According to Parallels and Dr. Val you should just not worry your little head about it.
Here's the situation. When Parallels creates a new Windows VM it also creates what is called a Global Share. This is a tunnel through your Windows firewall and your OS X firewall that allows your Windows VM to have read/write access to the root level of your OS X hard drive. That has possibilities for a virus writer.
A well constructed Windows virus can:
- copy your virtual machines to a remote site where they will be installable and executable on the thief's system. The perfect crime - you won't even know it's happened.
- delete your home directory and all it's contents
- install a wicked vicious binary or Perl script on your OS X hard drive, modify your OS X shell rc/profile script so that the wicked vicious tool will be launched the next time a command line window is opened.
- harvest most everything on your hard disk - limited only by what your user account is prohibited from seeing.
This has all been discussed to death here. Find and read the "Big security risk with global sharing" thread. It's been on the front page for some time.
It has also started to be discussed as a topic on technoblogs around the blogosphere. The author at the Washington Post is quite right to worry.
At least one developer from Parallels has said it is nothing to be concerned with. Others, me in particular, have claimed it is irresponsible of Parallels to allow this to be a default installation option without so much as offering the user full disclosure as to what it can mean.
No, Val, I did not call the WP.
Last edited: Feb 10, 2007