Can WINE Compromise Unix?

← Back to Stories (view on slashdot.org)

Posted by Cliff on Friday October 24, 2003 @03:33PM from the a-valid-security-concern? dept.

gbulmash asks: "As API's like WINE and Crossover Office gradually make it easier to run Windows binaries on Unix, will the system inherit some of Windows' vulnerabilities? For example, has anyone tried to get Outlook up and running under Wine, then deliberately tried to infect themselves with a Windows virus to see if it could raid the Outlook address book and start mailing itself out? It just seems to stand to reason that the better these systems get at running Windows binaries, the easier it will become to infect them with Windows viruses. Or am I just totally off base here?"

2 of 87 comments (clear)

Min score:

Reason:

Sort:

Re:Yep... by Babbster · 2003-10-24 15:59 · Score: 5, Interesting

Or who have to run Windows-specific code because of company requirements and don't want to dual-boot Windows? I understand not wanting to run the software yourself, but that doesn't mean there aren't good reasons for someone else to use it. Being blindly dismissive is one attribute of Linux zealots that turns many people - people who would otherwise be interested in learning more about Linux - off.
"Windows Virus" don't really exist any more by flyboy974 · 2003-10-24 23:09 · Score: 4, Interesting

I have yet to actually find a true Virus in quite some time. I feel like rambling tonight! WOO HOO!.

So, to save time: WINE+Outlook=YES. Outlook is COM based. The worms that Script Kiddies cut-and-paste together use COM to access the Outlook DB to pick addresses, and then most use COM (or Winsock which is interfaced to the Linux Socket environment) to send the e-mails outbound containing their script-kiddie payload. BUT, THESE ARE NOT VIRUSES! 1) They require other applications to be running. 2) They are not self-infecting. They require the second hand user to do something (click the .VBS file attached.. DUH! HELLO!?!?). 3) They are not native code, rather just scripts.

Back in the old days, we had true viruses on computers. These would make themselves TSR's (Terminate and Stay Resident for you Windows only script kiddies). They would them append the EXE their own startup code. Finally, they modify an EXE's header so that their startup code would execute them, and then execute the program.

Part of the virii's startup code was to "infect" all other EXE's on the computer. This meant that if you ran the program, everytime you had a INT21 executed (in the MSDOS/PCDOS days, this was a file access system interrupt), it would search for other EXE's to attach to, or possibly execute it's code.

This is where the term Virus came from. It could "spread" from one host to another. And each time, it could inflict more damage until it killed the host computer.

Now days, we have worms. Worms are the dreams of script kiddies (yes, you little @$#@# dorks who sit at home thinking your stuff is 31337). They use the underlying applications failures to infect something, rather than being native code that does the job. (For us techies, 8086 Assember vs. VB Script that the kiddies cut-and-paste today from newsgroups)

If your WINE implementation has the nessesary GUID's expose for COM/DCOM/ActiveX/.NET/your buzzword of the day, then, to answer your question... YES WINE IS HACKABLE. By implementing the Windows OS, it inherics the COM system, which all Microsoft products use heavilly.

Enough history lesson. I'm going to go script myself a web browser that isn't IE... it just uses Microsoft's IE Active X component for browsing.. I shall call it, Iesm... And it shall be grand...