Skip to comments.Computer Question: Security, Windows XP vs Windows 7 Ultimate
Posted on 07/05/2011 12:46:30 AM PDT by Yosemitest
From what I've read, you need security appropriate for Windows on the "Parallels Desktop 6 for Mac" side due to malware that attacks Microsoft.
I'm currently using Online Armor++.
Check it out at Giveaway of the Day - Online Armor.
From what I've read, you need security appropriate for Windows on the "Parallels Desktop 6 for Mac" side due to malware that attacks Microsoft.That depends on how you're using the Windows VM. If you are accessing the Internet from the Windows VM, then you need the same protection you would need with a native machine. For example, I only use my Windows VM to run Office and some software development tools, so I'm not doing the types of things that can lead to virus infections.
I don't know about Armor++, so I can't express an opinion. I tell people to avoid Norton (bloated and buggy), and I've heard good things about Avast.
Obviously Microsoft needs to release a FR accelerator patch.
Thanks for the info.
If you're open on the Snow Leopard side and you have Windows open and minimized, wouldn't any virus attack see the Windows file?Your Windows VM can't get infected by what you're doing on the Mac host computer, and vise versa. (Actually, it is theoretically possible that someone could write a Mac virus that hunted down the Windows VM and infect it, but AFAIK no one has ever developed such software).
They really act like completely separate computers. The only significant difference is that the Mac host computer may (depending on how the network is configured) act as an additional firewall between the Windows VM and the Internet.
If you’re running W7, and need to run older (XP) sofware, you can download a free XP VM image from MS that will run as a VM under Windows 7. You don’t have to dual boot.
If you’re committed to making the change to MAC, then I say go for it. I personally don’t care for the MAC, but I will candidly say that most of that is probably due to unfamiliarity rather than anything inherent in the MAC system. As such, my views are just that - my subjective views - and thus have little bearing on your situation.
I also know that unfamiliarity affects people switching from WinXP - or WinVista - to Win7, because I just bought my wife a new laptop with Win7 and it took me a while to figure out where things were.
As for Win7 versus WinXP: there the unfamiliarity aspect definitely kicks in. Win7 is as alien, if you will, to WinXP as Mac OS X is, in many respects. That being said, as much as Microsoft’s OS engineers deserve to be roundly kicked in the pants on a regular basis, even they manage to learn from experience, and they have learned a thing or two from the security holes in WinXP.
Also, in terms of performance (i.e., speed, which is what most folks look for), I would keep in mind that a lot of what slows an OS down are the hardware drivers, and Microsoft has only some control over what goes into coding a driver. Also, here, unfamiliarity can cause problems; the APIs and driver hooks for WinXP are well-known (comparatively) and the writers of driver software are comfortable with writing for XP and have honed most of the inefficiencies out of their code. The same does not apply to Win7, which has made a lot of changes that affect drivers and driver code writers. That means that there will be a lot more inefficiency in the driver software until the code writers get more comfortable with the new APIs and the new relationship of drivers to OS in the Win7 code base.
Also, WinXP was much more tolerant of poorly written driver code than Win7, or even Vista, is. That means that WinXP is less likely to have a fit over a poorly written driver and therefore won’t appear to lock up when Win7 and Vista would lock up. However, that flexibility is a two-edged sword, because the same “flexibility” that allows WinXP to tolerate poorly written drivers is an open invitation for malware writers to write exploits that use that “flexibility” to get into the system.
It is not purely coincidental that one of the major ways of taking over a system is to shim your own driver in between two legitimate drivers in the driver stack (basically, there are several layers of code between the user experience - the user interface - and the cold, hard physical stuff, and there generally has to be a driver - a translator if you will - between each layer). So long as your ersatz driver passes the usual traffic up and down the driver stack, it can do lots of other things that you really don’t want it to be doing. In addition, it can mess with the traffic passing up and down the driver stack; without a secure auditing system, that messing around is almost impossible to detect (even with an auditing system it can be hard to detect).
Thus, precisely because WinXP is more “flexible” and will tolerate a lot more misbehaviour from drivers, it is much easier to insert a driver into WinXP that can engage in a lot of evil activity that WinXP will simply ignore as being just more driver misbehaviour.
