Slashdot Mirror
WINE: A New Place for KLEZ to Play?
An anonymous submitter sends in this cautionary tale about Wine being maybe a little too good at emulating Windows. Update: 10/23 21:05 GMT by M : Better links: mirror 1, mirror 2.
← Back to Stories (view on slashdot.org)
I've just recently done a wineinstall to clean out my wine settings, and I don't have a Z:. Does that happen if you're running as root?
The only potential issue I can see is that your whole home directory is 'shared' between Linux and Wine by default.
Maybe I just read ~/ as /
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
There was a story a year ago about sircam running on Wine.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Kinda obvious but easily forgotten. Being able to run windows apps is a two edged sword in many different respects. Access to good applications versus potentially reduced interest in linux development. Ability to run applications not built for linux versus inconsistant ability to run some of those same apps. And now of course, access to Windows apps versus the viruses that often go with them. The good comes along with the bad and there are plenty of unintended consequences to go around. Any engineer will tell you that there are tradeoffs for any design decision. WINE is no exception. Caveat emptor...
There was recently some discussion on the Wine newsgroup about limiting emulated applications' access to the system. This could be handy for dealing with semi-malware or just programs that don't fully like the emulated environment (and might need to be prevented from doing too many suspicious is-it-really-Windows checks). The reply was that since a Wine emulated program is running as an ordinary executable, it could call Unix system calls anyway, so there would be little point (from a strict security point of view).
However, something like NetBSD's and OpenBSD's recently added feature to monitor system calls and define policies could potentially be very handy for running binary-only programs you don't fully trust: and of course most such programs are on the Windows platform.
-- Ed Avis ed@membled.com
As much as I hate to shatter your imaginary world, I have to say that NAV is a completely useless program designed to suck money out of your pocket. There are no more viruses on Windows than there are on Linux. What gets media attention are the Outlook scripting worms, and the only reason Linux can't get them is because it doesn't have Outlook. Run Outlook under wine, and you will get the same worms. It's not a fault of the OS, be it Linux+Wine or Windows, but a problem of the Outlook application.
- How is KMail supposed to know if it is safe to "run" the attachment?
- How is KMail supposed to know how to "run" the attachment?
It is two different questions, but the answer is the same. You give KMail a list of filetypes, and tell it what to do with them. The list could contain a flag specifying dangerous filetypes. If that feature does not exist in KMail, the filetype should be ommited from the list.To me this sounds like a bug in the configuration rather than the software. And it does sound like a configuration mistake in the default install of this distribution.
Do you care about the security of your wireless mouse?
Why did Wine accepted to run a file which didn't have +X permissions? That would be Wine's contribution to bugtrack.
This post was compiled with `% gec -O`. email me if you need the sources
And WINE executed it anyway. Major blunder.
Which just sort of goes to show, Unix's executable permission bit, is really mostly just "advisory" and not really enforced by kernel. (How could it?) Filesystem permissions, feh.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
If you want to know how exactly klez works, there's a very detailed analysis here:
/ klez.xml
http://www.virusbtn.com/resources/viruses/indepth
Score:-1, Funny