Slashdot Mirror

← Back to Stories (view on slashdot.org)

WINE: A New Place for KLEZ to Play?

Posted by michael on from the playing-with-fire dept.

An anonymous submitter sends in this cautionary tale about Wine being maybe a little too good at emulating Windows. Update: 10/23 21:05 GMT by M : Better links: mirror 1, mirror 2.

26 of 318 comments (clear)

  1. Uhhhh.... by JoeLinux · · Score: 5, Insightful

    Nice thing about WINE is: it can be shut OFF, then there is no environment to flourish in. ("/usr/local? Hell, I'm trying to find C:\windows\system")

    JoeLinux

    1. Re:Uhhhh.... by NumberSyx · · Score: 5, Insightful

      Yeah, until you decide to turn it back on again, right? Windows machines have an "off" switch too...whether it's a matter of unloading from memory or powering down, it's no different.

      You might want to rethink that statment. If you turn the power off on a Windows machine (or a Linux box for that matter), you have a paper weight until you turn it back on. On the other hand, I can completely uninstall Wine from my Linux box and still have a fully functional computer. There is a difference.

      --

      "Our products just aren't engineered for security,"
      -Brian Valentine,VP in charge of MS Windows Development

    2. Re:Uhhhh.... by Nailer · · Score: 5, Informative
      Yes, but if your day requires you to run Outlook 2000 throughout your day, then its not practical to shut Wine off (the Ximian Connector still doesn't do everything Outlook does with regards to Exchange).

      One mitigating factor: codeweavers do built in a protection against executable attachments in their winex product.

      • Run Office setup fro myour menu (thats ~/cxoffice/bin/officesetup)
      • Click configuration
      • Hit the advanced button
      • Notice the Outlook security tab, which is turned on by default. "prevent MS Outlook fro mrunning files with these extensions: vbs;wsf;vbe;wsh;hta;bat;pif;exe;scr;lnk"
      • Wait for StarOffice to get anough market share to have its own real viruses.


  2. Alright by EggplantMan · · Score: 5, Funny

    I know alot of software developers are anal retentive perfectionists, but this is going a little too far. What's next? EULA emulation?

    --

    ?-|||-----x<*))))><
  3. Wine is not an emulator ... by sammaytg1 · · Score: 5, Insightful

    It's a linux implementation of windows apis. IT really shouldn't be suceptable to virii like windows is. I would really like to know more about this (the article has already been slashdoted)

    --
    procrastination is a way of life aka i'll think up a sig later
    1. Re:Wine is not an emulator ... by SpamapS · · Score: 5, Informative

      Its not just "windows" that is susceptible to viruses. It is the API that is too trusting, and the file permissions. When you run wine, you generally own all of the files (default is ~/.wine/fake_windows). So you're going to be able to do anything you could on a windows box.

      Its not all that surprising that a virus would run without problems. Many of them do exploit actual bugs in the Windows code, but most of them just make regular old crappy Win32 API calls.

      --
      SpamapS -- Undernet #Linuxhelp
  4. ObDeadServerComment by Anonymous Coward · · Score: 5, Funny

    The server is apparently running IIS under Wine.

  5. Re:Figures by siegesama · · Score: 5, Funny

    Lotus Notes, for example.

    --
    what the hell is a 'junk character', anyway?
  6. Wine and / mounted as Z: ? by Havokmon · · Score: 5, Interesting
    I swear when I read the article earlier today (It was posted on Desktoplinux and NewsForge already), that the guy said that by default, "/" was mounted a Z:.

    I've just recently done a wineinstall to clean out my wine settings, and I don't have a Z:. Does that happen if you're running as root?

    The only potential issue I can see is that your whole home directory is 'shared' between Linux and Wine by default.

    Maybe I just read ~/ as /

    --
    "I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
  7. Old Story, Kinda by GigsVT · · Score: 5, Interesting

    There was a story a year ago about sircam running on Wine.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  8. Re:Slashdotted...sad by LordHunter317 · · Score: 5, Insightful

    Understand some people don't have enough bandwidth to handle a thorough /.'ing. Sooner or later, the site is goign to stop responding simply because you run out of effective bandwidth. Also understand not everyone can afford what they talk about.

  9. The good comes with the bad by sjbe · · Score: 5, Interesting

    Kinda obvious but easily forgotten. Being able to run windows apps is a two edged sword in many different respects. Access to good applications versus potentially reduced interest in linux development. Ability to run applications not built for linux versus inconsistant ability to run some of those same apps. And now of course, access to Windows apps versus the viruses that often go with them. The good comes along with the bad and there are plenty of unintended consequences to go around. Any engineer will tell you that there are tradeoffs for any design decision. WINE is no exception. Caveat emptor...

  10. What's the deal? by jorlando · · Score: 5, Insightful

    Wine is supposed to run Windows apps... a virus is a Windows app as any other... If the Wine user is running Outlook what else he can wait for? The vulnerabilities still there...

  11. Slashdot crashed my machines by Anonymous Coward · · Score: 5, Informative

    On the footer of *every single page* at linuxguru.net, we specifically request that slashdot not link our stories because we can't handle the load.

    I now have two dead machines because they linked us anyways.

    -James Blackwell

    1. Re:Slashdot crashed my machines by OnyxRaven · · Score: 5, Informative

      ...moderated funny... gah.

      Aanyway, why not do what a few other sites do... in Apache just reject anything with a referer from slashdot.org domain. redirect it to something like a tripod page that says "your link has been rejected - linked from slashdot" or something.

      or heck, just drop the request. Make them mirror it.