Putting those two together, it is entirely possible that if you just take, e.g., the printer you have that worked fine on WinXP and plug it into a Win7 box, that printer will give Win7 indigestion until you get the correct, updated drivers from the manufacturer - unfortunately, many hardware makers don’t make their updated drivers automatically available, so you have to go looking for them, and even worse, many of them won’t support even not-so-old equipment and won’t, for example, write a new Win7 driver to accomodate a three-year-old piece of equipment. While that is truly annoying, it is more the fault of the hardware maker than it is of Microsoft.
Lastly, if you do have access to a good sandbox or virtual machine software, that could very well give you the environment you need to run a virtual install of WinXP as needed (Win7 might not sandbox as easily until the virtual machine writers get up to speed on it). Provided you’re running a good, robust virtual machine, I rather seriously doubt if anything you might catch with the XP install would carry over to your native MAC installation.
It is theoretically possible to write stuff like that - there are malware writers out there who are good enough that their code can determine if it’s running in a virtual environment - typically used to reverse-engineer the malware - and to alter its behaviour accordingly; however, as a practical reality you are almost certainly never going to run into something like that. It would require a malware writer who was good enough to write code that could detect that it’s being run on a virtual machine and be able to break out of that machine, and who wrote code to specifically attack a MAC OS X system running that virtual machine.
If you think that your odds of getting attacked by malware with that combination of features are high, then you’d probably be better off investing your money in lottery tickets, because the odds of winning the lottery are better than being attacked by malware with that combination of features.
At any rate, my apologies for the much-too-long saga. I would say again that if you’re committed to going the MAC route, you should go for it whole-hog - no half-measures: read up on it, get to know what it’s strong points and weaknesses are, learn how to use it securely, and learn as much as you can about what makes it tick. Think of it this way, it’s analogous to deciding to switch from an automatic transmission to a stick-shift: there’s no real point in doing that unless you’re willing to learn things like down-shifting.
What, specifically, do you want to do in XP or Windows 7 that you feel you can’t or don’t want to do within OS X? Without that info, any recommendation is incomplete and potentially unhelpful.
“What’s the security like under UBUNTU or KUBUNTU?
Since it’s an open system, isn’t it very acceptable to all sorts of malware? “
Rock solid, and no real viruses to speak of. That doesn’t mean it couldn’t happen, but there isn’t much reason for virus writers to write for Linux. Linux distributions, especially the Debian-based systems like Ubuntu and Linux Mint are auto-updating. The systems are automatically updated daily behind the scenes and so vulnerabilities are fixed quickly.
Linux was designed to be more secure from the start; Windows was written for home users in the pre-internet era. Computer security for early Windows programmers was to keep the door locked. Linux was crafted after the Unix/BSD tradition, used for corporate mainframes where security was an issue.
Mac OSX is based on BSD, so Linux and OSX are cousins in a way.
I’ve run Linux for the past five years — Kubuntu, Ubuntu and next will be going with Linux Mint. Not one virus.
Linux is very stable and you have a literal ton of free programs to choose from, most found in the repository of your distribution. If you want a program you choose it on a list, click OK and it will auto-install.
Games are another issue. If you’re into games on the side, you’ll need to dual-boot into Windows. Same goes for any proprietary program you can’t do without, but for the most part Linux has an alternative package that will do just as well.
Check out Linux Mint and Ubuntu — both are Debian-based and can update software easily.
Some Linux Alternatives
* may not be as powerful in some cases, but don’t cost $hundreds.
MS Office => LibreOffice, OpenOffice
Photoshop => Gimp, Krita
Adobe Illustrator => Inkscape
Adobe Indesign => Scribus
Media players => huge number, too great to even list
DVD players => Kaffeine, and many more
Freemind Mind Mapper
Google Chrome => Chromium
Geany — awesome light text editor
And hundreds of others
Rest is always best. Again, based on what you’ve said, definitely go for the MAC, and quite frankly, if everyone you work with who has a PC prefers XP, then I’d say go with XP if - and that’s the crucial part - you have a good virtual machine. With a good virtual machine, you probably won’t get more than the average amount of attacks that would hit a regular XP install, and you almost certainly won’t get any spillover into your native MAC installation.
Also, just one little point of clarification on the driver shim: it’s not a matter of similarly spelled drivers, but rather of inserting a new driver between two existing drivers in the logical flow of information; Microsoft itself does this routinely with a lot of the diagnostic stuff, for example. A good example is Microsoft’s Network Monitor, which shims drivers into the network stack so that it can intercept and display IP packets going to and from your network card.
