9
Parallels Desktop now a security risk? (according to CleanMyMac)
source link: https://forums.macrumors.com/threads/parallels-desktop-now-a-security-risk-according-to-cleanmymac.2341465/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Parallels Desktop now a security risk? (according to CleanMyMac)
Sep 25, 2009
I've recently noticed that CleanMyMac now flags Parallels Desktop 17 as a "suspicious" app, as shown below.
As shown in the image, their apparent reasoning for this is that the app is "associated with or owned by Russian or Belarusian developers, where government authorities can access their data directly upon request and without a court order."
In other words, it seems that MacPaw is now implying that Parallels Desktop is a security risk. As a freelance translator who depends on Windows (running under Parallels Desktop), this is alarming news.
A cursory glance of Parallels corporate info shows that they are a multinational company, now part of the Corel Corporation. Their website also shows that the company operates partially in the Ukraine and is very much in support of the Ukraine during this invasion.
However, when I reached out to MacPaw support to find out what their reasoning is for marking Parallels Desktop as suspicious and whether there are any actual security risks, I received no reply.
What I'm wondering is whether anybody has any information on any actual reported ties that Parallels may have to Russian or Belarusian developers who are identified cyberattackers, or any specific security risks that would now leave Parallels Desktop prone to specific cyberattacks, moreso than before. While I feel terrible about the plight of those in the Ukraine whose country has been invaded by Russia, I really don't see how they can actually link Parallels to any of this.
Parallels Desktop has been a key app for me for many years now, and VMWare Fusion for Mac has not yet been made publicly available for macOS Monterey, so it really seems like VMWare is quite a bit behind the game in terms of virtualization. If it did become necessary to switch to another solution for running Windows virtualized over macOS, I'm also wondering what the other viable options (if any) would be.
In other words, it seems that MacPaw is now implying that Parallels Desktop is a security risk. As a freelance translator who depends on Windows (running under Parallels Desktop), this is alarming news.
A cursory glance of Parallels corporate info shows that they are a multinational company, now part of the Corel Corporation. Their website also shows that the company operates partially in the Ukraine and is very much in support of the Ukraine during this invasion.
What I'm wondering is whether anybody has any information on any actual reported ties that Parallels may have to Russian or Belarusian developers who are identified cyberattackers, or any specific security risks that would now leave Parallels Desktop prone to specific cyberattacks, moreso than before. While I feel terrible about the plight of those in the Ukraine whose country has been invaded by Russia, I really don't see how they can actually link Parallels to any of this.
Parallels Desktop has been a key app for me for many years now, and VMWare Fusion for Mac has not yet been made publicly available for macOS Monterey, so it really seems like VMWare is quite a bit behind the game in terms of virtualization. If it did become necessary to switch to another solution for running Windows virtualized over macOS, I'm also wondering what the other viable options (if any) would be.
Last edited: Apr 11, 2022
Reactions: VulchR
TiggrToo
macrumors 601
I’d hardly put much trust in CleanMyMac to be brutally honest… It’s not got, shall we say, a stellar reputation…I've recently noticed that CleanMyMac now flags Parallels Desktop 17 as a "suspicious" app, as shown below.
View attachment 1990124
As shown in the image, their apparent reasoning for this is that the app is "associated with or owned by Russian or Belarusian developers, where government authorities can access their data directly upon request and without a court order."
In other words, it seems that MacPaw is now implying that Parallels Desktop is a security risk. As a freelance translator who depends on Windows (running under Parallels Desktop), this is alarming news.
A cursory glance of Parallels corporate info shows that they are a multinational company, now part of the Corel Corporation. Their website also shows that the company operates partially in the Ukraine and is very much in support of the Ukraine during this invasion.
View attachment 1990127
However, when I reached out to MacPaw support to find out what their reasoning is for marking Parallels Desktop as suspicious and whether there are any actual security risks, I received no reply.
What I'm wondering is whether anybody has any information on any actual reported ties that Parallels may have to Russian or Belarusian developers who are identified cyberattackers, or any specific security risks that would now leave Parallels Desktop prone to specific cyberattacks, moreso than before. While I feel terrible about the plight of those in the Ukraine whose country has been invaded by Russia, I really don't see how they can actually link Parallels to any of this.
