VirtualPC Security
January 30, 2004 1:15 PM Subscribe
Is VirtualPC less secure than an actual PC? [more inside]
I proposed getting VirtualPC for my Mac at work so I can test web sites on multiple Windows browsers. (I have a PC with IE 5.5 on it.) Our IT department doesn't want to install VirtualPC because it "presents a vulnerability to hackers." It seems to me that VirtualPC would be more secure than an actual PC because I would only run it sporadically, and if someone did hack into it, they would only be able to access the VirtualPC "partition" on my Mac, not the whole computer. As far as securing access to the rest of the network, why would that be any different than securing a PC?
I know about installing multiple versions of IE, but they're skittish about that, too.
I proposed getting VirtualPC for my Mac at work so I can test web sites on multiple Windows browsers. (I have a PC with IE 5.5 on it.) Our IT department doesn't want to install VirtualPC because it "presents a vulnerability to hackers." It seems to me that VirtualPC would be more secure than an actual PC because I would only run it sporadically, and if someone did hack into it, they would only be able to access the VirtualPC "partition" on my Mac, not the whole computer. As far as securing access to the rest of the network, why would that be any different than securing a PC?
I know about installing multiple versions of IE, but they're skittish about that, too.
Your IT folks' concerns are valid in two respects:
1. In that running Windows on virtual hardware does in fact create another instance of Windows on your network, thereby reducing its aggregate security by some quanta.
2. In that the quanta in question is a reduction of the security of your specific hardware on your desk by the security impact value of a Windows instance.
If they've already got Windows systems on the network, and support them and deal with the vulnerabilities they present regularly, they really have no excuse to deny you your Virtual PC instance on the basis of security. Now, I could understand not wanting to have their staff deal with your particular weird configuration of a virtual system, but that's not the question you asked. It's possible they're trying to snow you with talk about security but the real reason is an institutional desire to avoid odd configurations.
posted by majick at 2:12 PM on January 30, 2004
1. In that running Windows on virtual hardware does in fact create another instance of Windows on your network, thereby reducing its aggregate security by some quanta.
2. In that the quanta in question is a reduction of the security of your specific hardware on your desk by the security impact value of a Windows instance.
If they've already got Windows systems on the network, and support them and deal with the vulnerabilities they present regularly, they really have no excuse to deny you your Virtual PC instance on the basis of security. Now, I could understand not wanting to have their staff deal with your particular weird configuration of a virtual system, but that's not the question you asked. It's possible they're trying to snow you with talk about security but the real reason is an institutional desire to avoid odd configurations.
posted by majick at 2:12 PM on January 30, 2004
Also, if the Windows session is sharing the Mac's main IP address using the "virtual switch," which is basically integrated NAT, there's no way for an incoming connection from the Internet to get to the PC; this makes it much harder for people to hack in, for obvious reasons.
posted by kindall at 2:13 PM on January 30, 2004
posted by kindall at 2:13 PM on January 30, 2004
maybe it's safer to buy a cheapo or used pc (an emachines or walmart or something like that) and hook it up to the network only when you need to test? or maybe that would make IT happier?
posted by amberglow at 5:01 PM on January 31, 2004
posted by amberglow at 5:01 PM on January 31, 2004
This thread is closed to new comments.
posted by riffola at 1:21 PM on January 30, 2004