Think of it this way: App1 has to be able to “talk” to the screen, I’ll call it Screen1, to display information. To do that, App1’s information has to be translated into a form that the screen hardware will accept and display as an ordered set of LCD pixels. To make that translation, there is a driver, call it ScreenDriver, that sits between the two, so schematically it looks like:
App1 —> ScreenDriver —> Screen1
Now, App1 doesn’t know anything about the internal workings of Screen1; all it knows is that it spits out the ASCII line “hello world” and Screen1 then flips LCD pixels so that the lighted pixels arrange themselves to show that same phrase in lighted pixels.
It’s sort of as if App1 only spoke Russian, and Screen1 only spoke Mandarin: ScreenDriver is bilingual and speaks both.
Now, say that Hacker comes along and - for whatever reason - wants to intercept that traffic and reverse every sentence. To do that, Hacker can simply insert a new driver either between App1 and ScreenDriver, or between ScreenDriver and Screen1 - call it HackerDriver.
One configuration would be as follows:
App1 —> ScreenDriver —> HackerDriver —> Screen1
HackerDriver would need to speak Mandarin and Russian, even though it sits between two Mandarin speakers. It would work most simply by taking data from ScreenDriver, reverse engineering it so that it could figure out what Russian sentence the Mandarin it got from ScreenDriver was supposed to be, altering that Russian sentence, and then retranslating it into Mandarin before sending it off to Screen1.
Screen1, not knowing the original Russian that App1 sent - by definition - would happily display the altered sentence “dlrow olleh” and would send back an “OK” signal to confirm that it received the data - in Mandarin - and was able to display it. HackerDriver would then pass that confirmation back to ScreenDriver - after filtering it first to make sure that Screen1 wasn’t trying to pass back a digest or some other tell-tale of the actual data that was displayed (that would be an audit trail of a sort).
ScreenDriver would receive the “OK” signal from, to all intents and purposes, Screen1, and would in turn confirm back to App1 that the data was properly received and displayed.
Nonetheless, the user would immediately see that something funny was going on between his fingers hitting the keyboard and what was being displayed on the screen.
Of course, in the meantime, HackerDriver could be doing other nasty stuff because a lot of drivers are actually allowed to execute portions of their code within the so-called kernal-space of the OS - the protected inner sanctum.
Security has been completely overhauled and refactored for Win7. For example, let’s say in XP that you want to open the clock to watch the seconds tick to time something. That requires higher privileges because the same panel that shows the clock also allows you to set the time. Now showing the clock and setting time are split permissions-wise. This has been done in hundreds of places throughout Win7.
So before where you needed to run as admin to get anything done, you can now easily run as a regular user. That right there gives you much better security. It also vastly reduces the annoying security popups, meaning you are less likely to turn off that feature (Win7 also adds registry virtualization to further reduce it for legacy apps).
Furthermore, they refactored the code itself, making sure everything is relatively cleanly dependent on something lower down, where before it was a spiderweb of dependencies, down, sideways and up, and that hurts security. That directly impacts the security, and a cleaner, saner dependency model makes for better security.
Now that’s just basic architecture changes that make it more secure, not any specific technologies they used to do it, like address space layout randomization.
No Johnny...they do not. Sorry for your mis-preception.
If you are unwilling or unable to afford to buy a legal copy of your operating system,
Neither of which is applicable in my case. I have 3 valid XP Pro licenses on my machine. Again, sorry.
Windows from some random download site, there is the fact that this is is stealing.
Again, 3rd time, sorry Johnny...XP is, and has been for a year or so, available and fully supported by MS from DL on the web.
Nice that you're a Linux fanboi, nothing against them. I have a free Linnux disc setting on my desk. Ubuntu 8.04.1 LTS...screwed up my entire computer and I had to re-format the entire Hard Drive when I tried to install it.
I'm just not geeky enough....and don't want to be. I use my computers...I don't like them to use me.
Supposedly (triple underline that word in this context) there is a way to call MS and explain to them that you’re not installing on a new machine - it’s just that you’ve modified your existing machine and (again supposedly) they are supposed to be able to give you what is in effect, a variance or a waiver.
However there is theory and there is practice. This may not always work. At some point they might just say “no mas”.
XP is, and has been for a year or so, available and fully supported by MS from DL on the web.I have had subscriptions to MSDN, so I know about being able to download software from Microsoft. However, that is certainly not free.
