An interesting thought occurred to me over Thanksgiving vacation thousands of miles from my home in Silicon Valley. While I do most of my work on the 2021 M1-based MacBook Pro, I occasionally need access to a Windows PC for specific applications that aren’t available on macOS.

My recent problem was that my Dell XPS 13 Plus was back in California because I didn’t want to take two laptops with me on vacation. I suspect I am not the only one facing this challenge.

While Apple’s macOS has grown in sophistication and capability over the past decade — especially if you have an iPhone or iPad and enjoy the benefits of an “ecosystem” — many users may need access to Windows-only apps. . Or, more generally, features that may not be available in the macOS versions of these apps. The latter is the category I regularly fall into.

Most companies have adopted both macOS and Windows to give users a choice at the business level, even though Windows is the dominant OS in the corporate space. After all, Windows PCs are generally more affordable than their Mac counterparts. Windows PCs are also somewhat easier to manage and secure from an enterprise fleet perspective, a selling point that appeals strongly to CIOs.

Windows apps may differ from Mac counterparts

Although the number isn’t huge, some Windows apps don’t have equivalent macOS versions. Many of these apps are relatively niche as they are development tools or applications written specifically for Windows. In all likelihood, this is an issue that won’t affect most mainstream users.

Legacy apps like Pinnacle Systems’ Studio, a video editing app that’s been around for more than a decade, don’t have an equivalent macOS version. It is always a good practice to make sure that you are using an app that is available on both macOS and Windows.

Nevertheless, frustrating problems can still occur when an app appears to be available for both macOS and Windows. For example, some feature specifics in Microsoft Office apps: there is no universal inbox support in the Windows version of Outlook and the inability to have an embedded YouTube player in the Windows versions of Word and PowerPoint.

These links will help explain some of the specific feature differences between the Mac and Windows versions of the Office 365 apps: Outlook | power point.

Admittedly, the list of differences in features isn’t huge, but these differences can be annoying, so having access to the Windows version of Outlook can be helpful.

Based on my conversations with Microsoft insiders, the company’s ultimate goal is complete feature parity between the macOS and Windows versions. However, in my view, this may not be the case for long.

All this leads to my contention that the ability to run Windows on a Mac is always a convenient backup plan should you want access to native Windows apps.

Bootcamp Great, With Limitations

Apple realized that situation in 2006 when it released Boot Camp. At the time, macOS had a much smaller market share than it does today, and it did not enjoy the wider app availability of Windows.

Boot Camp provides the ability to create a dual boot, where you can easily use either Windows or macOS, although not at the same time.

For some users, this is an attractive solution. But there are some significant challenges with this approach.

First, you won’t be able to go back and forth between Windows and macOS to share content in real-time. More importantly, Boot Camp only works with Intel-based Macs. This scenario is less appealing because Apple has clearly messaged that its desktops and laptops will run Apple Silicon in the future, starting with the M1 chip.

Therefore, if you recently purchased a Mac with an M1 or M2 processor, the Boot Camp option isn’t available to you.

Parallels offers the best of both worlds

For the past several years, I’ve used Parallels, a popular software utility that allows you to use Windows on a Mac by creating what’s known as a virtual machine. Technically, the Mac shares the computer’s resources with the Parallels virtual machine(s) and allows the Mac to operate as a standalone device.

There are many advantages to this approach. Right from the start, Parallels has allowed you to run multiple operating systems, not just Windows. You can also use various iterations of Linux, although this may be too “advanced dance lessons” for most mainstream users who need occasional access to Windows.

The other advantage I find enjoyable is that Parallels removes the need to boot into Windows or macOS. Parallels has a cool feature called “Coherence mode”, which allows you to run Windows programs in a macOS environment.

However, for usability reasons, you may just want to run Windows in a separate window (no pun intended). You can also easily copy, cut, and paste content such as files, images, videos, etc. between the two operating systems.

Parallels on a Mac computer running Windows 11

The Mac notebook is using Parallels to run the Windows 11 operating system in a dedicated window in macOS. (Image credit: Parallels International)

Parallels is not the only software utility on the market that can do this trick. VMware offers a comparable utility called Fusion. But Parallels’ advantage over Fusion is that it works on both Intel and Apple M-based Mac devices.

analyst view

I believe the ability to run Windows on a Mac is one of the most unheralded stories in the PC space and deserves more attention.

As I’ve written before, this feature attribute “How did I live without this ability?” comes under the category of I do not consider this an exaggeration, as many consumers cannot afford a Mac and a Windows PC. Often, it is an either/or situation dictated by affordability considerations.

