VirtualPC Security
January 30, 2004 1:15 PM   Subscribe

Is VirtualPC less secure than an actual PC? [more inside]

I proposed getting VirtualPC for my Mac at work so I can test web sites on multiple Windows browsers. (I have a PC with IE 5.5 on it.) Our IT department doesn't want to install VirtualPC because it "presents a vulnerability to hackers." It seems to me that VirtualPC would be more secure than an actual PC because I would only run it sporadically, and if someone did hack into it, they would only be able to access the VirtualPC "partition" on my Mac, not the whole computer. As far as securing access to the rest of the network, why would that be any different than securing a PC?

I know about installing multiple versions of IE, but they're skittish about that, too.
posted by kirkaracha to Computers & Internet (4 answers total)
VirtualPC is just as susceptible to most viruses as regular Windows, but the advantage is that it wont kill your system, and you might not be open to some of the RPC attacks. If you run an anti-virus, and regularly patch Windows using Windows Update, and of course are protected by a Firewall, then VirtualPC is actually more secure than a PC.
posted by riffola at 1:21 PM on January 30, 2004

Your IT folks' concerns are valid in two respects:

1. In that running Windows on virtual hardware does in fact create another instance of Windows on your network, thereby reducing its aggregate security by some quanta.

2. In that the quanta in question is a reduction of the security of your specific hardware on your desk by the security impact value of a Windows instance.

If they've already got Windows systems on the network, and support them and deal with the vulnerabilities they present regularly, they really have no excuse to deny you your Virtual PC instance on the basis of security. Now, I could understand not wanting to have their staff deal with your particular weird configuration of a virtual system, but that's not the question you asked. It's possible they're trying to snow you with talk about security but the real reason is an institutional desire to avoid odd configurations.
posted by majick at 2:12 PM on January 30, 2004

Also, if the Windows session is sharing the Mac's main IP address using the "virtual switch," which is basically integrated NAT, there's no way for an incoming connection from the Internet to get to the PC; this makes it much harder for people to hack in, for obvious reasons.
posted by kindall at 2:13 PM on January 30, 2004

maybe it's safer to buy a cheapo or used pc (an emachines or walmart or something like that) and hook it up to the network only when you need to test? or maybe that would make IT happier?
posted by amberglow at 5:01 PM on January 31, 2004

« Older I Need a Better Chair!   |   Online retail help needed Newer »
This thread is closed to new comments.