Slashdot Mirror
Now Linux Can Get Viruses, Via Wine
fsufitch writes "Wine has advanced enough to make Linux not immune to Windows viruses. However, just like many Wine applications, it takes a bit of effort to get the program off the ground. Also, just like some Windows programs running via Wine, not all features may work — in this case, the crippling of the system, immunity to the task manager, identity theft, etc."
Haven't it always been pretty clear that Wine could run Windows viruses, as long as they don't use some weird low-level tricks (which admittedly many do)?
But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.
As long as the OS isn't completely locked down from the user, there will be malware. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.
It's just about the marketshare.
A virus run in Wine is akin to taking a ferocious tiger out of the jungle, paralyzing it, then hooking up all of its nerve endings to virtual jungle simulator. It's not a perfect simulation, though, so the jungle maybe doesn't look right, and plus there's an omnipotent power that can change anything that goes on in the simulation, or even destroy it and the tiger's consciousness with a few twitches of his fingers. Now that's power.
Power that's generated by feeding the dead tigers back to other tigers so we can use their body heat to generate MORE POWER!
On second thought, lets stick to car analogies.
The way Linux software is distributed, makes it much less likely to get a virus. You know how many applications I have downloaded from random websites in the past 2 years for my Linux system? Maybe, 2. All of the rest are in the centrally managed, (hopefully) certified virus-free application repository, which is free for all.
The idea that a Linux user would download random stuff from a torrent or website is a pretty foreign concept. For me, and moth others, if it isn't in the repository, I don't bother - because there is probably something in the repository that suits my needs just as well or better anyway.
This is a lonesome linux virus. Please add
deb http://malware.server.ru/debian experimental non-free
to your /etc/apt/sources.list and excecute "apt-get my-first-virus" as root. Thank you very much vor your cooperation.
What do you expect when Linux gets drunk on Wine and wakes up with Windows it's bound to have caught something.
I have a user called wine-o that I only use to run wine, and alias wine='echo switch to wine-o' in the account I usually use.
I wish I had used a username other than wine-o because I don't think it looks that good when I send resumes out last saved by 'wine-o'.
It's like I used to not be able to get herpes, AIDS or the flu and NOW I CAN! Thanks, wine team!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I always have to configure the programs so much before they run. It really defeats the purpose of a virus if I have to configure it so much first. Once Linux can run Windows viruses with a one-very-poorly-chosen-click install process I might make the switch. Besides, I can just run my FOSS software under Windows and still have access to all of the proprietary viruses that are only made for windows.
So if this is the future...where's my jet pack?
Didn't read TFA yet (already slashdotted?), but I think I've encountered one working "unwanted program" under Wine lately.
If I recall correctly, the vector was the setup or the program itself for a peer to peer TV system, which I wanted to try under wine.
Once launched, some unwanted processes kept popping out, and the command reported by ps was stuff like "wine C:\WINDOWS\TEMP\asasaazasdax.exe" or similar.
Suspect at first look.
Actually I don't remember which one between "killall wine" or "kill -KILL " solved the issue.
Mastering the English language is fucking easy: all you have to do is to put an f* word in every fucking sentence.
Preface: I'm Debian GNU/Linux user of 10 years, but not a professional computer geek. I use GNU/Linux to get work done.
I thought Linux was just a kernel? Should not the headline read "A Linux distribution that has Wine installed *might* be vulnerable to Windows viruses?"
"...in this case, the crippling of the system, immunity to the task manager, identity theft, etc."
Yes, identity theft was always a great feature, just like immunity to the task manager. What the h**l does that even mean? Geez.
Also: I hereby tag this: HAHAHAHA
If you look deeper to Apple users virtual machines (Sun Virtual Box etc.) , lots of them doesn't bother to install some free AV, a basic one saying "it is virtual anyway". When you talk about how evil things can be done while their virtual machine up and what kind of trouble they may get into if they have bad luck, they install a free AV to Windows.
If you have trouble convincing such people, just use plain logic: It can even run some games let alone a worm/trojan/virus.
It is not in the culture you know...
...you should be able to get a virus from wine is at church.
I work as a sysadmin at a company making a slow switchover to Linux, and I've experimented with this a bit. You can greatly, greatly limit the damage any virus can cause through wine by unmapping it's Z drive from the wine configuration menu. By default, wine maps / to Z. I can see why they did this, (wine can only run applications within a mapped drive) but it likely needs to be undone across the board. The best alternative would be to create a unhidden wine folder in the user's home directory and map that in wine. If Z is left mapped to /, then a windows virus can run rampant all throughout your system.
