Running windows in virtual machine, should I bother with security?

Your virtual Windows is on the same network with your OSX, so the same threats of having an infected device on a network applies to this VM. Your VM is equivalent to a PC in your network its not much different. The same security practices that apply to your PC also applies to your VMs.

  • Although OSX does not run the same malicious apps that run on windows machines, that VM can still be a threat to rest of the devices on the network.
  • It can also consume your machine's resources in case it becomes infected and make your host machine slow too.
  • At times you may login to your email/cloud account on the VM to download something and in case the VM is infected with a keylogger, your data can be stolen.
  • You may connect a USB Flash drive to the VM to transfer files elsewhere and infection can spread this way.

Try to keep the guest operating system along with softwares used in it updated at minimum. If you use it moderately get a free antivirus like microsoft's Windows Defender.

One other threat is Ransomwares, Parallels Desktop has a feature that shares some of your OSX folders with windows. If your windows VM gets infected with a ransomware, it can possibly encrypt your shared files causing damage to your important data.


Looking at Virtualbox's manual chapter 13, Security guide. Other than the points mentioned above plus the clipboard which SilverlightFox mentioned, it says:

13.3.4. Potentially insecure operations

Enabling 3D graphics via the Guest Additions exposes the host to additional security risks; see Section 4.5.1, “Hardware 3D acceleration (OpenGL and Direct3D 8/9)”.
...
When Page Fusion (see Section 4.9.2, “Page Fusion”) is enabled, it is possible that a side-channel opens up that allows a malicious guest to determine the address space layout (i.e. where DLLs are typically loaded) of one other VM running on the same host. This information leak in it self is harmless, however the malicious guest may use it to optimize attack against that VM via unrelated attack vectors. It is recommended to only enable Page Fusion if you do not think this is a concern in your setup.
...

While you're using a different hypervisor, it is imaginable that same type of risks also apply to that.


In addition to Silverfox's excellent answer, if you're sharing the clipboard with your Mac, then any malware that logs clipboard contents could steal something sensitive copied to the clipboard from your Mac.

There is also the possibility that malware could traverse from the VM and execute on your Mac. The Pwn2Own competition is looking for such escapes as they have put a $75K bounty on any VMware Workstation bypass. This is very unlikely to happen, although it is theoretically possible should any such vulnerabilities exist in Parallels.

There could also be malware that would make your VM part of a botnet without you necessarily realising. For example, it might be participating in DoS attacks or it could be sending out spam. The main indicator of this would be reduced performance, however any anti-virus/malware products could alert you ahead of any performance drop.