If Microsoft is providing free, legal downloadable copies of WinXP and/or Win7, please be so kind as to provide a link. I would find that very useful.
I too would be glad to see Linux become the standard platform but it ain’t happened yet - so basically Windows is a necessary “evil” - unless you’re a mac head which I’m not.
I’m old enough to remember OS2 but I only became a geek late in life so I never actually used it. They say it was damned good though. IBM has a whole slew of woulda/shoulda/coulda’s - OS2 being only one of them.
Did anyone ping swordmaker...
Not to mention the fact that MS is likely to be able to detect this sort of piracy and lock you out from using the illegal product..................
This is the situation I in now....I was using a Gateway system with XP..for 5 years or so. In the past weeks I was hit a few times but Trend Micro seemed to do it’s thing.
However the Computer was slow to boot and had a couple of crashes.
I put a machine together from Tiger Direct motherboard/cpu combo,and all new devices.
I loaded XP and at activation, got the old “Product Key invalid thing. I called Microsoft, they told me that the Gateway XP op sys was on the internet, and they wouldn’t give me a new key.
So now I’m stuck.. gonna have to go buy W7
The version of my lagitemit XP an OEM from Gateway
If the hardware can handle it 7 is a great OS. People who fled from it either put it on machines that weren’t up to snuff, or are just whiners. It’s fast, it’s stable, the search function kicks butt. Not to mention that it’s NOT 10 years old, XP is about a block and a half away from the ash-heap of history.
All my old stuff worked fine on 7. The compatibility jump is a real “your mileage may vary” situation. It all depends on how well the vendor was keeping up. I did a dual boot when I set mine up, expecting problems, I booted to XP twice in the 18 months since I made the jump.
If you need to scrub your machine frequently why not use ghost? It’s free on a hirens, save an image of your clean install, do your dirty work, and scrub. Faster than re-installing and doesn’t use up your licenses. I wouldn’t even try to run my test lab without ghost.
Those messages aren’t Window’s fault. That’s the makers of your software doing a crappy job writing their code and Windows detecting it slightly before the crappy code crashes.
If you need to scrub your machine frequently why not use ghost?I have used Ghost, although I typically just book a Linux live CD and use that.
Actually, since about 2003, I've mainly used VMs, which allow me to recover in a few seconds.
I know that I can call up their support line and get a new activation number. But it annoys me that Microsoft assumes that I'm a thief.
For the extra 40 bucks, A Win7/64 Home will probably do all you want it to. And it is the 64bit (if you're box can handle it) that make Vista/Seven so superior to XP (whose 64bit version was always hinky.) But even the 32bit Seven is preferable to XP... If not for the eye-candy and superior graphics, even if only for the repairs to known exploits it is worth the upgrade. But it is 64bit that you should be shooting for - It is 64bit that allows you to access ALL of the computing power possible in modern processors, and that gives you an ability to manage enormous quantities of RAM memory (32bit systems can only handle 3g).
As far as security is concerned, I would say that Seven is a bit better than XP - Again, many known exploits in XP era subsystems has been tightened up in Vista/Seven. UAC provides a basic block to older viruses (albeit that newer viruses go right through it), and the Win7 firewall is more manageable.
The xp emulator cost me $100 because I had to upgrade from 7 home to professional and I already said that the emulator only operates in 16 bits color and lags so badly - like 3 frames per second - that it was just a waste of money and time. TY
I’m running it at home, and it seems to work fine. I’m running 4*3GHz cores and 8GB of ram.
The software codes load and operate beautifully on xp. Microsoft simply did a profiteering scheme by refusing to make the 7 system compatible with xp requiring you to spend even more money on expensive new software that is compatible. I learned this first hand when I paid over $150 for a new version of an application that said it was 7 compatible. The new version had not been fully tested and during installation it asked if I wanted to participate in a debugging program to help improve the software! They want you to do the work they didn’t do when they rushed off their product before it was ready and they don’t pay you for your time solving their dysfunctional applications. I have logged over eight instances how the new version of this software is less functional than the xp version and came to the ultimate conclusion that NOTHING NEW EVER WORKS. TY.
Are you saying that my 2.2GHz cores and 3GB ram aren't fast enough for 7 pro, because ms says that I only need 1GHz and 2BG. Do you think I need to $$$upgrade$$$?
