Slashdot Mirror
Can WINE Compromise Unix?
gbulmash asks: "As API's like WINE and Crossover Office gradually make it easier to run Windows binaries on Unix, will the system inherit some of Windows' vulnerabilities? For example, has anyone tried to get Outlook up and running under Wine, then deliberately tried to infect themselves with a Windows virus to see if it could raid the Outlook address book and start mailing itself out? It just seems to stand to reason that the better these systems get at running Windows binaries, the easier it will become to infect them with Windows viruses. Or am I just totally off base here?"
You are totally on-base here.
That's why I don't run WINE and have absolutely no appreciation for the WINE project. At all. The effort would be better spent writing software for Linux that at least has some measure of security built in the the OS.
If you run proprietary software, then you have proprietary bugs and security holes. WINE is a lot of work, just to provide a crutch for people who want to say they run Linux, but are afraid of learning a different way to get their stuff done.
...
WINE is very commonly used to run ONE key application among Linux applications, under one users permissions. If the key application communicates with the network, the network may be compromised but the Linux server itself will not.
This is much like running Win95 in vmware or bochs and infecting it with a virus. Another seperate win95 session in bochs or vmware will not be affected, nor Linux's other mail/X/services be affected.
I'm sure there are enough Outlook lookalikes for Linux, and rather than stretching yourself for outstanding feats of engineering in Linux, try training users a little. It works.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
Wine was an essential tool.
There are some applications that you just can't get converted to Linux easily, and Wine is a good solution.
In our case we are primarily using OpenOffice.org, Evolution and Mozilla Firebird as Linux apps, but the essential application that shows the users a nice map of our country with legal boundaries accurately marked is not (yet) available under Linux.
Should we delay our Linux rollout for this? No. The app does everything it needs to under Wine, and we are rolling those desktops out on time.
Once we have 140 PCs out there running Linux, however, the pressure will come on the supplier to provide us a native Linux version next time.
That all seems to me to be a perfect example both of why it is needed, and also of why it is a damn good idead.
Thanks for the project, guys - it's getting to be useful :-)
I have yet to actually find a true Virus in quite some time. I feel like rambling tonight! WOO HOO!.
.VBS file attached.. DUH! HELLO!?!?). 3) They are not native code, rather just scripts.
So, to save time: WINE+Outlook=YES. Outlook is COM based. The worms that Script Kiddies cut-and-paste together use COM to access the Outlook DB to pick addresses, and then most use COM (or Winsock which is interfaced to the Linux Socket environment) to send the e-mails outbound containing their script-kiddie payload. BUT, THESE ARE NOT VIRUSES! 1) They require other applications to be running. 2) They are not self-infecting. They require the second hand user to do something (click the
Back in the old days, we had true viruses on computers. These would make themselves TSR's (Terminate and Stay Resident for you Windows only script kiddies). They would them append the EXE their own startup code. Finally, they modify an EXE's header so that their startup code would execute them, and then execute the program.
Part of the virii's startup code was to "infect" all other EXE's on the computer. This meant that if you ran the program, everytime you had a INT21 executed (in the MSDOS/PCDOS days, this was a file access system interrupt), it would search for other EXE's to attach to, or possibly execute it's code.
This is where the term Virus came from. It could "spread" from one host to another. And each time, it could inflict more damage until it killed the host computer.
Now days, we have worms. Worms are the dreams of script kiddies (yes, you little @$#@# dorks who sit at home thinking your stuff is 31337). They use the underlying applications failures to infect something, rather than being native code that does the job. (For us techies, 8086 Assember vs. VB Script that the kiddies cut-and-paste today from newsgroups)
If your WINE implementation has the nessesary GUID's expose for COM/DCOM/ActiveX/.NET/your buzzword of the day, then, to answer your question... YES WINE IS HACKABLE. By implementing the Windows OS, it inherics the COM system, which all Microsoft products use heavilly.
Enough history lesson. I'm going to go script myself a web browser that isn't IE... it just uses Microsoft's IE Active X component for browsing.. I shall call it, Iesm... And it shall be grand...
I find it funny to find a this virus listed in the compatibility database. It's a testament to the success of wine!