Hi Peter & Severin, Now you have got me thinking ;)
My main use of windows is to use a specialised SMSF (DIY super) management package. I run XP pro under parallels. Whilst I do all of my general internet/email in OSX, the MySF software connects over the web to check for software updates but mainly to update the share prices in the MySF portfolio. Since I need to incorporate documents created in OSX into the MySF fund file and also to take info from MySF into my OSX spreadsheets, I have a shared folder setup (where an OSX folder appears as an additional windows drive). I can also, obviously copy and paste between windows & OSX. Given the above, I am a little confused as to the extent of the windows/mac separation/sandboxing. First, I must confess that I know just enough about networking, virtualisation etc to appreciate just how much I DON"T know :( I think I understand that the virtualisation software effectively keeps the whole windows "machine" in an OSX folder, which seems to mainly contain a disc image of the windows "hard drive" and a file which I presume contains information about the configuration of the virtual "machine". So it seems to me that when you don't actually have parallels (or fusion) fired up and the virtual machine running then your mac is as secure (or not) as if you didn't have the windows/virtual machine installed. I am much less clear on the separation when the virtual machine is up and running. Whilst I am familiar with the "sandbox" term, I thought I would check how it was explained in Wikipedia; <http://en.wikipedia.org/wiki/Sandbox_(computer_security)> and I noticed that it said: > Network access, the ability to inspect the host system or read from input > devices are usually disallowed or heavily restricted. Now my virtual machine must have network access to download the share prices, it can also read from input devices - this is one of their selling points (and lets me use my Windows only GPS map application to download maps onto my GPS) and the shared folder system seems to allow it to inspect the host system? - though I realise this is definitely restricted. When I print from my virtual machine (using bonjour for windows) I think I am effectively doing this over a Mac/windows network connection. Also, as I said, one can copy and paste between systems. So it seems to me that to get a lot of the functionality that makes parallels or fusion the great applications they are, they have to have the authority to access a lot of the Mac's built-in security systems at the highest level - so I wonder just how well the VM is "sandboxed". Don't get me wrong, I am not getting overly paranoid about this. Like Severin, I have AVG Anti Virus installed and feel quite happy about firing up Windows - it just seems to me that the systems are not necessarily quite as "separated" as some of the discussion seems to imply. It also seems to me that if you were creating Mac malware then looking at getting in via parallels or fusion would be well worth investigating - I am just hoping that the subset of Mac users running parallels/fusion is still not large enough to get the malware creators motivated! Any thoughts/comments? Cheers Neil -- Neil R. Houghton Albany, Western Australia Tel: +61 8 9841 6063 Email: n...@possumology.com on 15/6/09 8:09 AM, Peter Hinchliffe at hinch...@multiline.com.au wrote: > > On 13/06/2009, at 1:46 PM, Severin Crisp wrote: > >> As a similar reluctant Fusion/Windows user I can say I have been >> pleasantly surprised. CNET AVG Anti Virus is free and is updated >> regularly. Because Fusion is really a Mac application running, I do >> not blieve having it on a separate partition will offer any extra >> protection. >> Best wishes >> Severin Crisp > > Packages such as Parallels Desktop, VMWare Fusion and Sun's VirtualBox > store their virtual machines in Disk Images, which are effectively > software "partitions". Either way the effect is the same: the Windows > system is "sandboxed" away from your Mac OS stuff. > > In any event, even if Windows malware does land on your Mac, it cannot > live on the Mac OS planet. > > The exception, of course, are the MS Office macro viruses, but then > these are platform-agnostic, depending on Visual Basic rather than the > OS itself. > > -- > > Peter Hinchliffe Apwin Computer Services > FileMaker Pro Solutions Developer > Perth, Western Australia > Phone (618) 9332 6482 Fax (618) 9332 0913 > -------------------------------------------------------------------- > Mac because I prefer it -- Windows because I have to. -- The WA Macintosh User Group Mailing List -- Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> Unsubscribe - <mailto:wamug-unsubscr...@wamug.org.au>