While I don’t use Parallels every day, the convenience of accessing Windows apps without the need for a separate PC has been a game-changer for me.

What is also surprising to me is that Windows runs smoothly on the Mac. While the major PC OEMs (primarily HP, Dell, and Lenovo) have made great strides in improving the overall user experience with driver and firmware updates, I’ve had my fair share of upgrade challenges when updating Windows.

Because Parallels runs as a virtual machine on your PC, Windows runs more smoothly without the “hiccups” that driver updates will sometimes cause.

some exceptions

Still, running Windows on a Mac using Parallels isn’t for everyone. This approach won’t cut it if you’re a hardcore gamer, as most popular PC games require discrete graphics and multi-core processors from Intel or AMD, which the virtual machine approach isn’t optimized to address.

I also wouldn’t recommend Parallels to Windows users who are video content professionals, as Windows apps running under Parallels will disappoint from a performance perspective.

Also, keep in mind that if you have an Apple Silicon-based Mac, it will only run the Arm-based version of Windows, which has limitations. Drivers for hardware, games, and apps will only work if they’re designed for the ARM version of Windows. From a practical point of view, 64-bit (x64) apps will not work. You have to be careful and check whether a specific Windows app requires 64-bit support.

Nevertheless, there are a significant number of mainstream users with basic Windows productivity application needs who may be easily satisfied with the capabilities that Parallels provides for Mac users.

Interestingly, overall PC growth has been flat over the past few quarters following a pandemic-related market surge in 2020, 2021 and early 2022, but Apple has paid significantly more for its computers versus comparably configured PCs. It has continued to increase its share irrespective of the prices.

Apple’s Ecosystem Advantage

The tight integration between the iPhone, iPad, and Mac continues to resonate with many users. A great example of the strength of this ecosystem is the exclusive native text/SMS messaging service on the Mac, which is not available on the Windows platform.

If you’re an Android smartphone user, the advantage of the Apple ecosystem is gone as many apps allow you to access Android text/SMS messages on your Mac.

Mac users know what I mean when they consider the convenience of using a keyboard on a computer to send iMessage or SMS. Apple, in my view, is unlikely to ever deliver a “key to the kingdom” for that specific feature.

Equal Productivity Allowances

Putting the ecosystem element aside, more Mac users should consider using Parallels to expand their overall productivity if they need regular access to Windows.

At $99 for Parallels’ standard edition, it’s a cheap way to avoid buying a dedicated Windows PC — and that scenario may ultimately be what scares the dickens out of big PC makers.

Will using Parallels eliminate the need to buy an independent Windows laptop? Because of the caveats above, the answer is not clear. If you’re a “power” Windows user, you may need a lot more performance than the virtual Windows experience can provide.

However, the reality is that there are a non-trivial number of Mac users with occasional access to Windows for productivity applications who could benefit from a virtual operating system experience to avoid the hassle and expense of owning a separate Windows PC. Huh.

A massive phishing campaign built on typoquoting is targeting Windows and Android users with malware, according to a dangerous intelligence firm and cybersecurity website.

More than 200 typoquoting domains are currently used in an ongoing campaign that impersonates 27 brands to trick Web surfers into downloading malicious software to their computers and phones, BleepingComputer reported Sunday.

Threat intelligence firm Cyble revealed the campaign in a blog last week. It reported that phishing websites trick visitors into impersonating Google Wallet, PayPal and Snapchat to download fake Android applications that contain the ERMAC banking trojan.

BleepingComputer explained that while Cyble focused the campaign’s Android malware, a much larger operation aimed at Windows is being deployed by similar threat actors. That campaign features more than 90 websites designed to advance malware and steal cryptocurrency recovery keys.

Typosquatting is an age-old technique of redirecting cyberspace travelers to malicious websites. In this campaign, BleepingComputer explained, the domains used are too close to the original, with a letter swapped out of the domain or an “s” added to it.

It added that the phishing sites also appear to be authentic. They are either clones of real sites or enough to fool a casual visitor.

Typically, victims end up on sites by making typos in the URLs entered in the browser’s address bar, this continues, but URLs are sometimes entered in emails, SMS messages, and on social media as well.

“Typosquatting is not novel,” said Sherrod DeGripo, vice president for threat research and detection at Proofpoint, an enterprise security company in Sunnyvale, Calif.

“Goggle.com was accidentally sending visitors to a malicious site with drive-by malware downloads as early as 2006,” DeGrippo told TechNewsWorld.

abnormal scale

Although the campaign uses tried-and-tested phishing techniques, it does have some distinctive features; Security experts told TechNewsWorld.