Parallels Desktop has been a key app for me for many years now, and VMWare Fusion for Mac has not yet been made publicly available for macOS Monterey, so it really seems like VMWare is quite a bit behind the game in terms of virtualization. If it did become necessary to switch to another solution for running Windows virtualized over macOS, I'm also wondering what the other viable options (if any) would be.
TiggrToo
macrumors 601
Download Malwarebytes (it’s free) and scan with that.I've recently noticed that CleanMyMac now flags Parallels Desktop 17 as a "suspicious" app, as shown below.
View attachment 1990124
As shown in the image, their apparent reasoning for this is that the app is "associated with or owned by Russian or Belarusian developers, where government authorities can access their data directly upon request and without a court order."
In other words, it seems that MacPaw is now implying that Parallels Desktop is a security risk. As a freelance translator who depends on Windows (running under Parallels Desktop), this is alarming news.
A cursory glance of Parallels corporate info shows that they are a multinational company, now part of the Corel Corporation. Their website also shows that the company operates partially in the Ukraine and is very much in support of the Ukraine during this invasion.
View attachment 1990127
However, when I reached out to MacPaw support to find out what their reasoning is for marking Parallels Desktop as suspicious and whether there are any actual security risks, I received no reply.
What I'm wondering is whether anybody has any information on any actual reported ties that Parallels may have to Russian or Belarusian developers who are identified cyberattackers, or any specific security risks that would now leave Parallels Desktop prone to specific cyberattacks, moreso than before. While I feel terrible about the plight of those in the Ukraine whose country has been invaded by Russia, I really don't see how they can actually link Parallels to any of this.
Parallels Desktop has been a key app for me for many years now, and VMWare Fusion for Mac has not yet been made publicly available for macOS Monterey, so it really seems like VMWare is quite a bit behind the game in terms of virtualization. If it did become necessary to switch to another solution for running Windows virtualized over macOS, I'm also wondering what the other viable options (if any) would be.
Reactions: weird_method
allan.nyholm
Contributor
One of the updates to CleanMyMacX via MacPaw's Setapp is the identification of Russian developers and then putting them in that category you see. It was an update on the 1st of April, so it could be an April Fool'sI've recently noticed that CleanMyMac now flags Parallels Desktop 17 as a "suspicious" app, as shown below.
As shown in the image, their apparent reasoning for this is that the app is "associated with or owned by Russian or Belarusian developers, where government authorities can access their data directly upon request and without a court order."
In other words, it seems that MacPaw is now implying that Parallels Desktop is a security risk. As a freelance translator who depends on Windows (running under Parallels Desktop), this is alarming news.
A cursory glance of Parallels corporate info shows that they are a multinational company, now part of the Corel Corporation. Their website also shows that the company operates partially in the Ukraine and is very much in support of the Ukraine during this invasion.
However, when I reached out to MacPaw support to find out what their reasoning is for marking Parallels Desktop as suspicious and whether there are any actual security risks, I received no reply.
What I'm wondering is whether anybody has any information on any actual reported ties that Parallels may have to Russian or Belarusian developers who are identified cyberattackers, or any specific security risks that would now leave Parallels Desktop prone to specific cyberattacks, moreso than before. While I feel terrible about the plight of those in the Ukraine whose country has been invaded by Russia, I really don't see how they can actually link Parallels to any of this.
Parallels Desktop has been a key app for me for many years now, and VMWare Fusion for Mac has not yet been made publicly available for macOS Monterey, so it really seems like VMWare is quite a bit behind the game in terms of virtualization. If it did become necessary to switch to another solution for running Windows virtualized over macOS, I'm also wondering what the other viable options (if any) would be.
It hasn't been taken out. I assume it's there to stay. It must be a personal thing against the developers of Parallels from MacPaw. Personally I thought that Parallels was Russia-based. I think I am not alone in thinking that? I don't use Parallels as I don't subscribe to their expensive applications for my use. Windows 10 and Windows 11 is flying with VMware 12 Player.
MacPaw as a company is really going out with a bang.
