Security of Windows XP VMs post April 8th

I run a WinXP VM with parallels for some proprietary financial applications at work. I honestly have no interest in upgrading to Win7 or Win8 anytime soon unless there are security issues requiring me to, as I do everything else in Mac OS.

I don't use IE8, check email, Skype, etc in the VM. All the VM does is run a few Windows only applications I need for work. I know there are security concerns with XP post April 8th, but on a scale of 1-10 how much should I be concerned about my XP install being compromised if I'm only using XP as a VM and only for a few applications? Up to this point I haven't even installed antivirus or a 3rd party firewall in XP. I have shared networking enabled in my VM vs bridged mode, although I'm not sure if that helps security matters.

Thanks in advance for the advice.

 

Do you open PDFs, DOCs, XLSs, JPGs and other popular formats in your VM that have been sent you? These are formats that have in the past been used to exploit vulnerabilities present in Operating Systems and apps. After April 8th if there's a vuln. in the system library that deals with JPGs and a JPG can be crafted that takes advantage of this, and you happen to get this JPG in your XP VM, you are compromised.

 

Negative, all I do is run a few online poker clients (Pokerstars, Party Poker, etc) as well as Pokertracker which is a proprietary db application for poker hand histories collected from playing.

I use Chrome as my browser, but never download anything but updates to the poker applications. Maybe once in a while I'll run a test at speedtest.net, but that's the extent of my web usage. My concern is simply having my XP VM accessible to the internet, and if XP's security holes are so bad that just being connected to the internet will one day be enough for a hacker. I do sometimes work over my own wifi network and sometimes over my cellular hotspot, but I'm very careful not to use public wifi or any untrusted networks.

 

I'm sorry, but it's impossible to know beforehand what will be the nature of the vulnerabilities that are present in the OS and won't be patched.

The fact that you run poker clients on the internet from that machine won't be very safe, and worst, it's proprietary, which means there's no way of knowing if the program uses some operating system libraries for some of the it's functions, similar for Chrome, but in Chrome's case it's easier to know. Let's take the jpg example again, do these applications have their own frameworks and libraries to handle jpgs or do they rely on the one existing in the system.

 

I have a similar situation. I'm running Windows XP via Parallels 7 on a Macbook Pro. The only windows program I still use is Quicken Home & Business; no Outlook, no Word. I never go onto the internet on the windows side, but I do leave windows open when I go onto the internet on the Mac side. Am I open to viruses in Windows XP? Thanks.

 

Hi benfox0607,

You normally would not be attracting any Viruses or Trojans without using internet or visiting webpages. I could suggest you to go to the Virtual Machine menu: http://kb.parallels.com/117287

Please go to Hardware=>Network 1 and uncheck the connected box. This is would not let Windows access the internet.

Thanks,
Looran

 

Thanks for this good advice. At first all went well, but now when I attempt to start Win XP it begins to load, then gets stuck on the "Windows is starting up" window. FYI I have 3 users: the standard Administrator, one called Jim (also an administrator) and a third with Limited rights. 9 times out of 10 the process gets stuck. On the one time it actually boots all the way I get the message "The system could not log you on. Make sure User name and domain are correct, then type password again." I click OK, then it lets me complete the log on. Thanks again for your help, Jim