“The size of this campaign is unusual, even though the technology is old-school,” said Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk prevention in Tel Aviv, Israel.

“This particular operation appears to be on a larger scale than typical typosquatting efforts,” said Jarrod Picker, a competitive intelligence analyst at Deep Instinct, a deep-learning cybersecurity company in New York City.

The focus on mobile apps is another departure from the norm, said Grayson Milborn, director of security intelligence at OpenText Security Solutions, a global threat detection and response company.

“Targeting mobile apps and related websites with the goal of distributing malicious Android apps is something that is not new, but not as common as typosquatting that targets Windows software websites,” he said.

What’s interesting about the campaign is its reliance on both typing mistakes made by users and the deliberate delivery of malicious URLs to the target, observed Hank Schles, senior manager of security solutions at Lookout, a San Francisco-based provider of mobile phishing solutions.

“It appears with a broad campaign [a] There is a high chance of success if an individual or organization does not have proper security,” he said.

Why does typosquatting work?

Phishing campaigns that exploit typoquoting don’t need to be innovative to be successful, maintained Roger Grimes, a defense campaigner at KnowBe4, a security awareness training provider in Clearwater, Fla.

“All typosquatting campaigns are quite effective without the need for advanced or new tricks,” he told TechNewsWorld. “And there are many advanced tricks, such as homoglyphic attacks, that add another layer that can fool even experts.”

Homoglyphs are letters that are similar to each other, such as the letters O and zero (0), or the uppercase I and lowercase letter l (EL), that look similar in a sans-serif font, such as Calibri.

“But you don’t find a ton of these more advanced attacks out there because they don’t need them to be successful,” Grimes continued. “Why work hard when you can work easily?”

Abhay Bhargava, CEO of AppSecEngineer, a security training provider in Singapore, said typosquatting works because of trust.

Bhargava told TechNewsWorld, “People have become so used to seeing and reading well-known names that they think a site, app or software package has almost the same name and the same logo as the original product. “

“People don’t stop to think about minor spelling discrepancies or domain discrepancies that differentiate the original product from the fake,” he said.

Some domain registrars guilty

Picker explained that it’s all too easy to “fat finger” when typing a URL, so PayPal becomes PalPay.

“It will get loads of hits,” he said, “especially since typosquatting attacks typically present a web page that is essentially a clone of the original.”

“Attackers also snatch away multiple similar domains to ensure that many different typos will match,” he said.

Grimes stressed that even the current domain registration system doesn’t help matters.

“The problem is made worse because some services allow bad websites to obtain TLS/HTTPS domain certificates, which many users believe is safe and secure,” he explained. “More than 80% of malware websites have digital certificates. It makes fun of the entire public key infrastructure system.”

“On top of that,” Grimes continued, “the Internet domain naming system is broken, apparently allowing rogue Internet domain registrars to obtain rich registration domains that are easy to see, used in some sort of misdirection attack. Profit incentives, which reward registrants for looking the other way, are a big part of the problem.

Mobile browser more responsive

Hardware form factors can also contribute to the problem.

“Typoquoting is far more effective on mobile devices because of how mobile operating systems are built to simplify the user experience and reduce clutter on small screens,” explained Schles.

“Mobile browsers and apps shorten URLs to improve their user experience, so the victim may not see the full URL in the first place, much less typos,” he continued. “People usually don’t preview URLs on mobile, which is something they can do by hovering over a computer.”

Typosquatting is certainly more effective for phishing on mobile phones because URLs aren’t fully visible, agree CISO and co-founders of Tresorit, an email encryption-based security solutions company in Zurich.

“To run Trojans, not so much because people usually use apps or the Play Store,” he told TechNewsWorld.

How to prevent typosquatting

To protect themselves from falling victim to phishing typosquatting, Picker advises users not to follow links in SMS messages or emails from unknown senders.

He also advised caution while typing URLs, especially on mobile devices.

“When in doubt, the user can directly Google the established domain name, rather than simply clicking on the link,” DeGripo said.

In the meantime, Schles suggested that people should rely on their mobile devices a little less.

“We know how to install anti-malware and anti-phishing solutions on our computers, but there is an inherent belief in mobile devices such that we feel it is not necessary to do so on iOS and Android devices,” he said.

“This campaign is one of countless examples of how threat actors leverage that trust against us,” he said, which demonstrates why it’s important to build a security solution specifically for mobile threats on your smartphone and tablet. .