09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0
So WINE can get a virus intended for Windows, if you jump through some hoops to help the virus along. Color me unworried.
What can a Windows-targeted virus in WINE do to a Linux system, other than hang around looking impotent? Most of the target DLLs and other windows hidey-holes don't exist in WINE. Even if it finds a place to lurk, it's unlikely that it could hit the Linux system files or boot loader, or perform keylogging outside WINE or snoop on private files. A very crude "wipe drive C:" type virus might molest your WINE environment (your data files are elsewhere, of course), but that's about all. Even if the virus were specifically tailored for WINE on Linux, a successful attack would rely on user stupidity even more blatant than Windows viruses must depend on.
TFA even commented on how easy it is to dispose of the malware, even after spending some effort helping it to limp onto your system.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Users with Office installed seem to end up documents infected with a macro virus.
While the Macs are themselves unaffected, they pass along the infection to windows boxes.
That's usually the point where they are found and removed, but the general lack of av for Mac (few choices and most lack functionality/accuracy) along with the perception of macs as immune means that av is rarely installed on macs.
When it is, AV_App_X doesn't detect the malware, whereas AV_App_Y detects, but can't clean, and AV_App_Z has no realtime scanning.
In 1996, my Linux box was hacked in under 20 minutes of being online. The root account password was changed and my account was deleted (along with all my files). I reinstalled and learned about securing unix.
In 1998 my Linux box was hacked due to a 3 month behind-patch version of bind. They dropped a perl script into /tmp and tried to gain root with a perl timing-to-root bug, which had already been patched on my system. A disconnected backup was used to validate all the files on the system and proved that only the named userid and /tmp/.sdfsdfs directory had been touched.
I don't run bind on an internet accessible machine anymore.
I haven't been hacked since, but I'm not so ignorant to believe that I can't be hacked. My plans for when I'm hacked revolve around discovering the cause and restoring from a complete system backup, then removing the vulnerability. I expect to be hacked, period. "I" is really "we" since I run servers for my company and for other companies.
Neither hacks were viruses, but they were just as bad and could have been much worse.
Linux isn't THAT more secure, it is just less targeted since Windows is 90%+ of the computers. Stop being so smug folks.
I think Apple is about to learn a real lesson with the iPhone being hacked constantly. Then Linux will be targeted.
I use Parallels Desktop 4.0. It works great on my MacBook Pro. I can run almost any Windows program. The downside is that, of course, the Windows virtual machine is slower than a real Windows box. However, what is important to me is that Windows viruses are trapped inside the virtual machine.
I like to say, "The Power of Mac. The Utility of Windows. Thanks to Parallels." No. I don't work for Parallels, but I love this product.
Yes it does: it's just very very rare.
A friend of mine bought a domain and within hours of getting it and starting it, someone put a rootkit on that damn thing before he could lock it down - yes, it was a Linux server hosting his domain. Yes, it's not malware per se as you would from surfing the web, but we shouldn't get complacent about Linux' absence of threats.
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
Ubuntu 9.10 will start sandboxing desktop programs (starts with xpdf i think), other distros do already/will follow. I think that sandboxing can (and if required will) criple malwares abilities (e.g can't listen on network ports, can't insert itself to bootsequence, can't touch chrome tabs that are connected to https sites) leaving them unable to do most malwarey things without permission and can work like an AV that is designed right (e.g warn users that they are about to do something very stupid, only when they are not everytime they run a 3rd party app/widget, without having to scan binaries)
IranAir Flight 655 never forget!
The site is already running evil code on my computer against my permission!
(before down-voting look at the top of TFA)
IranAir Flight 655 never forget!
Felinae spongiform encephalopathy!
Now they can claim a 100% emulation of Windows.
Thousands of Linux systems now are running windows virus. That new improvement in Wine made a lot of Linux users to intentionally install the last wine version and browse dangerous places using IE6 under it to see if they get lucky and get some virus. "I'm excited", said one linux user, "i managed to get 3 different virus, a worm, and you wont believe, my machine is now part of a botnet! Woohoo!".
