If one's web browsing, e-mail, FTP, etc. (ie: all the stuff that requires Internet connectivity) is all being done using Mac programs, would a virus, trojan etc. be able to make its way to the Windows section because of the virtualization?
Or would it need to actually enter through a Windows program that connected to the web? I ask because I'm hoping to use Windows emulation for just a couple of programs that do not, necessarily, need to have Internet access. In fact, Breezebrowser is really my only "go to" program (that I can think of) that doesn't have a Mac version.
Ironically, some of the other programs I like and use are specifically designed to secure Windows, fix up the registry, etc.
It's too bad my Netflix movie downloads are now in competition with Apple and require IE.
Cheers,
Sean
Time for me to chime in as an IT professional of 20+ years and one who has administered and secured networks of all stripes for about the last 10+ years.
And to do so in a more lighthearted vein (computer security is notoriously dry and boring) we are about to play an episode of
Computer Security Mythbusters!
Myth #1:
The Mac is immune to viruses and hacking -
FALSE
The Mac represents a far smaller share of the personal computer market than Windows based systems. It's all simple economics. Why write a virus that only affects a tiny percentage of the population? Hackers and virus authors target low-hanging fruit. UNIX based systems were designed by engineers for engineers, not by security minded folks. Check the update logs of any UNIX (or UNIX derived) OS to see how many patches are released to close security holes. If you want a really bulletproof OS, use OpenBSD which has the best security track record of all computer OS's.
Myth #2:
Virtualized Windows systems can't get infected. -
FALSE
A virtualized Windows system is just as vulnerable as a hardware hosted one. The VM will need antivirus/antispyware/firewalls as well. Be sure to include them in the cost of the build. Granted, the use of Time Machine or other snapshot systems makes it easier to roll back to a pre-infected state but
any system connected to the public internet is a target. Therefore, it stands to reason that if you
never connect your Windows VM to the internet, you greatly reduce the chances of infection. Also, hackers won't target a non-connected machine as it is of very little use to them.
Myth #3:
Really good Internet security is really expensive and complicated -
FALSE
Unified Threat Management systems (UTM's) are used in enterprise networks to mitigate threats and secure the network. Such technology is also available to the home/SOHO user for little or no cost. I will be publishing a review of three UTM's (Untangle, Astaro Secure Gateway, & ComixWall) which can be deployed on small networks at
no cost beyond dedicating a single machine to becoming an edge device on your network. The article will be published on
PlanetX64 soon, but you can read a preview of it on my
blog.
Myth #4:
If I setup one of these UTM thingies, I don't need to install security software on the rest of my computers. -
FALSE
The phrase "Don't put all of your eggs in one basket" comes to mind here. Relying on an edge device solely as your line of defense is foolish. The best defense is called
layered defense. Yes, your UTM scans for viruses, spam, phishing attempts and other nasties, but the best practice in this scenario is to have security software on
each machine in your network (where possible). Internal firewalls (called
bastion firewalls) add another stumbling block to a hacker trying to gain entry into your network. Antivirus software (of a different brand) on your workstation will assist in catching any viruses the UTM may miss.
These topics and more will be covered in my article. I hope that this has helped you guys get an idea of how to do this properly. The article will cover the ease-of-use of these systems as well as the features and performance.