, is frought with risk, yet we do it. We moderate the risk by ensuring our brakes are sound, our tyres are fit, our seat belts are snug, our mirrors are adjusted, we plan our route ahead of time, and we monitor traffic around us. And we insure our vehicle.

    In computing we need to take acceptable risks but again we moderate them by using viral protection, firewalls, don't download from unknown sites, don't open email attachments willy nilly, etc. And we don't let our VM's create a tunnel through two firewalls without considering the consequences of that tunnel - we reduce our exposure. We take other steps, too, certainly, but the point is, we know we have done all we can in practical terms to protect our investments and networks from attack but still know there are risks. And our computers are useful to us even after all that care is taken.

    These remaining risks are unavoidable, and there are no practices available beyond what we do that proactively protect us. When we have reached that point in computing we have left acceptable risk if we are to use our computers for our benefit. We are not risk free, of course, but we have done what we can to minimize damage should there be a successful exploit. In other words any remaining risk is unavoidable risk. It is for this category we have system backups for recovery in the worst case situation. That is our insurance.

    This is all calm, collected, calculated computing. No fear, no hand wringing, no retreating into darkened rooms to quake with fear of computer exploits. It's just good intelligent system management. That which we can manage, we do. That which is out of our control we insure against loss.

    In the market place security risk and exposure translates to sales. If Parallels requires increased exposure for some essential feature that is not found in the competitor's product, the competitor has an edge and that translates to rubles lost. That, finally, is where the matter is resolved. For me I want that matter to be resolved in Parallels' favor. I want to see these guys get stinking rich and enjoy the product of their vision and effort.
     
  20. drval

    drval

    Messages:
    490
    You might want to read what I ACTUALLY posted, which was:

    "Now it's time to move on."

    Meaning that it's time for US ALL to move on, because:

    "You are really unbelievable, well actually you're quite believable and quite predictable.

    RC means Release Candidate and, as RC1, it would actually be an update to the prior BETA version.

    And it is actually you who has been quite insulting, both to me individually and to a whole range of users.

    There are two perspectives -- that is ALSO what you said. "

    The, you referenced there being, well YOU -- who continues to reiterate the same message.

    Now just to be clear about how personalized you continue to make this, why mention Vancouver in your reply to me?
     

Share This Page