The magazine that introduced me fully into linux, (ie, it had CDs, which back in 2002, for me, at least, was next to impossible to download isos due to 56k and having to share the connection without a router) Linux Format, ran an article about how you can still hose your linux system if you ran an infected program under wine, if it did nasty things like delete files, osnap, bye bye home directory. If you ran it as root, bye bye linux system.
This was seven years ago.
Yeah, it can run viruses, but "not all features may work -- in this case, the crippling of the system, immunity to the task manager, identity theft, etc.".
So in fact, it's not a virus anymore. It's just another program. The very point of being a virus is gone. Because the security settings still hold. (Unless you are retarded enough to run a Wine program as root. But in that case you're just asking for it anyway. ^^)
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Don't want a virus, it's simple, stop whining.
We've seen "viruses running under Wine" stories on Slashdot before. Years before, as a matter of fact.
BTW I love the really pathetic spin in the submission - "things don't work correctly, and that's a plus!"
#DeleteChrome
The Linux virus via WINE, or S-WINE bug.
This just goes to shows you how good Windows emulation on Linux is.
Obama has just declared the WINE Flu a boring and uninteresting, non mainstream worthless distraction from the launch of Windows 7. It runs viruses natively folks!
Actually Windows 7 is quite good.
Good luck Bro. -Opie
2010 will definitely be the year of the linux desktop now!
From TFA:
If it managed to infect the Wine registry well enough that it's run automatically, I will have to go into the Wine registry to remove it manually. Or I could run a couple of simple commands:
sudo aptitude purge wine;
sudo aptitude install wine;
Wrong. Wine installs stuff in ~/.wine. The above commands don't touch user directories, so he would end up with a fresh system-wide wine installation but the same malware-ridden user config.
The state you are in while your HEAD is detached... - wait, what?
Now Linux is ready for the desktop!
See, Linux _can_ do everything Windows can do! A better Windows than Windows...where have I heard that before?
I hope it won't get the new sWine virus.
Love many, trust a few, do harm to none.
So there is (or more aptly was) an attempt to make a FOSS windows 95 called ReactOS. It shares some of it's codebase with wine - anyway, while incredibly bored at work I installed it to a virtual machine, and tried to infect it with a slew of malicious files from vx.netlux.org.
The longest I could keep any malware running was around 10 minutes, 2-3 seconds was more of a typical running time.
It was a great way of killing 2 hours.
Is it possible that Wine could grow more powerful by running viruses on it, learning about how the virus interacts with Windows, and then figuring something "undocumented" about Windows from the virus? I could see Wine gaining alot of new and better functionality by learning from Windows Viruses that malware writers write. Turning every malware writer an unwitting Wine contributor.
All we need now is for Norton Internet Security to run under WINE and things will be just fine.
wine has been able to run a vires payload for a wile now. it doesent effect the system any. linux can spred a windows vires to a windows system but not get infected itsself. this is why linux antivires softwhere is out not to relly protect the linux system but to prevent accidentally sending a infected file to windows.
Maybe the virus creator will have to create a guide and post it on the AppDB over at WineHQ.
So if you have wine installed it randomly installs Windows Vista?
Who could have possibly seen this coming?
Mono is going to be much more of a problem regarding viruses than Wine will ever be.
And in about three years, major core pieces of each Linux OS will be will be running under Mono.
How Do I know this? My father sits on the board of Red Hat and is a partner in Canonical. He says that the cooperation/talks between MS and Canonical and Red Hat have increased dramatically and that each company agrees that a single runtime will increases interoperability between all three companies. And they've chosen Mono.
He says that it is all about money, no evil conspiracy. But he does say they (MS/Canonical/Red Hat) have made an agreement to push forwat Mono as THE platform, and that they really don't openly share this Grand Plan with their developers. They just slowly are moving their developers in the direction of Mono, fearing that if they push too fast there might be some silly revolt.
It has been known for some time that viruses might run on wine. Threr is an urban legend about some Linux user who has tried to launch some malware in wine just to see if it's gonna work.
It worked. Indeed it worked so well, that the malware has managed to steal his ICQ password from QIP (which was running in wine too).
There are multiplatform viruses but not in the way that is immediately obvious. Any particular virus would be much too large if it included all of the code necessary to first determine which set of appropriate function calls are available, where they are located, and then behave accordingly.
So fork it.