7 is compatible with XP if the code was written write. Where a lot of 32-bit apps run into a problem on 7 (and the other 64-bit Windows too) is if they access their directory and the registry through absolute paths rather than the way MS has been recommending for ages by using the system variables. That causes them to go looking for themselves in “program files” rather “program files (x86)” and all hell breaks lose. That’s not MS’s fault, they’d been recommending that particular method of doing things since Win95, but some people insist they know best.
And it’s not MS’s fault the makers of your software lied. Lots of new stuff works fine, some companies suck, that’s life. Stop doing business with them and go find somebody that doesn’t. And shouting doesn’t make it so, it just shows that you’re being emotional and not bothering to think, throwing blame everywhere instead of where it belongs. You bought bad software, that’s unfortunate, but it’s not the OS’s fault.
MACs are not secure, period. First, just as with Windows, there are plenty of security vulnerabilities created by third-party apps. For example, Skype 5 for MAC - that's "for MAC," not just Skype 5 generically - has a vulnerability that "allows remote chatters to gain control of a system" - from Macworld, May 6, 2011.
Conservatives generally recognize that journalism is biased; I like to think that I have studied that phenomenon more deeply than most. One observation I would make is that although journalists do sometimes lie, the deceptive half truth is generally their weapon of choice. This is even explicitly codified in the "'Man Bites Dog' rather than 'Dog Bites Man'" preference of journalism. And here we have an example of that in an FR comment: an example of excessive flexibility in coding for an application (Skype) turns up in an exploit, and it is news. It might have seemed like news, to be fair, if it happened to Win 7 - but in any previous incarnation of Windows it would have been strictly a "Dog Bites Man" story. And the story is extrapolated to other applications by citing it as an "example" when, so far as I am aware, no other app has been implicated. Nor, I warrant, will it be - the permissiveness which allowed Skype's coding malpractice to run under OS X has surely been corrected by now.
Second, the MAC OS itself is no more inherently secure than Windows. For example, there is a piece of MAC-specific malware, called "Mac Defender" - cute name, I guess hackers have a sense of irony, if you will - that Apple has admitted is a problem
Oops. Apparently, a false sense of inherent security lulls one to sleep. As someone once said, that which doesn't kill you makes you stronger, and PC users appear to have grown stronger from their lack of false security.Meanwhile, Mac users are just as vulnerable to Web-based attacks like phishing as PC users are, and Mac users who fall prey to phishing tend to lose more money on average than PC users do, the survey found.
Which is it? Are Mac users too credulous of the claims that Mac is substantially more difficult to produce self-replicating viruses for - or are Mac users too credulous of claims (such as your own) that we need to install whatever fly-by-night "antivirus" software comes at us over the Internet proclaiming that the sky is falling?
What it really comes down to is the subjective measure - how comfortable are you with this or that OS - and not some supposedly objective measure of security, not because security isn't an issue, but because MAC and Win7 are pretty much neck and neck - each has different vulnerabilities, but both are vulnerable - and because the biggest threat isn't in the software, it's in the wetware between the user's ears.
I know that you are correct, regarding the Mac at least. I hope you are correct in saying that Win7 is as resistant as OS X.I'm for taking good security measures, but I decided that if distinct self-replicating viruses number in the thousands which can turn my computer against my security are effective against my system, I was using the wrong OS. And that's why I dropped Windows. I know that it's impossible to make, and prove, 100% reliable security. I just don't want to be so vulnerable that I am an easy target for phishing attacks exploiting my knowledge of that vulnerability.
"If you look at the number of published vulnerabilities in software and the number of users and compare Windows versus Mac OS you will discover that Mac OS has far more published vulnerabilities per user than Windows does so I think the data pretty much speaks for itself.What, precisely, does "published vulnerabilities per user" mean? That metric seems to suggest that if there are, for example, ten vulnerabilities in Linux that is a bigger problem than a hundred vulnerabilities in Windows if there are more than ten times as many Windows users than Linux users. And I just don't see why that would be the case. Nor do I see how all "vulnerabilities" are equal. Either a "vulnerability" produces an attack on my computer or it doesn't. And if it doesn't, that either means that it is an illusory "vulnerability" or that the OS supplier has nipped it in the bud. The only thing that matters is how hard it is for me to keep my computer exclusively under my control.
I am always amazed at the common statements that are repeated....
