Running Windows Viruses Under Linux

ResQuad writes "Everyone loves Windows viruses, right? Well, the crazy people over at NewsForge (owned by the same people that own Slashdot) decided to try running Windows viruses with Wine. So next time you receive an email virus, strike up Wine and see what you can do (or not)."

Obligatory

[commodoresloat]

Will this run on a Lexus?

Re:Obligatory

[greechneb]

Don't give them any ideas. Next thing you know we'll see Norton antivirus:Auto 2005 - guaranteed to keep your system virus free AND improve your gas mileage!

Re:Obligatory

[lukewarmfusion]

Along with my 3-month oil changes, six month tire rotations, and annual checkup, I need to buy a new LiveUpdate license so my car won't crash?

To be fair, if I spent that much on a Lexus I should expect to see pictures of Anna Kournikova.

Re:Obligatory

[the_mad_poster]

My next car purchase is going to involve a motor that was built before microprocessors were invented....

Re:Obligatory

[SilverspurG]

guaranteed to keep your system virus free AND improve your gas mileage!

Described in this patent is a method of improving the gas mileage of a car by using the information gathered by a firewall to regulate the fuel injection module.

Re:Obligatory

[3TimeLoser]

For that amount of money, I'd expect to see her in the passenger seat.

Although, I'm sure my wife would not agree.

Re:Obligatory

[Andrewkov]

I'm already running Norton Anti-virus under Wine on Linux, no viruses found yet!! :-)

Re:Obligatory

[Illserve]

I'm willing to bet that upon looking back, this statement is going to be much less funny in 10 years.

Re:Obligatory

[cerberusss]

For that amount of money, I'd expect to see her in the passenger seat.

For that amount of money, I'd expect her in the back seat. And while my girlfriend might not agree, she could certainly join.

Re:Obligatory

[Doc+Ruby]

"potentially be danderous"

Yeah, those virusy computers can be flaky.

Wine is not an Emulator.

[wot.narg]

Lets see just how non emulator wine is... If the virii own it, its an emulator, if not, its telling the truth.

Bwhahahh...

Re:Wine is not an Emulator.

[Jarn_Firebrand]

Mod parent up and insightful

Re:Wine is not an Emulator.

[m50d]

Or it could just be an emulator that doesn't work very well. If you try an early version of bochs/vmware/etc. from before they had networking support, the viruses won't be able to own that either.

Re:Wine is not an Emulator.

Mod parent up Informative. Mod this post Funny.

Re:Wine is not an Emulator.

[hunterx11]

This isn't an English class, it's Slashdot. Slang exists. Deal with it. I don't say "alright" but I've come to terms with the fact that it will inevitably become an accepted word.

Re:Wine is not an Emulator.

[Lord+Kano]

You are correct.

We have "bling bling" and "ain't" in dictionaries. Marijuana is legally classified as a "narcotic", when in pharmacology only opiates can be narcotics.

The language changes. It may suck, but it's reality.

LK

Re:Wine is not an Emulator.

[m50d]

Yeah, just like lame ain't an mp3 encoder. Names aren't always the full story. Wine definitely is an emulator in that it emulates, it just does it on a different level than most emulators, so it doesn't have many of their drawbacks, like the slowness.

Re:Wine is not an Emulator.

[dinivin]

Just because that's what the developer's claim, it doesn't make it so.

If it quacks like a duck, walks like a duck, and looks like a duck, it's gonna be a duck.

Wine, acronym or not, is an emulator.

Dinivin

Re:Wine is not an Emulator.

[el-spectre]

Not necessarily... it might be a wooden witch...

Re:Wine is not an Emulator.

[hunterx11]

I would never use "virii" in formal or even semi-formal speech or writing. It would be ludicrous. However, that does not mean that it is "not a word." People use it.

I certainly don't like seeing diminishing language skills, but that doesn't mean that people always have to be anal retentive. Frankly, it's narrow minded to simply tell someone "YOU ARE WRONG" because you want to force them into a context in which they aren't speaking. APA style isn't the same as MLA style, does that make it wrong? This is a site with "News for Nerds," I don't see why nerd jargon shouldn't be passable.

Re:Wine is not an Emulator.

Wine emulates the Win32 API, if anything

Wine does not emulate a processor, video, or sound subsystem, but rather 'wraps' the necessary calls (in theory) to native Linux calls. It requires an x86 CPU (for which an x86 emulator could be used, I suppose, but it's still not part of Wine).