The conceptual function of a virus has expanded. The same dirty webmaster who is using IE exploits to turn visitors into part-time as needed distributed computing zombies is also using firefox/iceweasel/moz exploits, and opera exploits, and maybe even lynx/links and whatever other exploits. It is much easier for that sort of determination and selection to be made from the server side than in the actual viral packet itself.
The same dirty webmaster who is infecting visitors to become part-time as needed distributed computing zombies is sharing his database with his associate webmasters. Those webmasters likely have associates who work in ISPs with varying levels of access to information. Just imagine the database of online browsing habits linked with personal information that a group of webmasters... say Slashdot, Gmail, SF.net, and MSN... could compile, completely legally within EULA terms.
Identity theft isn't just for the CIA and some maladjusted kid living in mom's basement. It's part of the corporate profit margin.
So yes. The overall function of the system of computer exploitation has long been free of platform dependency. Now add in java.
the NPG electrode was replaced with carbon blac
Hi, I wrote an article about my observations of klez infecting a computer that was both a friend's desktop machine and a small vhost business. It was on slashdot SEVEN YEARS AGO. So this is anything but news. http://tech.slashdot.org/article.pl?sid=02/10/23/1853219
I read the script, and I think it would help my character's motivation if he was on fire. -Bender
Well, many malware apps still spread simply because users will click on anything and also try to click away checkboxes as fast as possible.
The problem is the user, not the os. It doesn't matter how secure your system is.
So this comment is actually very insightful. Replace "malware" with any app that the certain user REALLY wants to have (like Facebook-Hack-And-See-Pictures-Marked-Private-In-Profiles-Application) and they WILL install it. Even if the procedure is complicated.
Simple.
1. Use a real distribution and read fucking books
2. Only use ssh (It can do everything) and lock it down
3. iptables takes care of the rest
4. You don't need Wine (Who needs MS software anyway?)
This has been posted because the Washington Post declared that Linux is the safest way to go for online banking. Action - Reaction. The oldest trick in the books.
Unix IS proven technology. Microsoft is just soft.
or administrator, then the viruses won't be able to install.
ReactOS is also based on WINE code, but it has a different security model than Windows XP/2003 has in that it is more like Linux in that normal user accounts cannot install anything or modify system files, you have to run as Administrator/Root for that. The same thing with WINE.
Just like you wouldn't surf the Internet as root, you don't want to run WINE as root either. In that way WINE is superior to Windows XP/2003 as it uses Linux security.
Actually I switched from WINE to VirtualBox from Sun to run Windows XP Pro in a virtual machine to get more XP compatibility. But it doesn't do 3D Video and DirectX 3D support very well, but that part is still being developed. It is the only way I can get Visual BASIC 2008 to run under Linux, WINE won't run it.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Get off your high horse. Linux has never been immune to viruses.
Isn't the difference between "purge" and "remove" that "purge" also removes the user settings (in this case ~/.wine)?
Linux has a few issues, and with the rise of virus attacks that target MacOS's (which are Unix Based similar to most Linux Distros) this is even a bigger issue for the linux user. Why? because Linux can't get it together completely. There are dozens of Linux Distros from Googles upcoming Chrome OS to Ubuntu and Redhat. All this does is make it a pain for anyone to create effective 3rd part software because of all the variations in the Linux Kernel being used. If Linux ever wants to go mainstream all the major distros need to adopt a standard that all of them will follow. Until then have fun getting decent support for anything Linux related.
Since when did /. start linking to sites that are titled "I Can Haz Virus". It's quite interesting that if I try and install a virus on my desktop, I can succeed. What other type of obvious news can we expect in the future?
BTW I love the really pathetic spin in the submission - "things don't work correctly, and that's a plus!"
Yeah, that got me too. Have you ever had the "fun" of trying to get an app working on Wine that their website claims works just perfectly with it? I've had only a 30% success rate at getting games to run under Wine, and I'm not really surprised to see some Wine user with Stockholm syndrome deeply impressed by just how far a virus could stubble, stutter, and limp its way through Wine.
Wine still sucks as far as I'm concerned.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
If you are infected while VM is on, there is nothing stopping your virtual machine send spams, distribute viruses and doing even worse things. I have seen how fast and easy a good written worm infects system without any sign.
There are also mad things happening like Delphi based virus infecting million downloaded utility developer machine without getting noticed and being distributed. Take Windows security very serious and of course, I don't say you should run some state of art security suite. A basic and good written AV like Avast can even run fine under emulated x86 (VPC 7).
