Virtualization Technology News and Information
Article
RSS
Parallels backdoor into Mac OS X via Windows?

Brian Krebs recently posted on the Security Fix on WashingtonPost.com a slightly alarming message about his installation of Parallels on the Mac OS X.  Does it provide Windows a backdoor into your Mac OS X base machine?

Earlier this week Security Fix managed to install a new copy of Microsoft's Windows Vista Ultimate on top of Apple's Mac OS X operating system running on a Macbook Pro. I did this using Parallels, a powerful "virtual machine" program that lets users run two or more operating systems side by side at the same time.

When I went to behold the Frankenstein I'd created, I literally gasped when I realized that Vista now had complete access to read, write, or destroy files on my Mac's hard drive. The guest operating system -- in this case Vista -- has almost full run of the data on the underlying hard drive (the critical system files appear to be guarded). I later found a rather longish thread about this feature at the Parallels user forum.

In everything else, Parallels strikes me as an extremely powerful, elegant and useful application. But the Parallels people should change the default behavior of the software to disallow the sharing of directories between the operating systems by default. There may be more dangerous implications of this design: I am still in the process of monkeying around with different scenarios.

I found the whole situation to be rather ironic. After all, virtual machines, such as VMware, have been very popular among virus researchers because they typically were used to protect people from threats, not introduce new ones. Security researchers have long used virtual machines to execute malicious software in a controlled environment that can be reset back to its previous, pristine state with the push of a button.

In response, a number of online threats will check to see if they're being run in VMware or some other kind of virtual environment. If the answer is yes, those viruses or worms generally refuse to run, in an effort to escape analysis and live longer, undetected, in the wild.

This scenario with Parallels presents the opposite threat: Virus writers could, by default, simply begin to tell their creations to check whether they are being run in a Parallels virtual machine, and if so run some basic checks to see which operating system the host machine is running, and then drop appropriate malicious code in key places on the host system.

Such a scenario may sound far-fetched, but the reality is that if you can dream it up, the bad guys online are probably already doing it. Here's hoping the good folks at Parallels fix this feature in their next release.

It's worth noting that this sharing of files, directories, etc., between the host and guest operating system(s) also is quite possible on VMware products as well, except that the default setting on VMware is not to let the guest operating system have read, write and delete privileges pretty much anywhere on the host OS.

To disable this functionality, close out of the guest operating system, and in Parallels Desktop click on "edit." From there, click on "Shared Folders" and uncheck the box next to the option "Enable global sharing for drag-and-drop." You can then add any specific folders that you'd still like to share from that menu.

Read and comment on the original, here.

Published Saturday, February 17, 2007 10:23 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<February 2007>
SuMoTuWeThFrSa
28293031123
45678910
11121314151617
18192021222324
25262728123
45678910