      --
      --onyx--
    2. Re:Slashdot crashed my machines by Anonymous Coward · · Score: 5, Funny

      Run IIS next time so we can blame Microsoft. We dont like to see Linux servers go down for the same reason.

  12. Re:Slashdotted...sad by scenic · · Score: 5, Insightful
    That's not really fair. It's expensive to put up a site that can handle a slashdotting. Think of sites that host via a third party or shared hosting to keep costs down.

    There are a lot of smart, knowledgeable people out there who don't want a $500+/month hosting or bandwidth+power bill.

    Sujal

    --

    politics, food, music, life: FatMixx

  13. Re:I'll say this only once... by Ed+Avis · · Score: 5, Interesting

    There was recently some discussion on the Wine newsgroup about limiting emulated applications' access to the system. This could be handy for dealing with semi-malware or just programs that don't fully like the emulated environment (and might need to be prevented from doing too many suspicious is-it-really-Windows checks). The reply was that since a Wine emulated program is running as an ordinary executable, it could call Unix system calls anyway, so there would be little point (from a strict security point of view).

    However, something like NetBSD's and OpenBSD's recently added feature to monitor system calls and define policies could potentially be very handy for running binary-only programs you don't fully trust: and of course most such programs are on the Windows platform.

    --
    -- Ed Avis ed@membled.com
  14. A similar writeup about Klez and WINE by Adam9 · · Score: 5, Informative

    Well, this article that I found here that discusses the limitations of Klez on WINE and how Sircam was able to run on WINE. All in all, it appears to be a limited threat.

  15. Re: First Post Or ist it ? by Black+Parrot · · Score: 5, Funny


    > If you go to webster [webster.com] you'll easily find that plural from virus is viruses...

    What does it say about the plural for "anal retentive"?

    --
    Sheesh, evil *and* a jerk. -- Jade
  16. Re:Slashdotted...sad by AntiTuX · · Score: 5, Insightful

    2 words: static webpages.
    I know for a fact that if my ass was getting slashdotted, I'd be setting up static webpages faster than you can say "holy fucking shit where's my bandwidth?" I personally make a static archive of all my dynamic pages automatically just in case something like that happens. The problem lies in the fact that slashdot doesn't archive sites, nor do they give any type of notice before bringing the hordes of lamers from all over the internet to that site's front door. That's a "bad" thing.
    I wonder if anyone's brought a lawsuit against slashdot(or their parent company, OSDN) for effectively destroying their servers.

  17. It's not a Wine problem... by Olmy's+Jart · · Score: 5, Insightful
    Fine... Why in blue blazes did KMail run Wine in the first place. Why would KMail run any attachment? It's one thing to run a viewer on an image like a .jpg. It's a totally different sort of thing to run the attachment. What are they going to do if they get a foo.sh file. Run it under bash? That's basically what they've done here. This is exactly why Microsoft got in heat over these worms and why these things run rampant on MS systems even if the users are not admin on that system.


    It's a security bug, a security hole, just like the ones in LookOut, and it ain't a Wine problem. This one belongs on bugtraq.

    1. Re:It's not a Wine problem... by kasperd · · Score: 5, Interesting
      • How is KMail supposed to know if it is safe to "run" the attachment?
      • How is KMail supposed to know how to "run" the attachment?
      It is two different questions, but the answer is the same. You give KMail a list of filetypes, and tell it what to do with them. The list could contain a flag specifying dangerous filetypes. If that feature does not exist in KMail, the filetype should be ommited from the list.

      To me this sounds like a bug in the configuration rather than the software. And it does sound like a configuration mistake in the default install of this distribution.
      --

      Do you care about the security of your wireless mouse?
  18. Re: First Post Or ist it ? by syrinx · · Score: 5, Funny

    What does it say about the plural for "anal retentive"?

    Well, for one, anal-retentive is hyphenated...

    --
    Quidquid latine dictum sit, altum sonatur.
  19. get used to it.... by morgajel · · Score: 5, Insightful

    This is relatively tame.

    As much as I hate saying this, I fear it's going to get a lot worse. As/If Linux gains popularity on all systems, including desktops, you can expect there are going to be a lot of disgruntled windows people out there who will become unemployed because they can't grow with technology. I'm expecting to see a lot of linux software start getting messed with and drastic increase of linux trojans and viruses.

    don't believe me?
    Look at how much software has been backdoored lately- bitchx, ssh, and sendmail. That's a BIG FUCKING DEAL. As we continue, expect the crosshairs to be levelled towards us. There's gonna be a conspiracy. I'm not making any accusations, but keep in mind that the opensource movement is putting pressure on a group of companies that aren't exactly known for their ethical behavior.

    of course I know I'm probably just a paranoid nut, but hey, that's a good thing to be in our field.. ...and this is one of the few times where my sig doesn't apply.

    --
    Looking for Book Reviews? Check out Literary Escapism.
  20. Not a WINE-specific problem by Todd+Knarr · · Score: 5, Insightful

    This isn't just limited to WINE, it can hit real Linux mail programs too if anyone ever writes a Linux/ELF virus attachment. Repeat after me, kids:

    Executable MIME types have no place in a mail program!

    None, never, no way. Mail program doesn't matter. OS doesn't matter. No mail program should ever, under any circumstances, execute anything attached to an e-mail message, period full stop. You should only execute things from people you trust, and one attribute of e-mail is that you don't even know if the From address is the real sender so how can you trust the message?