Rationale for disabling clipboard by default?

[mpack]

I see that 4.2.0 and the new 4.1.20 both have the shared clipboard disabled by default. Can someone quickly explain the rationale behind this? This is not a complaint, it's a feature I rarely use, however I can't think of a strong reason for disabling it, never mind doing it by default, so when the inevitable complaints come I'd like to have a good answer!

[michaln]

Security.

[mpack]

Well, I kind of assumed that, but I couldn't see what threat might propagate via the clipboard. Is there a convincing rationale?

[Martin]

Maybe paying business customers asking for that "feature"?

[sej7278]

Well, I kind of assumed that, but I couldn't see what threat might propagate via the clipboard. Is there a convincing rationale?

its not just a normal clipboard though is it, like between an application. i agree with it being disabled by default for security.

[michaln]

Well, I kind of assumed that, but I couldn't see what threat might propagate via the clipboard.

That's the problem - you don't know where the clipboard's been. Users could be copy/pasting their bank account passwords and whatnot via the clipboard.

In short, security is the enemy of convenience. We may not like that, but that's how it is. This is all about putting responsibility on the user - if the users trust their VMs, they will enable clipboard sharing. If they don't, then an untrusted VM won't be able to snarf sensitive content. It's all about letting (forcing if you wish) the user decide which doors will be open and which will be kept locked. The default has to be locked.

[mpack]

So the rationale is to prevent accidentally and unknowingly revealing sensitive information, rather than blocking malware. That's fine, that's all I wanted to know. Convenience wasn't a concern - like I said above, it isn't a feature I use a lot.

[Technologov]

I believe this is wrong decision, and should be reversed.

Reason: Newbie users will not know how-to enable it, and will consider this feature broken. Security-oriented users are more likely to read docs, and disable this feature if they so choose.

In short: The system must be user-friendly by default, not secure by default.

-Technologov

[michaln]

In short: The system must be user-friendly by default, not secure by default.

You don't set the policy, Oracle does. The Oracle policy is "secure by default".

[dq]

How do you enable it?

[Andre.Ziegler]

users will not know how-to enable it, and will consider this feature broken.

I also thought this, because I couldn't find a reference in the changelog of the Beta1. This change is only mentioned inside the manual. Do you expect that all users read the full docs over and over again to find changes?

[Dsen]

How do you enable it?

You will be able to alter this setting:
1. in VM settings / General page / Advanced tab,
2. through running VM / Devices menu / Shared Clipboard sub-menu.

[dq]

On what release will this option be available?

[Dsen]

On what release will this option be available?

Next RC.

[owntmp]

Why not let user setup clipboard and drag options when create virtual machine not after ?
Then nobody will pass it.

But ... I just say, I don't think they will hear