Your comment on VMware Fusion not being updated for Monterey, that's not correct. VMware 12 is out and working 100% on macOS Monterey. It's even free for personal use. So get to installing
Reactions: Jeven Stobs, Apple fan from Korea and jchap
Sep 25, 2009
An April Fool's update? Interesting. I would agree with you that there may be some personal grudges at play. I'm not sure I would agree with the sentiment that "MacPaw as a company is going out with a bang"—they do have Setapp, which apparently they're doing well with, and they have offices in other places besides the Ukraine.One of the updates to CleanMyMacX via MacPaw's Setapp is the identification of Russian developers and then putting them in that category you see. It was an update on the 1st of April, so it could be an April Fool's
It hasn't been taken out. I assume it's there to stay. It must be a personal thing against the developers of Parallels from MacPaw. Personally I thought that Parallels was Russia-based. I think I am not alone in thinking that? I don't use Parallels as I don't subscribe to their expensive applications for my use. Windows 10 and Windows 11 is flying with VMware 12 Player.
MacPaw as a company is really going out with a bang.
Your comment on VMware Fusion not being updated for Monterey, that's not correct. VMware 12 is out and working 100% on macOS Monterey. It's even free for personal use. So get to installing
Why would you think that Parallels is based in Russia? They have offices there, but I couldn't find any evidence that their development is done in Russia. Of course, it would be hard to tell, as Parallels likely wouldn't divulge the countries their developers reside in. I still found it hard to believe that Parallels would publicly voice their support of the Ukraine on one hand, while hiring developers from Russia well versed in cyberattack methods on the other.
About VMWare, I was rather confused by their current offerings. Maybe I was reading some old information. As you said, apparently they do support Monterey now. I see that they have Fusion Player and Fusion Pro, but the differences don't seem too large for the average consumer. I'll check it out in greater detail—thanks for the tip.
Sep 25, 2009
So-called "cleaner" apps for the Mac got their reputation tainted due to MacKeeper in particular, which engaged in considerably questionable behavior and marketing methods for many years, as I recall. CleanMyMac seems to have a better reputation, and in my experience it does offer some useful functionality. It seems wise not to trust it 100%, though, like anything else in the tech world...I’d hardly put much trust in CleanMyMac to be brutally honest… It’s not got, shall we say, a stellar reputation…
Last edited: Apr 11, 2022
Sep 25, 2009
MalwareBytes is a good app and I use it, but it's a bit of a different beast than CleanMyMac, being a general client-side security app with some browser extensions and so on. CleanMyMac is more of an all-in-one system optimization utility, which happens to have a malware scanning feature. Personally, I thought the user experience and interface for CleanMyMac has been done pretty well, and it seems to work as advertised.Download Malwarebytes (it’s free) and scan with that.
Last edited: Apr 11, 2022
allan.nyholm
Contributor
I've just seen too many MacPaw updates on Twitter to get the impression that they are taking their position in Ukraine too seriously. When I say that MacPaw as a company is going out with a bang - it's based on various comments elsewhere(I read their comments subjectively and I have liked their tweets in the past on their unfortunate situation in Ukraine - now I feel it's on repeat)An April Fool's update? Interesting. I would agree with you that there may be some personal grudges at play. I'm not sure I would agree with the sentiment that "MacPaw as a company is going out with a bang"—they do have Setapp, which apparently they're doing well with, and they have offices in other places besides the Ukraine.
Why would you think that Parallels is based in Russia? They have offices there, but I couldn't find any evidence that their development is done in Russia. Of course, it would be hard to tell, as Parallels likely wouldn't divulge the countries their developers reside in. I still found it hard to believe that Parallels would publicly voice their support of the Ukraine on one hand, while hiring developers from Russia well versed in cyberattack methods on the other.
About VMWare, I was rather confused by their current offerings. Maybe I was reading some old information. As you said, apparently they do support Monterey now. I see that they have Fusion Player and Fusion Pro, but the differences don't seem too large for the average consumer. I'll check it out in greater detail—thanks for the tip.
I think their Setapp service is OK. Naive comment; I would prefer they suspend their service for the duration of the war
I am with Ukraine and their people. It's just not very fitting of MacPaw being so aggressive.
They are obviously a 'loud' developer team as their applications clearly shows.
