How to safely run Windows on a Mac?
February 18, 2007 10:04 PM   Subscribe

What do I need to know in order to safely run Windows on my Mac?

I've used Macs forever and gotten used to not being scared of viruses, spyware, &c. When I do use Windows, it's on a work computer that's secured by a not-incompetent IT staff. I've never done the secure-your-Windows-machine thing on my own.

I want to install Windows (probably XP, but perhaps Vista) on my Mac using Parallels. What do I need to do to keep that installation safe from bad guys lurking on the Internets?
posted by raf to Computers & Internet (8 answers total) 6 users marked this as a favorite
Don't share folders between the OS X hard drive and the Parallel environment.

As far as the Windows installation is concerned, any shared folders are just as accessible as any other, and its contents are equally vulnerable to deletion, modification, etc.

If you don't share folders then the only risk is to your Windows installation.
posted by Blazecock Pileon at 10:13 PM on February 18, 2007

Also Firefox. I'd suggest antivirus software, though -- the free version of AVG is what you want, or else AOL's Active Virus Shield.
posted by kindall at 10:56 PM on February 18, 2007

With paralells, unless you have the bridge installed that will share files between your mac and your PC, all you need to do to 'clean' a virus infestation off your system is to remove and re-install WinXP.

I keep everything on a network share and then mount the network share as needed. The network share is backed up daily, so I don't care so much about it as I do my iMac's hard drive.
posted by SpecialK at 11:21 PM on February 18, 2007

the free version of AVG is what you want

do be aware that the link to download the free version is well hidden and AVG will do their damndest to lead you towards the paid version. Kind of like RealPlayer.

My standard Windows security is pretty much just being behind my router's firewall, keeping AVG up to date, running Spybot S&D every so often and not clicking on stupid things. ZoneAlarm is a decent free firewall I think but you may not need that if Parallells hides you (don't know much about Macs, yet... MacBook to come in a couple of months)
posted by corvine at 5:56 AM on February 19, 2007

"What do I need to do to keep that installation safe from bad guys lurking on the Internets?"

Use Windows XP SP2 and the various subsequent security fixes. The automatic update feature is very helpful for keeping that under control.

Create a Windows account with "Limited" privilege, and use that for any work that isn't administering the system.

Configure Parallels to provide "Shared networking" to the XP installation. This is the NAT mentioned above. (The bridged networking feature is really cool and useful, and you shouldn't use it unless you know enough about defending Windows from threats that this question wouldn't be necessary.)

Do not, ever, under any circumstances, run Internet Explorer or Outlook. At all. Ever. They aren't very good pieces software when you weigh in the effort cost of keeping them secure and cleaning up the inevitable mess when they fail or are exploited.

Think about what you download and where you download it from. Keep in mind that a lot of malicious software is in fact bundled with potentially useful software under the guise of supporting the publisher financially. Be wary.

A virus scanner is a nice idea, but it doesn't have to run all the time. The option -- usually the default -- of scanning every file touched by any process at any time is overkill. Point it at files you download or receive in email, scan removable media you didn't make yourself, and scan the entire system every once in a while. You'll be okay.

Windows security really is as horrid as you hear about, but there are plenty of ways to mitigate the problem, and most of them start with common sense.
posted by majick at 6:43 AM on February 19, 2007

do be aware that the link to download the free version is well hidden

It is not all that well-hidden, you just have to go to
posted by kindall at 12:45 PM on February 19, 2007

After you're happy with your Windows installation and have all applications you want/need installed, make a back-up copy of the Parallels drive file.
ICIRC it's located in ~/Library/Application Support/Parallels/ (I don't have access to an Intel Mac right now) and it's quite a big file, but if you burn it on a DVD it's extremely easy to get your Windows system back in case something goes wrong. Just delete the current (infected or broken) version of the file and copy the old back-up version back. If you save your documents on the Mac side of your disk (yes they are vulnerable for Windows virii, but it's quite easy to move the files to somewhere else on your hard drive) you don't lose much, and reinstalling everything from scratch will take up many hours.
posted by maremare at 1:03 PM on February 19, 2007

Using Windows is really a good learning experience for a long-time Mac user. It will teach you to be more security-conscious, which in the end helps everyone.

In general, don't trust email attachments or downloads, don't connect to insecure wireless points for anything important, and scan stuff for viruses. A real-time virus scanner really doesn't suck that much processor power and it is a good thing to have handy.

To the advice already mentioned above, I'll suggest disabling services you do not need. There are multiple places online to look for info on unnecessary services.

Turn off unnecessary crap, like Remote Desktop, Remote Assistance (both under System in the control panel) and Universal Plug'n'Play (There's an Un-PnP program from the Shields Up! security website that makes this a one-click option). Tell Windows not to automatically find and list network shares (under Folder Options).

Also, kill software that you do not use. I uninstall things like Windows Messenger, the personal webserver (IIS), MSN Explorer, and disable access to IE and Outlook. If you really, honestly need IE for anything (Windows Update, for example) you can install the IETab extension. "Disable access" really means "Hide the shortcut"; you can still go Start --> Run --> iexplore.exe even if IE has been "disabled".

Also, one default option in Windows to fix: Make it show all file extensions (under Folder Options), so that you can tell a shortcut (*.pif) from a virus disguised as a shortcut (*.pif.exe). You will have to remember at that point that changing or deleting the extension will make Windows unable to decide what to do with the file, though, so be careful when renaming things.

Lastly, running as limited account - you can do it, and it isn't a bad idea, but remember that there is no easy way to sudo on Windows. You either need to log off and back on as Admin, or right-click a program, pick "run as..." and enter Admin credentials. This works only for that instance of that program; rather than temporarily escalating your access, it just assumes that Admin ran that program that time. This also makes it nigh impossible to make some changes to your limited account (such as deleting desktop shortcuts placed there by admin, or changing your system date and time, and other crap that really shouldn't require admin access to perform in the first place!). You can enable the "always run program as [user]" if need be, when logged on as an admin, to solve some of these issues, but be aware that some Windows programs 100% will not run unless you run them with full admin priveliges.
posted by caution live frogs at 1:56 PM on February 19, 2007

« Older The end?   |   Blog for language learning? Newer »
This thread is closed to new comments.