“I tried windows [whatever] but is was so terrible I down graded back to windows 1.0 until they perfect [whatever]”
It sounds like you have enough processor, but you need to realize the when your run VM’s like that you’re essentially running multiple computers in the same address space. There’s a setting on the XP VM that tells it how much memory to allocate for the VM. The default is fairly low. If you’re using memory intensive applications in the VM you may need to allocate more memory to it. If it’s constantly paging the swap file, the performance is going to suck. How bad it sucks will depend on how fast and maybe how fragmented your HD is.
That’s the big issue w/respect to WinXP: drivers. You’re beholden to the vendors to supply drivers for contemporary hardware that are backwards compatible with legacy O/S WinXP.
Case in point: SATA drives in WinXP. Not that it can’t be done, but there will be additional hoops to jump through.
The biggest problem will be w/respect to upgrading the motherboard down the road. The device drivers specific to contemporary motherboard may not be WinXP compatible. Peripherals may become obsolete if large volume sales haven’t been realized by the vendor; drivers may not be available for now ‘legacy’ hardware.
That was an issue with a gfx card I ran into that previously ran fine in Win98SE. The BIOS had to be flashed for the gfx card to accomodate the newer method that the O/S hooks the hardware firmware; otherwise a blsckscreen during boot was encountered, i.e., the monitor would go into standby (requiring manual power off the monitor and turning back on).
With respect to the security model, the security flaws of XP are resolved and implemented in the base code for Win7. That being said, the O/S itself should never be considered the frontline defense from a security perspective. That is relegated to access control list, firewall, host intrusion prevention and anti-virus. With the inherent security of NTFS and group policy the Win7 is intrinsically more secure than WinXP.
My advice is to consider Win7 primarily for forward compatibility concerns. Yes, the large corporate IT environments have issue migrating to Win7, but that’s because they have larger issues at stake concerning security policy and implementation of software as dictated by such policy.
Economically speaking, you’re probably better off getting Windows 7 Ultimate.
Windows XP will, like it or not, will soon enough go the way of Windows 95. Since it is now two releases behind and 11 years old, that argues that it will be sooner rather than later.
Although primarily a Linux user, i’ve had both Windows XP and Windows 7. Both have their strong points, and both have their less than commendable areas.
IMO, it is probably better to go with Windows 7 for longevity purposes.
The OS commented upon is WinXP. Nowhere in the comment do I say it is available from MS or a MS website. Perhaps, I did not state this in a clear and easily understood comment.
What is said, is that MS supports any WinXP OS system by way of updates from their web sites. If a person has WinXP on their computer they can DL updates for thei OS from MicroSoft at the MicroSoft support website. Micosoft Windows Update...its best to use Internet Explorer to do this.
I hope this clarifies.
I will “ditto” everything the good pastor said. An “open system” such as linux is not inherently less secure. The “open” reference concerns who develops and maintains the linux kernel and its related applications (which is a wide and changing group of people), NOT to it being an open door for viruses, etc.
I have run Ubuntu and Mint and am now trying Zorin, all linux “flavors”. The last of these is meant to look and “feel” like Win 7.
Getting a “dual boot” machine with XP or Win 7 AND a linux distribution is great.
And LINUX is far superior to Apple or Microsoft in the malware, virus, etc., area for the precise reasons PastorBooks described.
It is a fun system if you even 0.5% geek.
I studied Linux and Fortran in college in the early '80s, but I've forgotten it. I'll give it some thought.
Most of my computer time now days is spent looking for old parts for old farm equipment, shopping on e-bay, or researching items of interest, and of course, Free Republic.
Thanks, I’ll have to find out it Parallels can handle the 64 bit Windows 7 under IMac.
The neat thing about virtual machines is snapshots. Before trying something questionable, you can take a snapshot of the virtual machine. If something goes wrong, such as a virus infection or something, you just restore the snapshot, and everything is back to normal (virus gone, browser history gone, etc.).
If you like to surf especially hazardous places on the web, you may wish to build an Ubuntu Linux virtual machine (and use the snapshot facility). Firefox and Chrome work fine on Ubuntu. Ubuntu is immune to most malware. And, if it's not, you are running in a VM, so you have the virtual machine isolation protecting you, and the snapshot fallback is immediately available.
In any case, the virtual machine is fairly well isolated from your Mac's native file system. It might as well be running in another machine on your LAN. The risks are comparable. E.g., if you had Windows running in another physical machine on your LAN, and it got infected with a virus, and it has access to your Mac's file system via network shares, then bad things can happen. It's the same for a virtual machine.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.