My assumptions on Parallels is based in Russia stems from a while back - years actually.. I remember the internet being on fire and I think it was then that the whole Russia thing started and some didn't want to support that Russian spies got onto the computer via Parallels.
Remember that I used the past tense description when I said that I thought that they were based in Russia. I could not care less about this as I don't ever plan to use Parallels because I have VMware 12 and that functions for me with even getting graphics acceleration on macOS Monterey installation within a VM. All on an app that's free. Doesn't get any better.
If, as you say, that Parallels has offices there, then is probably the cause of the Suspicious section - believe it or not. I see it nothing more than a personal grudge at this point and not something that is based in reality.
Unless of course the developers of Parallels actively joins the war on Ukraine by sending all their available office slaves to the frontline.
All of my comments on MacPaw and Ukraine are all my personal naive comments. I do not have the IQ to reply back in a proper manner.
Reactions: jchap
Sep 25, 2009
I'd agree that they do seem to have an "attitude" in their communications. I can understand their anxiety about the situation. I would prefer that they tone it down a bit, but then again it's not my country that's being invaded.I think their Setapp service is OK. Naive comment; I would prefer they suspend their service for the duration of the war
I am with Ukraine and their people. It's just not very fitting of MacPaw being so aggressive.
They are obviously a 'loud' developer team as their applications clearly shows.
Certainly has nothing to do with IQ. I appreciate you sharing your insights. I was wondering if it's just me who noticed this whole thing about the "Suspicious" ranking of Parallels Desktop in the CleanMyMac app. I wish I hadn't recently purchased a few Parallels licenses for my machines—VMWare might be good to check out. I remember using VMWare Fusion many years ago and wasn't impressed with its performance vs. Parallels, but things may have changed since then.All of my comments on MacPaw and Ukraine are all my personal naive comments. I do not have the IQ to reply back in a proper manner.
throAU
macrumors 604
As above, wouldn't really trust that clean my Mac...
TiggrToo
macrumors 601
The whole point of downloading Malwarebytes is to scan Parallels and get a clean result, thus showing CleanMyMac is showing a false positive.MalwareBytes is a good app and I use it, but it's a bit of a different beast than CleanMyMac, being a general client-side security app with some browser extensions and so on. CleanMyMac is more of an all-in-one system optimization utility, which happens to have a malware scanning feature. Personally, I thought the user experience and interface for CleanMyMac has been done pretty well, and it seems to work as advertised.
Sep 25, 2009
I think I understand what you're trying to say. That said, this would assume that Malwarebytes is actually capable of detecting whether a certain app is "Suspicious," under the grounds of being "an app associated with or owned by Russian or Belarusian developers," according to the language used by MacPaw in CleanMyMac. That's something that I don't believe Malwarebytes is capable of doing—it just scans for malware signatures, as I understand it.The whole point of downloading Malwarebytes is to scan Parallels and get a clean result, thus showing CleanMyMac is showing a false positive.
Reactions: TiggrToo
clevins
macrumors 6502
Jul 26, 2014
IN 20+ years of using modern (OS X/macOS based) macs, I've never used any anti virus style program. And in all that time, I've never had any infection. Delete that crap and move on with life.
Reactions: macsplusmacs, planteater and Realityck
Realityck
macrumors 68040
While I found malware software useful for windows, there is no reason to use it on a Mac except to detect malware on shared files between window and Mac users that is windows based that can’t effect a Mac. If go look at all the few malware for Macs they are all Trojans, which can easily be avoided by search for specifc files on a Mac. Like your comment I’ve never seen any malware on multiple Macs over the years, so do yourself a favor stop using these pretend to be useful applications unless you maintain windows files on you Mac in a business environment.IN 20+ years of using modern (OS X/macOS based) macs, I've never used any anti virus style program. And in all that time, I've never had any infection. Delete that crap and move on with life.
Realityck
macrumors 68040
Clearly unjustified bias involved with that alertAs shown in the image, their apparent reasoning for this is that the app is "associated with or owned by Russian or Belarusian developers, where government authorities can access their data directly upon request and without a court order."
In other words, it seems that MacPaw is now implying that Parallels Desktop is a security risk. As a freelance translator who depends on Windows (running under Parallels Desktop), this is alarming news.