And in the situations where real Win32 DLLs are used, it's not even emulating that part of the API.

It might be considered a simulator, but I doubt it would be considered an emulator.

Re:Wine is not an Emulator.

[kerrle]

Wine isn't an emulator. It's a reimplementation of the win32 api. This is not a hard concept.

Re:Wine is not an Emulator.

[PakProtector]

Virus is a latin noun. Now, normally, Latin nouns that end in -us, like virus, decline into the plural by removing the -us and tacking on -i. This would render the word as Viri, not Virii. However, in Latin, virus does not decline -- whether singular, plural, direct object, ablative, accusative, it's always virus. Much like the latin word 'nihil,' which translates as 'nothing.'

Re:Wine is not an Emulator.

[Feztaa]

Then it is obvious that you don't know what an emulator is.

WINE is an implementation of the win32 api on linux, such that windows applications will run on it without recompiling. An application running on WINE isn't encapsulated in a "safe" emulated environment much like vmware would do, it's running in your system just like any other app you're running.

Re:Wine is not an Emulator.

[LittleBigLui]

there are math coprocessor emulators, OS emulators and copy-protection emulators.

That statement is illegal under the DMCA. Prepare to be sued. And no, there aren't.

Yours, the RIAA.

Re:Wine is not an Emulator.

[Alsee]

Don't mod this post, nor any further replies.
Which ironically is probably an insightful solution to this rediculous runaway thread. Damn geek metahumor.

-

Native ports now!

[PCM2]

Oh my god, how many times do we have to say it? People, running Windows software under WINE is not a solution. I say all Slashdotters should boycott these software vendors until we get a serious commitment from them to do true, native Linux ports of their products.

And for that matter, why aren't their open source alternatives to this software already? The open source community won't stay competitive by resting on its laurels.

Re:Native ports now!

[freshman_a]

Yes, I demand that there be open source native Linux ports of all Windows viruses!

</sarcasm>

Re:Native ports now!

[airConditionedGypsy]

Yes, it is a solution. Especially in situations where you have persuaded your friends and relatives to use Linux, but they still want to use some crappy Windows software because they are used to it, and there are no free/open-source ones.

Furthermore, the 2% of Linux users don't really constitute a meaningful profit motive for these companies. We need to do more to get Linux on the desktop before they'll jump off the MS ship.

Re:Native ports now!

[Excelsior]

People, running Windows software under WINE is not a solution.

You just don't get it, do you? How can you expect Windows users to switch to Linux when their most common programs, known as viruses, don't run on Linux?

Re:Native ports now!

[airConditionedGypsy]

And I realize you were being funny ... but for those folks who don't understand you were talking about the virus-writers, I felt obligated to point out that WINE is quite useful.

Re:Native ports now!

[morcheeba]

I used to work for a 5-person company. We easily ported our main ap to linux, but a critical tool we used to build our code was developed for windows. It was gui-centric, so a port would be difficult, and besides, all the programmers were algorithm people, not gui people. Wine was a godsend - our old tool just worked, and it saved us a lot of time. Boycotting ourselves wouldn't have gotten us the needed people to port it.

Re:Native ports now!

[me+at+werk]

If we can prove that their programs can run well under linux with just a few tweaks in how it speaks to the system (WINE is a compatibility layer), and possibly even explain to the company how to change their software to speak correctly, it makes it take a lot less of their time to release a native linux version, as they already know how to do it.

So if you help them help you, we've got native software on Linux. But, that's just my opinion.

Re:Native ports now!

[BuhSnarf]

Companies wont develop Linux native apps if there isn't the market for them... i.e. Money.

The problem with the open source movement is that people are used to (and I include myself in this) using software for free. Most people will either use a free alternative or just copy it, crack it etc.

There just wouldn't be the market. Until there is we're not going to see Linux native apps of big software appear.

IMHO.

Re:Native ports now!

[marshall_j]

found running about on the net:

-- virus begins here --------
#!/bin/sh
# Honour virus
#
# Dear Linux/*BSD user,
# As you have avoided the various virii inflicted upon your poor Windows-using cousins, please take
# a moment to read this letter and then follow the instructions below.
#
# In the spirit of cooperation of the free software community, this
# virus was written to depend on your cooperation and good will - hence
# the name "honour" virus. With your cooperation, this virus can spread
# as rapidly as the lovebug virus, once again showing how the free
# software community can respond to issues quicker than the largest
# propriatary software maker.
#
# The virus starts here:

# 1. Please delete, at random, 10 (ten).jpg, .mpg, .mp3, or .mov files from
# your hard drive. Please do not choose files for which you have a
# backup, as that would be unfair to all the Windows users who *never*
# backup their data.

