Slashdot Mirror
Now Linux Can Get Viruses, Via Wine
fsufitch writes "Wine has advanced enough to make Linux not immune to Windows viruses. However, just like many Wine applications, it takes a bit of effort to get the program off the ground. Also, just like some Windows programs running via Wine, not all features may work — in this case, the crippling of the system, immunity to the task manager, identity theft, etc."
But none of us really want a locked down OS
WTF?
Microsoft totally fucked up the principle of least privilege from day one. If they hadn't, the damage done by viruses/worms in the history of personal computing, would have been an order of magnitude less.
The way Linux software is distributed, makes it much less likely to get a virus. You know how many applications I have downloaded from random websites in the past 2 years for my Linux system? Maybe, 2. All of the rest are in the centrally managed, (hopefully) certified virus-free application repository, which is free for all.
The idea that a Linux user would download random stuff from a torrent or website is a pretty foreign concept. For me, and moth others, if it isn't in the repository, I don't bother - because there is probably something in the repository that suits my needs just as well or better anyway.
What do you expect when Linux gets drunk on Wine and wakes up with Windows it's bound to have caught something.
To be fair, there's a significant effort to install backdoors/trojans on poorly configured linux machines, but the issue is that they're a much more difficult target as servers do not browse websites with IE nor do they open every attachment you send them via email.
What makes most machines insecure is the users, and since a server normally has only 1 very tech-saavy user, the only openings are in poorly configured services. I know that I had phpbb for a long time, and one day I put in a game playing mod (had some goofy things like achievements and little trophies), and I got hacked via a google search.
Fortunately the guy who installed it didn't finish off his attack by clearing his own history, and the server wasn't running as root, so he only got as far as screwing with the main page.
To say that the server market isn't continually targeted is disingenuous. It's just harder because it isn't operated by a ton of idiots (well, most of the time anyway).
The problem is, for a home computer, you are your own sysadmin.
And then the dancing bunnies problem comes into play.
User: "Oooh, I can download this to see dancing bunnies." *downloads and executes malware*
Malware: *tries to install*
OS: "Malware needs root access to install. Please enter your root password." (Windows version of this would be "Cancel or Allow.")
User: *enters root password*
Malware: *infects system*
OS: *pwned*
User: *pwned*
If I was teh evil malwares writer, I would target OSX as its users have piles of cash. The trick would be to make your pop-up so beautifully coloured, shaded, animated and raytraced that the style-obsessed mac user would fill in his credit card details immediately.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
A virus that is Linux-aware can escape from a WINE sandbox like this very easily. WINE handles Windows library calls, but it can not intercept system calls. If you put a Linux system call number into eax and issue interrupt 80h then you get a Linux system call, irrespective of whether it's a programme running with WINE or a native Linux program. Remember, WINE is not an emulator, it is just a loader and a set of libraries. It doesn't provide any sandboxing. WINE even provides a mechanism for allowing programs to detect if they are running under WINE, so if you can persuade a Linux user to run a program under WINE (or infect another program running under WINE) then you can do anything that the user can do. Unless, of course, you combine WINE with SELinux or some other real sandboxing mechanism.
I am TheRaven on Soylent News
The beauty of wine, is that you can configure multiple wine instances which are segregated from each other, so a virus infecting one won't affect another... Also, since wine is a userland program which is only invoked at the user's request, any malware shouldn't be able to make itself load at boot.
Incidentally, small desktop marketshare is not the only reason, windows has traditionally been more susceptible to viruses due to various design decisions which don't apply to linux, various factors like hiding of file extensions, users being admin by default, files being executable purely based on their filename (linux users have to chmod something first), and the basic fact that windows has its origins in a single user gui addon for dos which had no concept of security whatsoever (yes i know nt does, but they grafted the old 9x interface and apis on top, which fundamentally weakened the security model inherent in nt).
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
You want to know why Linux don't get viruses? You don't get the "Velma" users, that's why. I have a customer we have nicknamed the "walking disaster area" because she will click on ANYTHING that pretends to be a screensaver or comes from one of her friends email addresses, I don't care if the antivirus tries to throw itself between her and the .exe. Just as I had a customer that you could send him ANYTHING with the word 'lesbian" in it, and he would do what? yep, he would run it. .Exe, .VBS, you name it, all it had to do was have lesbian somewhere in the title.
So don't worry, you Linux guys get the "Velma" users I'm quite sure your good friends in Nigeria, the RBN, and China will be cooking up "happy_screensaver.sh" and "hot_lesbians_vid.sh" and the clueless will happily run it and spread bugs like the clap. Trust me, as a PC repair guy for more years than I care to count a good 999/1000 Windows bugs can be traced back to PEBKAC.
ACs don't waste your time replying, your posts are never seen by me.