CleanMyMac X is a product of MacPaw, a company with offices in Kyiv, Ukraine, and Santa Barbara, CA. It was founded in 2008 by Oleksandr Kosovan, a Ukranian developer.
TiggrToo
macrumors 601
100% categorically and verifiably wrong.While I found malware software useful for windows, there is no reason to use it on a Mac except to detect malware on shared files between window and Mac users that is windows based that can’t effect a Mac. If go look at all the few malware for Macs they are all Trojans, which can easily be avoided by search for specifc files on a Mac. Like your comment I’ve never seen any malware on multiple Macs over the years, so do yourself a favor stop using these pretend to be useful applications unless you maintain windows files on you Mac in a business environment.
Mac malware exists and has been found time and time again. Much of it can be delivered by visiting a website laced with malicious code. The exploits take advantage of unpatched vulnerabilities to gain enhanced permissions which then allows the malware to take root and do its work.
Dazzlespy, for example was a recent piece of malware that was used on pro-democracy Chinese websites. Exploiting CVE-2021-1789, it delivered its payload via mac.js that then executed some in-memory code to gain root.
”Oh I don’t visit such websites” you say.
OK, so I’ll give you SysJoker: this little bugger targeted Windows, Linux AND Mac users late last year - which had multiple different methods of getting onto your device - either via infected NPM packages, poisoned adverts or malicious downloads.
”Oh, I don’t use Javascript - I NoScript” everything and block all adverts, you say.
OK, so I’ll give you the popular app Handbrake in 2017 that, for a four day window, had the official dmg image modified by hackers to attach a trojan.
”Oh, I don’t download third party apps” you say.
Great - so what else you do with your expensive Mac other than run crippled websites and MAS only apps?
Or…you could get a Malware detection product and get you live your life - and use your expensive Mac device more.
Listen: You don’t wanna use anything then that’s your right. But please, for the love of all that is good, do NOT recommend others follow this otherwise terrible advice - especially when users can use something like Malwarebytes on demand for absolute free.
clevins
macrumors 6502
Jul 26, 2014
100% categorically and verifiably wrong.
Mac malware exists and has been found time and time again. Much of it can be delivered by visiting a website laced with malicious code. The exploits take advantage of unpatched vulnerabilities to gain enhanced permissions which then allows the malware to take root and do its work.
Dazzlespy, for example was a recent piece of malware that was used on pro-democracy Chinese websites. Exploiting CVE-2021-1789, it delivered its payload via mac.js that then executed some in-memory code to gain root.
...OK, so I’ll give you SysJoker: this little bugger targeted Windows, Linux AND Mac users late last year - which had multiple different methods of getting onto your device - either via infected NPM packages, poisoned adverts or malicious downloads
And how many people were affected by this? What percentage of Macs does that represent?Listen: You don’t wanna use anything then that’s your right. But please, for the love of all that is good, do NOT recommend others follow this otherwise terrible advice - especially when users can use something like Malwarebytes on demand for absolute free.
I never go to pro-democracy Chinese sites, so that one is irrelevant to me. Sysjoker likewise; poisoned adverts are an issue of course, but for the vast majority of folks, NPM packages are not and anyone who downloads and installs stuff willy nilly is an idiot.
it's not that Macs can't be infected. It's that once we exclude targeted attacks and attacks requiring physical access, I simply don't know of anything that's become widespread. As I've said, I've never used any AV scanner (I use adblockers and NextDNS as a firewall) but for grins, I installed and ran Malwarebytes. The result:
TiggrToo
macrumors 601
It takes ONE time to make your life a misery.And how many people were affected by this? What percentage of Macs does that represent?
I never go to pro-democracy Chinese sites, so that one is irrelevant to me. Sysjoker likewise; poisoned adverts are an issue of course, but for the vast majority of folks, NPM packages are not and anyone who downloads and installs stuff willy nilly is an idiot.
it's not that Macs can't be infected. It's that once we exclude targeted attacks and attacks requiring physical access, I simply don't know of anything that's become widespread. As I've said, I've never used any AV scanner (I use adblockers and NextDNS as a firewall) but for grins, I installed and ran Malwarebytes. The result:
View attachment 1990546
IF people want to run this stuff, fine but having these vendors tag something as suspicious for political reasons is BS and obsessing over the possibility of malware is silly.