# 2. Please send this email to everybody you have ever received an email
# from. We realise that you might have to write a short shell script to
# do this easily, but we feel that, as a Linux or *BSD user, you are
# most likely to be able to do this without relying on built-in insecure
# scripting mechanisms.

# 3. If you are reading this in your workplace, please shut down your
# workplace's email system and internet access for 3 working days -
# again this is just so we can empathise fully with Windows-using companies.

# 4. When asked if the writers of Linux or *BSD are to blame, claim that
# the virus only spread because of intervention by the user's brain and
# that the tight integration between your wetware and the OS is a good
# thing that is misused by malicious virus writers.

# 5. If you are Linux Torvalds, Alan Cox, or you have ever written any
# free software, write an essay for Time magazine complaining that it
# will be much harder to protect Linux users from virii such as this
# unless Linux is sold to company and development continues only in a
# closed-source environment. In particular, all user knowledge of the OS
# must be erased if such virii are to be prevented in the future.

# 6. As this virus is copylefted under the GPL, feel free to modify,
# err, mutate, and distribute widely.
#
# Thank you. And remember, open source virii are far superior to proprietary virii!
#
# Tuxunamis Infectious

Re:Native ports now!

[Xerp]

I second that.

There NO WAY I'm going to try and install a proprietary virus on my Open Source system.

Re:Native ports now!

[FuzzyBad-Mofo]

Right on the linked page:

In addition to genuine viruses, the Virus Information Library contains useful information on virus hoaxes, those dire email warnings about disk-eating attachments that sometimes land in your inbox.

I'm betting most of those Linux results were from hoaxes or proof of concept viruses. (or trojans and worms, which are not viruses although I suspect that McAffee lumps them together)

Combatibility! Yes!

[physicsphairy]

The last barrier between widows and linux is slowly but surely being eroded by the WINE engineers.

Brilliant work guys!

Damn worm writers...

Programmers these days, don't they even CARE about cross-platform compatability!?

Re:Damn worm writers...

[einhverfr]

Programmers these days, don't they even CARE about cross-platform compatability!?

Right. At least the Morris Worm was distributed with the Source Code and was cross-platform. Go look for something like this today.

Re:Damn worm writers...

[It+doesn't+come+easy]

There's always Java...

That's awhole lot of differences

[Dark+Coder]

True AV and AT (anti-trojan) SW engineers uses VMWARE for their studies and dissemination of malacious flotsam of codes floating around the internet.

But the article is "A Good Thing" because it shows EITHER that Wine isn't 100% Microcrap or is more robust against viruses.

Take your pick.

Re:That's awhole lot of differences

[Saeger]

Indeed, VMWare is great for testing out dangerous ideas. Just save a snapshot, then hose the system, then revert back to the original to start over. This came in real handy a few weeks ago when I was experimenting with shrinking and moving reiser root partitions (turns out its not trivial to move the START of a reiser partition, if you, for example, wanted to remove a windows partition that came before it)

Re:His point?

[kempokaraterulz]

The point being its not a zip file to begin with. its simply disguised as one.

about time. I almost forgot what a virus was

[locutus2k]

Its nice to see someone finally exploited this long missing aspect of linux. What better way to make a windozer user feel more at home than with their old virus friends.

Nice article, and congrats matt on your first article.

-Craig

Re:about time. I almost forgot what a virus was

[AviLazar]

You know MS will place in this their new advertisements:

"Yes if you get Linux you will have more security flaws then Windows."

They will be able to get away with "more" because they will tweak the numbers to show "more", just like they are able to show that switching from Windows to Linux on an Enterprise level is more expensive then sticking with Windows.

Done it. It works. Kinda.

[Frater+219]

This past December, one of the engineers at my workplace gave a presentation on WINE. Since I'm the security guy, somone asked me if Windows viruses ran under WINE. So I tried three: Lovgate, a Mydoom variant, and a Netsky variant.

Lovgate simply exited without doing anything. Mydoom actually crashed WINE into its debugger. The Netsky variant, as the article describes (SomeFool is Netsky) actually ran. Moreover, it did a passel of DNS queries and actually tried to send e-mail (which was rejected). So, if that e-mail had been accepted, Netsky would have been able to propagate under WINE. As in the article, Ctrl-C proved necessary and effective.

To make a long story short, yes, some Windows viruses do run under WINE. Of course, you have to tell WINE to run them -- not exactly the social engineering that viruses are intended to do. However, as WINE gets more popular and reliable, I would expect that this will be more of a problem for people who choose to (e.g.) run Outlook in WINE.

(For what it's worth, WINE isn't the only way to run Windows viruses and worms on your non-Windows system. I've had to explain to users that yes, their VMware or Virtual PC system is quite capable of getting wormed, and that yes, they did need to do their Windows Update on that "virtual" Windows system, too.)

Re:Done it. It works. Kinda.

[einhverfr]

Of course, you have to tell WINE to run them -- not exactly the social engineering that viruses are intended to do.

You can tell Mozilla to open .exe's with Wine ;-). Maybe you can add the same mime-types to Gnome and/or KDE!

Re:Done it. It works. Kinda.

[zemoo]

There's no need for social engineering. I remember on Red Hat 7.3, Windows .exe files were automatically launched with Wine under Gnome. Which meant that attachment viruses could be run from Evolution by clicking on the attachment.

I never tested to see if they worked, but then I never really wanted to find out!

Re:Done it. It works. Kinda.

[kevcol]

Not 'kinda' here.

Propogated.

I executed a viral attachment once about 4 months ago, and then forgot about it ("Haha! That can't possibly work."). A couple hours later, my 'abuse' address had a complaint. Source IP was my SuSE workstation. Thunderbird even deep-sixed a spam that was sent by my own machine to me. D'oh!

Re:Running Linux Games Under Windows

[Saeed+al-Sahaf]

Solitare. It's the only game I care about.

How long before..

[cOdEgUru]

The wine developers get a non-compliance notice from Bill forcing them to comply??

Now, how can you claim full compliance unless you run my viruses too..goddamn it!!

Discussed in Ask Slashdot

[gbulmash]

Oddly enough, this was discussed in an Ask Slashdot in October 2003.

- Greg

What about spyware?

[RikRat]

I run Windows spyware under Wine. I also emulate IE6 so I can use CoolWebSearch and other cool searchbars! I have this cute Bonzi Buddy and a system tray icon which tells me the weather!

How many times do I have to tell you k|dd|35...

[gotgenes]

...to stop Wine-ing

Geeze!

No desire

[Schezar]

It's simple. A lot of specialty software is very boring, and there just isn't any interest in the OSS community in developing similar software.

Many businesses, especially real estate, banking, auto repair, fast food, and hotel management, rely on software written for windows many years ago that, for them, functions just fine.

They're not techies: computers are not their business. Their business is their business. They're not going to invest resources in developing what they already have just so it can run on "another kind of computer." WINE is the perfect solution for these applications.

Maybe, years from now, when they're running -ALL- of their software under WINE, they might realize that there's a better way.

Until then, good luck finding good programmers who are psyched to write hotel reservation management software that will interface an archaic database platform for free.

Projects like Open Office and The GIMP don't suffer from this problem largely because they're applications that Linux users need on a regular basis. When was the last time you needed to track your fast food orders?

Yes, but

[einhverfr]

What would RMS say?

Is that virus Free Software?

Re:Yes, but

[einhverfr]

That's GNU/MyDoom

Or maybe MyGNUUM?

What is MyGNUUM? MyGNUUM is a port of the popular Windows mass-mailer "MyDoom." It is licensed under the GNU GPL, which some have criticized as a "viral" license.

Because it didn't execute the not-zip file

[SuperKendall]

When a zip file on Linux is not a zip file, you get an error.

When a zip file on Windows is not a zip file, you get some system enhancemnets you may not have wished for (or would even wish on your worst enemy).

Re:Because it didn't execute the not-zip file

[ad0gg]

No you don't, extensions have always been handled by the associated application. If you change an .exe to .zip and try to run it, you get a corrupted zip file error message.

Secret APIs

[hey]

Running Microsoft programs is the hardest for Wine because they use secret function calls. The Virus writers (presumably) aren't insiders so don't know about the secret APIs. Should be easy for Wine.

Re:Secret APIs

[TekPolitik]

Running Microsoft programs is the hardest for Wine because they use secret function calls

Current CVS versions of Wine can install and run the major MS applications, including MS office and Internet Explorer. Why would you do such a thing, I hear you ask? Because users still use Windows and as developers we still have to write code that interfaces with those applications. Absent that, OpenOffice and Konqueror or Mozilla work perfectly well.

Re:Secret APIs

[dnaumov]

Could you possibly talk more of these "sikrit APIs"? What Microsoft products use them? Where are they located? You DO realise that the _ENTIRE_ Windows source code is avaible to akademia as well as goverment entities?

Isn't this story

[arodland]

a couple years old? I'm sure I've seen it before, and I'm pretty sure it was on slashdot.

Re:Isn't this story

[gustgr]

You don't have to pay to use the search engine down there at left corner of the page, give a shot...

PE on linux

[northcat]

Linux kernel now supports foriegn binaries. IIRC, some patches are available to enable support for PE binaries (Windows native binaries). If dependencies are kept low, with some clever programming, virii that run on multiple platforms are possible without something like wine or java.

Re:Lack of applications

[Metteyya]

That's the point. What a pity, there are tenths of replacements on Linux for almost all user activities, but there isn't even one linux-compatible virus project on sourceforge!

Why?

[catdevnull]

Though it's good to know that WINE will do what it's supposed to do--execute code written for Windows, it's kinda silly to think it wouldn't.

Maybe they'll post a story about, "Why do dumb users get to have all the fun? Why shouldn't Linux admins get in on all the insanity, too? Today we'll be doing rm -rf / to see what happens!"

Let's not go to Camelot. 'Tis a silly place..."

Re:Why?

[madstork2000]

Somebody already did that. I am pretty sure it was mentioned here on slashdot. Anyway here is the URL:

http://librenix.com/?inode=5508

Basically a guy wants to see what will do the most damage --

rm -rf /

or

format c:\

Re:Why?

[remahl]

Though it's good to know that WINE will do what it's supposed to do--execute code written for Windows, it's kinda silly to think it wouldn't.

Most of the viruses did not work as expected.

Re:Running Linux Games Under Windows

Solitare. It's the only game I care about.

...but obviously not enough to spell it correctly.

Evaluation

[c0dedude]

This article ran fine under firefox and delivered interesting content. The methodology was fundimentally flawed as viruses use obscure problems in Windows. Nevertheless, I'll give this article four meta-penguins, for a score of 4/5.

Desktop Entertainmet

[beyond_the_blue]

I can believe all the people complaining that this is a waste of time. Don't you know how much FUN viruses can be?

Take Magistr: I'd spend HOURS chasing my icons all over the desktop. Or what about the one that would crash my system every time I shot a rocket into a wall in Quake 2 (I'm not joking, I really had one that did this)?

Come on, this is quality entertainment!

Been there, done that '99

[wertarbyte]

Right before Y2K, there was a worm/virus/whatever called Happy99.exe. If you secured your wine installation prior execution, you could watch the pretty fireworks it produced without harming your installation.

Old-school virus propogation...

[Xaroth]

From the article:

Oh sure, I could manually forward these viruses to the folks in my address book, but where's the fun in that?

This reminds me of the old standby text-based, system agnostic viruses, some of which can be seen here.

Wine devs test for this

[bluGill]

At the last WineConf (almost exactly one year ago) some of the Wine developers were testing the hot mail virus of the day to make sure it ran. That was the one that activated as a DDoS on www.sco.com. It ran, and after putting making www.sco.com resolve to 127.0.0.1 in /etc/hosts it attempted to take down the local machine.

We also found the back door, and came close to getting arbitrary programs to run from it, but supper came before we got that part working. We think it would have worked if a free meal hadn't gotten in the way.

So now you know. If a windows virus doesn't run under wine you can thank CodeWeavers for buying everyone a meal before we got it implimented.

If you do this,

[Jeremiah+Cornelius]

If you do this - run the exploit code - can you spell it Whine?

Whine is Hazardous, even If Not and Emulator

The Sound of One Hand Clapping

[4of12]

So, if WINE fails to properly run a Windows virus under Linux, is it considered a bug or a feature?

Re:The Sound of One Hand Clapping

Yes

Re:The Sound of One Hand Clapping

[XO]

My roommate's laptop had only previously ever been connected to an Internet via either the NAT/firewall box on our home network, or via her work network.

She got an AT&T Wireless Air-card type thing, and almost immediatly upon logging into it, her computer started counting down the seconds to rebooting. Don't remember what virus that was, but it's STILL going around like a year or two later. And it is infecting virtually ANYTHING that connects to the Internet if it's vulnerable. Also picked up several others that had never touched her laptop before that within hours of being connected without a NAT/firewall in the way.

Re:The Sound of One Hand Clapping

[/dev/trash]

a bug. WINE is supposed to do exactly what Windows would.

Dimwitted confusion

[Crash+McBang]

You know, some dimwit is going to read this thread and/or the article and go running to his boss saying, "See? SEE?! Linux has Windows viruses too!"

Just you wait and see....

Wine - could do better

[martin]

Obviously work is still needed on Wine to make it more Windows compatible :-)

Windows Spyware via Virtual PC

[BlueDjinn]

Yup, I run VPC on my Mac; I *only* fire it up to double-check website code on IE for compatibility, then shut it down again. Don't do ANYTHING else with it.

Today, out of curiousity, I installed AdAware and ran it through. Sure enough, at least 19 spyware doo-dads scattered around.

Jeeezus...I know I'm biased as a Mac guy, but Windows has truly become COMPLETELY toxic at this point; it's like plutonium, infecting *anything* that it comes near.

Am I Missing Something?

[Cruxus]

Hello, fellow Slashdotters,

I use Microsoft Windows XP, Professional Edition, Service Pack 2; yet my computer is missing the viruses mentioned in this article. Where did I go wrong? My Web browser is Mozilla Firefox 1.0, and my e-mail client is Mozilla Thunderbird 1.0. Should I change these? Microsoft Internet Explorer 6.0 SP-2 is resident on my computer for testing my websites in this popular program. Should I browse more freely with it? I prefer to use open-source-licensed software on my computer when possible (except the OS itself, although I do have an underutilized Debian partition). Should I start downloading random programs without being sure they do not contain any kind of malware?

I just want to get along better with my fellow Windows users! Please, help!

Linux viruses already exist!

[eric.t.f.bat]

I suspect I may have a virus on my Linux system. The other day I switched the computer on, and it took a very long time to boot - and kept spewing out all this cryptic text as it did. After I logged in, I noticed that my desktop menu had a lot of strange, poorly documented programs in it, some of which didn't seem to do anything useful. The configuration system was strangely flakey, popping up tabbed windows that wouldn't go away when I clicked on other options. Various programs worked partially, but in some of them the clipboard didn't work properly and in others the windows widgets and controls looked wrong. A few would randomly open shell windows when I tried running them, even though they were GUI programs. The windows theming/skinning system worked partially, at best. I tried running a graphics program, but it just opened up lots of windows all over the screen and I couldn't get it to do anything reasonable, so I gave up. I suspect it was the cause of the virus infection, in fact, because it was called some insulting and childish name that had nothing to do with Graphics or Image Manipulation Programs or anything else. Oh, and there's this picture that shows up everywhere, of some kind of anatomically improbable cartoon bird with an eating disorder, which is either a symptom of virus infection or else a failed attempt at coordinated branding by a lot of uncoordinated programmers.

In general, my Linux system seems to be totally hosed. I think I'll go back to Windows.

File Associations, RH 7.2 and Windows Viruses

[BigBlockMopar]

When a zip file on Windows is not a zip file, you get some system enhancemnets you may not have wished for (or would even wish on your worst enemy).

Uhhh... no. File associations are based on extensions. It's probable that you've forgotten to turn off the Explorer "feature" of hiding extensions for known filetypes. This way, you get sexygirls.jpg.exe which appears as sexygirls.jpg, or xxx.zip.scr which appears as xxx.zip. Most people are ignorant enough to leave that "feature" enabled as per Microsoft's negligent default; furthermore, most users who are pseudo-capable with computers will click on it with the flawed reasoning that, "Well, it's a JPEG, so it can't be a virus".

Furthermore, years ago I ranted on my website that it was *very* possible to run Windows e-mail viruses, etc. under Wine. So easy that, with Red Hat 7.2's default associations which launch Wine to run DOS/Windows apps, I accidentally infected my Wine directory while demonstrating Linux freedom from virii... "Moving right along, you can see how well Linux can emulate Windows well enough to run many programs..."