This is great I'll have to try to get some Windows AntiVirus software to run under Wine. I you were looking for a sign that Linux desktop has arrived: McAfee and Norton start making profit on Linux!
So, your story was only one year after the earliest story of this type that I could find on Slashdot:
http://tech.slashdot.org/story/01/09/23/1614214/SirCam-on-Linux-via-WINE
2001... wow.
lets call it swine flue. Oh wait the name is taken
Not entirely true. Most wine installs have access to either your homedir or the root directory as various drive letters (mind you only as the user it runs as).
So technically if it was a runs-in-wine-but-targets-'nix type of virus, it could find your .bashrc or whatever, and edit it to launch on login.
It's actually funny. A lot of things in windows are various hacks to improve security. For example, disabling access to the "Internet Properties" control panel from IE. At least on XP, that policy doesn't work because it is still accessible from elsewhere such as the privacy/cookies section in media player. The lack of an underlying security method makes some things very difficult or well near impossible to secure.
For Linux, the problem is the opposite. You're working against certain levels of security to improve accessibility. For example, when accessing thumb drives or scanners, you may need to work with udev to ensure than the /dev/x entries are read+writable by a particular group (floppy, disk, cdrom, plugdev, whatever) that your normal users would belong to. You don't want all the dev block entries to be thus because then the user could have direct access to your system disks.
Gee, what an illustrious milestone. A red-letter day for Linux. Woo-hoo... whoop it up boys and girls! A system so desperate for exploits that we'll EMULATE a whole 'nuther system just to get them!
Linux also hasn't got that much malware because on Unix, people usually don't surf the net with Administrator (vulgo root) privileges - which is the case on virtually all installs of Windows XP on privately owned machines. On Linux, malware does need to use some root exploits to do harm - on incompetently used Windows XP machines, they just need to run. Case closed. (And yes, using a text-based e-mail program like pine or mutt also helps a great deal to avoid e-mail based malware. The learning curve may be steep but hey, you've got to die at least _one_ death.)
Comment removed based on user account deletion
LMAO . . . . Agree Totaly : D
I tell you what, I've had both a Windows and a Linux machine for the past several years. I'm not non-computer-savvy, and my family generally isn't thick when it comes to the internet (they know not to just download/install anything, click on all adverts they come across etc.) - hell, my mum has even developed a nose for when something fishy is happening on her laptop. Yet, we STILL have to run virus-scanners, and they STILL pick up more malware then we can be bothered to count. ... on Windows. On the other hand, I've run Linux on my laptop for at least 3 years, without a single virus check - and it works as cleanly as it did when I first installed it. That's because I only download/install software from the central repository (and taught my brother to do so when in Linux), or from trusted companies' websites (Skype and Opera, for example). Not once has my brother come to me and asked whether a program's all right to install, nor has he ever needed to google for software thus far, even for his more obscure use-case (he wanted a music score editor and was using one only 5 minutes later).
Of course, if my family(/brother) was less technically savvy, I'd just take away root privileges and tell them to ask me every time, but as I illustrated above, they're not morons.
A serious zero day threat, such as Blaster doesn't need any kind of user intervention, nothing open, no configuration faults. It just works. It is not like they will browse with IE and let me tell one reason why most installs a VM, to actually BROWSE with IE under Windows. Web designers, people who does business with companies infested with MS and even some Intranet users.
Also when I talk about OS X users, I talk about the general community. You know, same guys double click DMG files and happily give their passwords to have some "codec" installed (trojan).
rm -rf ~/.wine; winecfg
The largest prime factor of my UID is 263267.
We've known about this for years. As others have posted, don't run Wine as root, only run it as your account. Only map drives in Wine that you absolutely need, and restrict them as much as possible. I would strongly suggest removing the default drive of Z: which points to / . As long as we need to use Wine, we'll always have the risk of viruses getting through, it's just the nature of the beast. Personally I only use Wine for running games and a few apps that I must have that I can't find Linux replacements for. But overall, it's worth using native GNU/Linux applications wherever possible. Find a replacement for all apps like Adobe, etc, and enjoy the freedom of open source at the same time.
Misread and for a second there I thought I might have to switch to beer. Need sleep. Damn you /.
Winkey shortcut mapping for 64bit windows. WinKeyPlus
This is a feature! Not a bug!