Parallels Desktop 6 for Mac: nice work but beware Windows security settings

I’ve just set up Parallels Desktop 6 on a Mac, in preparation for some development work. Installed Parallels, created a new virtual machine, and selected a Windows 7 Professional with SP1 CD image downloaded from Microsoft’s excellent MSDN subscription service.

The way this works is that you install the Parallels application and the create a new virtual machine, selecting a boot CD or image. Next, you have a dialog where you select whether or not you want an Express installation. It is checked by default. I left it checked and proceeded with the install.

image

The setup was delightfully smooth and I was soon running Windows on the Mac. I chose a “Like my PC” install so that Windows runs in a window. The alternative is to hide the virtual Windows desktop and simply to show Windows applications on the Mac desktop.

Everything seemed fine, but I was puzzled. Why was Windows not installing any updates? It turns out that the Express install disables this setting.

image

It also sets user account control to an insecure setting, where the approval dialog does not use the secure desktop.

image

The Parallels Express install also sets up an Administrator account with a blank password, so you log on automatically.

No anti-virus is installed, which is not surprising since Windows does not come with anti-virus software by default.

These choices make a remarkable difference to the user experience. Set up was a pleasure and I could get to work straight away, untroubled by prompts, updates or warnings.

Unfortunately Windows in this state is insecure, and I am surprised that Parallels sets this as the default. Disabling automatic updates is particularly dangerous, leaving users at the mercy of any security issues that have been discovered since the install CD was built.

In mitigation, the Parallels user guide advises that you set a password after installation – but who reads user guides?

If you uncheck the Express Install option, you get a normal Windows installation with Microsoft’s defaults.

These security settings are unlikely to matter if you do not connect your Windows virtual machine to the internet, or if you never use a web browser or other Internet-connected software such as email clients. If you do real work in Windows though, which might well include Windows Outlook since the Mac version is poor in comparison, then I suggest changing the settings so that Window updates properly, as well as installing anti-virus software such as the free Security Essentials.