Why risk it?
Reactions: planteater, Hella89 and jchap
clevins
macrumors 6502
Jul 26, 2014
Never leave the house. You might get hit by a car or struck by lightning or... ANYTHING. It only takes one time! Why risk it!!!It takes ONE time to make your life a misery.
Why risk it?
Look, if there's a shared Mac or it's known that people who use a Mac are careless with downloads, sure fine. But I look at my 22 years of no infection despite using every OS X version since 10.0 and I just can't be overly concerned.
Realityck
macrumors 68040
User education against computer security best practices can prevent a lot of things from occurring on a Mac. If you see your Safari or Firefox browser which should be always running in private mode go to something that is unusual and purposely looks like it trying to execute a process, or start a download then just quit the application. You're not retaining any script, cache, web data at all. If you find something in downloads related to this instance then just delete it. As I said most malware over the years has been trojans. They are easy to prevent execution. You mention a open source application being hacked adding a trojan for one instance that is extremely rare. I seen probably the worst sites that try in vain to run something against a Mac, but its mostly fake alerts to get you to buy things like cleanmymac.100% categorically and verifiably wrong.
Mac malware exists and has been found time and time again. Much of it can be delivered by visiting a website laced with malicious code.
Reactions: Hella89
TiggrToo
macrumors 601
Hyperbole.Never leave the house. You might get hit by a car or struck by lightning or... ANYTHING. It only takes one time! Why risk it!!!
Look, if there's a shared Mac or it's known that people who use a Mac are careless with downloads, sure fine. But I look at my 22 years of no infection despite using every OS X version since 10.0 and I just can't be overly concerned.
Your PERSONAL experience doesn‘t matter a hill of beans. YOU are not everyone.
I’ve not been actively infected in my life either - although I’ve had two hits on potentials.
My brother-in-law - not so lucky.
Why do you think YOU represent everyone else?
My advice is for the masses. Your advice is for the elite. Who uses computers more?
Reactions: planteater and Hella89
What are you worried about? How would Putin access your desktop? Parallels is not even a Russian company https://en.wikipedia.org/wiki/Parallels_(company)In other words, it seems that MacPaw is now implying that Parallels Desktop is a security risk. As a freelance translator who depends on Windows (running under Parallels Desktop), this is alarming news.
You should use KnockKnock (from my favorite security developer), or Malwarebytes which has been recommended already.
TiggrToo
macrumors 601
To use your logic, why would anyone carry any more car insurance than is legally required if they’ve never had an accident in all their years of driving?Never leave the house. You might get hit by a car or struck by lightning or... ANYTHING. It only takes one time! Why risk it!!!
Look, if there's a shared Mac or it's known that people who use a Mac are careless with downloads, sure fine. But I look at my 22 years of no infection despite using every OS X version since 10.0 and I just can't be overly concerned.
Your mindset is: it’s not happened to me therefore it’ll never happen to anyone.
clevins
macrumors 6502
Jul 26, 2014
Sigh. No. My mindset is 'in 22 years it's not happened to me so I'm not going to worry about it.' I don't really give a crap what the rest of you do, but I do dislike promoting fear. Most people are fine without AV software, especially if they use a content blocker and aren't complete idiots. Acting like there's serious risk lurking around every corner isn't caution, it's paranoia.To use your logic, why would anyone carry any more car insurance than is legally required if they’ve never had an accident in all their years of driving?
Your mindset is: it’s not happened to me therefore it’ll never happen to anyone.
I never claimed to. You decided you would put words in my mouth, then objected to your own words. Why do YOU think YOU represent the masses?Why do you think YOU represent everyone else?
My advice is for the masses. Your advice is for the elite. Who uses computers more?
Bye now.
Last edited: Apr 12, 2022
Realityck
macrumors 68040
Why MacOS is considered very safe
App security overview
Apple provides layers of protection to help ensure that apps are free of known malware and haven’t been tampered with.
support.apple.com
Last edited: Wednesday at 6:15 PM
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK