Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can WINE Compromise Unix?

Posted by Cliff on from the a-valid-security-concern? dept.

gbulmash asks: "As API's like WINE and Crossover Office gradually make it easier to run Windows binaries on Unix, will the system inherit some of Windows' vulnerabilities? For example, has anyone tried to get Outlook up and running under Wine, then deliberately tried to infect themselves with a Windows virus to see if it could raid the Outlook address book and start mailing itself out? It just seems to stand to reason that the better these systems get at running Windows binaries, the easier it will become to infect them with Windows viruses. Or am I just totally off base here?"

13 of 87 comments (clear)

  1. A better question is... by revmoo · · Score: 3, Funny

    Who in their right mind would even consider ATTEMPTING to run outlook under linux?

    --
    I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
    1. Re:A better question is... by chipster · · Score: 3, Insightful

      You'd be surprised. At work, we are on an Exchange mail/scheduling backend, and since I don't have Windows, I run Outlook under Wine - some of the time. Most of the time, I just use Outlook Web Access in my browser.

  2. The greater danger.. by aurum42 · · Score: 2, Insightful

    I think the greater risk involved in widespread availability of WINE is the possibility that developers will feel even less need to code natively for linux - a necessary evil, I suppose. Also, wine doesn't require you to run as root (IIRC). Of course, non-privilege elevation exploits like outlook virus email spam will be possibilities - why do you even have cause to think differently? You can use mozilla instead of outlook, or implement filtering at your mail server. Just don't execute attachments, apply the MS patches and so on.

    --
    "The slave who knows his master's will and does not get ready...will be be beaten with many blows."Luke 12:47-48
  3. Re:Yep... by Babbster · · Score: 5, Interesting

    Or who have to run Windows-specific code because of company requirements and don't want to dual-boot Windows? I understand not wanting to run the software yourself, but that doesn't mean there aren't good reasons for someone else to use it. Being blindly dismissive is one attribute of Linux zealots that turns many people - people who would otherwise be interested in learning more about Linux - off.

  4. You are totally off the base here by mnmn · · Score: 2, Interesting

    WINE is very commonly used to run ONE key application among Linux applications, under one users permissions. If the key application communicates with the network, the network may be compromised but the Linux server itself will not.

    This is much like running Win95 in vmware or bochs and infecting it with a virus. Another seperate win95 session in bochs or vmware will not be affected, nor Linux's other mail/X/services be affected.

    I'm sure there are enough Outlook lookalikes for Linux, and rather than stretching yourself for outstanding feats of engineering in Linux, try training users a little. It works.

    --
    "Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
  5. The big advantage to wine by MarkusQ · · Score: 2, Insightful

    The big advantage to something like wine (or to a lesser extent, dosemu, mars, etc.) is that you can insert shims at pretty much any level to catch / filter / stop / watch this sort of thing. I find it amazingly useful to be able to instrument & monitor pretty much any level I want (with the usual cavets about making sure you don't break things by inapropriate logging, etc.). It shouldn't be too hard to put a rubber-room/internal firewall around whatever infection prone software you felt like running, and stopping these things dead in their tracks. (e.g., by default, cap the rate at which network trafic can flow out of applications running under wine, lower the boom if they try to send out too much e-mail too quickly, etc).

    -- MarkusQ

  6. Levels of software by Hungus · · Score: 2, Insightful

    Remember just like networking software has levels also. In the case of windows and viruses It would seem that there are 4 levels you need worry about. The bottom most lasyer is of course the core of the OS the kernel, layer 1 would be the OS interoperability layer, layer 2 the api and layer 3 the application itself. ( yes you could break them down into finer layers but for this argument 4 is fine.) Running wine layers 0 and 1 are replaced completely. Layer 2 is a functional and structural equivalent. Any virus based on its concepts should in effect still work, however most at that level are specific code exploits. Most importantly you have the application layer (3) since this code is teh same any virus designed to run exclusively in this layer should by all means be fully functional. Fortunately this is going to be in user space and should not affect he rest of teh system outside of the specific application.

    --
    Bad Panda! No Bamboo for you! In matters of importance ACs will not be responded to. Want to say something critical,OK
  7. Re:Yep... by jmorris42 · · Score: 3, Insightful

    > That's why I don't run WINE and have absolutely no appreciation
    > for the WINE project.

    Too narrowminded. There are a lot of legacy win32 apps in regular use out there that won't get ported. Many times it is impossible to even locate the source or any design docs. It only takes ONE to keep a machine chained to Windows. If it takes wine to get that desktop converted it is still a win. Because once the conversion has taken place that shop probably won't invest in MORE win32 software and eventually those stragglers will get discarded as the relentless march of time obsoletes dead end programs that aren't being well maintained and probably never worked flawlessly in the first place.

    --
    Democrat delenda est
  8. I've just been doing a Linux Desktop rollout... by Karora · · Score: 3, Interesting


    Wine was an essential tool.

    There are some applications that you just can't get converted to Linux easily, and Wine is a good solution.

    In our case we are primarily using OpenOffice.org, Evolution and Mozilla Firebird as Linux apps, but the essential application that shows the users a nice map of our country with legal boundaries accurately marked is not (yet) available under Linux.

    Should we delay our Linux rollout for this? No. The app does everything it needs to under Wine, and we are rolling those desktops out on time.

    Once we have 140 PCs out there running Linux, however, the pressure will come on the supplier to provide us a native Linux version next time.


    That all seems to me to be a perfect example both of why it is needed, and also of why it is a damn good idead.

    Thanks for the project, guys - it's getting to be useful :-)

    --

    ...heellpppp! I've been captured by little green penguins!
  9. Let's not just pick on WINE here. by dbirchall · · Score: 2, Insightful
    There are other categories of things that permit running Windows on Linux or MacOS X boxes - system partitioners like VMware and Plex86, and emulators like VirtualPC and Bochs X86.

    Generally, I try to set things up so the Windows instance doesn't have any ports open to the world, and if at all possible, its "filesystem" is within a file in the real filesystem, so it can't trash anything but itself. :)

  10. Re:Yep... by Korgan · · Score: 3, Insightful

    You miss the key aspect of the point that was being made. People are switching to Linux because it reduces the cost of support as well as the cost of implementation. However, the point was that there are still a lot of apps that run on Windows platforms for which there are no alternatives in the Linux world. Why give up all the extra benefits of Linux for just one or two applications for which no alternative exists?

    The point of the WINE project is to provide that bridge. Get all the benefits of using something like Linux or BSD, get all the alternatives available to you (freely or otherwise) and if there are a few you need Windows for, use WINE to run them under Linux. Someone running Outlook under Linux would be a lot better off running Evolution and paying for the Connector license (cheaper licensing and native). However, someone running a core accounting app for which no Linux alternative exists is going to want to use WINE so they can still use that application AND get the benefits of the Linux alternatives for everything else.

    WINE is a bridging tool for those migrating from Windows to Linux/Unix but who have applications for which no feasible Linux/Unix alternatives exist.

    I would much prefer to save the costs involved in getting a Linux box up and running with WINE that spend the several hundred in licensing just for a few applications.

    Hmmm...

    ($time to get up and running) vs ($time + $licensing costs for Windows)

    Which is really the cheaper in the end? Support? Bah, its remote. Like you say, there is VNC if it comes down to it (bad solution really) but X across an SSH session is a lot better (regardless of how badly people think of the X protocol, it does its intended job very well still)

    Just my $0.02. We differ in our opinions, but thats the beauty of diversity in life ;-)

  11. "Windows Virus" don't really exist any more by flyboy974 · · Score: 4, Interesting

    I have yet to actually find a true Virus in quite some time. I feel like rambling tonight! WOO HOO!.

    So, to save time: WINE+Outlook=YES. Outlook is COM based. The worms that Script Kiddies cut-and-paste together use COM to access the Outlook DB to pick addresses, and then most use COM (or Winsock which is interfaced to the Linux Socket environment) to send the e-mails outbound containing their script-kiddie payload. BUT, THESE ARE NOT VIRUSES! 1) They require other applications to be running. 2) They are not self-infecting. They require the second hand user to do something (click the .VBS file attached.. DUH! HELLO!?!?). 3) They are not native code, rather just scripts.

    Back in the old days, we had true viruses on computers. These would make themselves TSR's (Terminate and Stay Resident for you Windows only script kiddies). They would them append the EXE their own startup code. Finally, they modify an EXE's header so that their startup code would execute them, and then execute the program.

    Part of the virii's startup code was to "infect" all other EXE's on the computer. This meant that if you ran the program, everytime you had a INT21 executed (in the MSDOS/PCDOS days, this was a file access system interrupt), it would search for other EXE's to attach to, or possibly execute it's code.

    This is where the term Virus came from. It could "spread" from one host to another. And each time, it could inflict more damage until it killed the host computer.

    Now days, we have worms. Worms are the dreams of script kiddies (yes, you little @$#@# dorks who sit at home thinking your stuff is 31337). They use the underlying applications failures to infect something, rather than being native code that does the job. (For us techies, 8086 Assember vs. VB Script that the kiddies cut-and-paste today from newsgroups)

    If your WINE implementation has the nessesary GUID's expose for COM/DCOM/ActiveX/.NET/your buzzword of the day, then, to answer your question... YES WINE IS HACKABLE. By implementing the Windows OS, it inherics the COM system, which all Microsoft products use heavilly.

    Enough history lesson. I'm going to go script myself a web browser that isn't IE... it just uses Microsoft's IE Active X component for browsing.. I shall call it, Iesm... And it shall be grand...

  12. Sir Cam virus runs under wine by jubalj · · Score: 3, Interesting
    I think Sir Cam virus, was one of the first windows virus to be effective under wine - old article discussing this.

    I find it funny to find a this virus listed in the compatibility database. It's a testament to the success of wine!