Fedora Linux Support Community & Resources Center
  #1  
Old 12th June 2007, 02:04 PM
OralDeckard Offline
Registered User
 
Join Date: Nov 2006
Posts: 474
Can Windows malware use Wine to install and run ?

I have always assumed that Windows viruses and malware could make use of Wine to install and attack, so have not pursued it. If I have to guess, better to err on the safe side.

But it sure would be nice to be able to run some Windows apps of my choice without having to build a Windows VM to sandbox them.

So what I'm looking for is someone with knowledge and experience in this area, who is not limited to guessing and erring on the safe side, who can address this issue.

I installed Crossover Office way back when I was running Xandros, and every time I instered a disk with a Windows program on it, it jumped up and started the install process. That did not impress me. What if it found a virus in my email, and played Johnny Onthe Spot and installed it. I run Linux mainly for security. I got Crossover Office off of there, and don't want the same problem with Wine.

Does Wine submit itself to the will of the user, allowing limitation to provision of the root password, or does it emulate Windows to the point of making things so easy for you that it can install thing behind your back ?
Reply With Quote
  #2  
Old 12th June 2007, 03:59 PM
A.Serbinski Offline
Registered User
 
Join Date: Jul 2006
Posts: 1,123
Wine is still a linux program, so it is subject to the security limitations of linux.
However, it certainly CAN run some wondoze virii.

This is what I can suggest;
1) As far as disk access goes, it has the same access as the user who ran wine, HOWEVER, it is limited to the drives that you MAP - see ~/.wine/dosdevices/
2) As superior as the linux security is to wondoze, nothing is perfect, HOWEVER, usually wondoze virii are designed to exploit wondoze flaws, not linux flaws.
3) A wondoze virus running in wine cannot hide from you like it can in wondoze - it WILL show up as a process when you "ps -A", and you CAN kill it whenever you feel like it.
4) Wine is a real bad hack. Most wondoze programs DO NOT work in it unless wine has been specifically hacked for that program, therefore there is a reasonable chance that any virus you find will simply NOT WORK.

Any particular programs you want to run? There might be alternatives.
Reply With Quote
  #3  
Old 12th June 2007, 08:04 PM
OralDeckard Offline
Registered User
 
Join Date: Nov 2006
Posts: 474
Thank you A.Serbinski. If it can stay bottled up in the mapped DOS drives, then it really shouldn't be a problem. I will install it in an F7 VM and then go visit the web and see what happnes. If it can hold out a week I wil get brave enough to do what I am after.

What I want it for is a program that I know it will run, and am pretty sure isn't available in straight Linux: IE. Many sites simply will not function properly with Firefox, and on my Windows machines I have the IE tab set up to automatically catch them. But in Linux, if I want to visit tht site, I have to just move over to a Windows machine.

My working Linux profiles have full access to the data server, so a virus there could erase or corrupt things. But if it cannot see past its mapped DOS drives, that would be a blessing.

Another program that keeps my boss on Windows is Pegasus email. Recon that one would run in Wine ? He just doesn't like Thunderbird or KMail.
Reply With Quote
  #4  
Old 12th June 2007, 08:13 PM
bob Online
Administrator (yeah, back again)
 
Join Date: Jul 2004
Location: Colton, NY; Junction of Heaven & Earth (also Routes 56 & 68).
Age: 69
Posts: 22,084
http://www.tatanka.com.br/ies4linux/page/Main_Page and for the 'how-to's':
http://forums.fedoraforum.org/forum/...d.php?t=154518
http://forums.fedoraforum.org/forum/...d.php?t=134153
http://forums.fedoraforum.org/forum/...d.php?t=125755
__________________
Linux & Beer - That TOTALLY Computes!
Registered Linux User #362651


Don't use any of my solutions on working computers or near small children.
Reply With Quote
  #5  
Old 12th June 2007, 08:18 PM
OralDeckard Offline
Registered User
 
Join Date: Nov 2006
Posts: 474
I went into Wine Configuration, and opened the Drives folder.
There was one for C, which was defined ad ../drive_c, and another one for Z, which was defined as, /

Oh, my GOD !!! Wine get the whole root folder as Z.
Reply With Quote
  #6  
Old 12th June 2007, 09:05 PM
leadgolem Offline
Registered User
 
Join Date: Apr 2005
Location: Littleton, CO
Age: 29
Posts: 2,857
Technically yes. Everything there is still restricted by permissions though. Wine won't do anything with a windows file until you tell it to. No automatically running programs. Also, wine would not normally have explorer installed. That removes a major entrance point for virii and malware.

Wine is not a windows emulator, so virtually all virii will not function anyway.
__________________
S.C.O.U.R.G.E. Heroes of lesser renown, contributor.
Reply With Quote
  #7  
Old 13th June 2007, 01:20 AM
A.Serbinski Offline
Registered User
 
Join Date: Jul 2006
Posts: 1,123
Despite the propaganda, wine IS a windoze EMULATOR.

Here's an excerpt from wikipedia;
Quote:
Wine is a project which aims to allow a PC with an x86 architecture processor running a Unix-like operating system and the X Window System to execute programs that were originally written for Microsoft Windows.
Hence, it emulates windoze for those programs.
Quote:
Alternatively, those wishing to port a Windows application to a Unix-like system can compile it against the Wine libraries in the form of Winelib.[1]

Originally, Wine stood for WINdows compatibility Emulator. However, today the name 'Wine' derives from the recursive acronym Wine Is Not an Emulator.
-- that basically means that they don't want it *CALLED* an emulator, even though it really IS.
Reply With Quote
  #8  
Old 13th June 2007, 01:23 AM
A.Serbinski Offline
Registered User
 
Join Date: Jul 2006
Posts: 1,123
Quote:
Originally Posted by OralDeckard
What I want it for is a program that I know it will run, and am pretty sure isn't available in straight Linux: IE. Many sites simply will not function properly with Firefox, and on my Windows machines I have the IE tab set up to automatically catch them. But in Linux, if I want to visit tht site, I have to just move over to a Windows machine.
Try this firefox plugin; https://addons.mozilla.org/en-US/firefox/addon/59

Quote:
My working Linux profiles have full access to the data server, so a virus there could erase or corrupt things. But if it cannot see past its mapped DOS drives, that would be a blessing.

Another program that keeps my boss on Windows is Pegasus email. Recon that one would run in Wine ? He just doesn't like Thunderbird or KMail.
Wow. Thats one nasty old out of date POS email program. Give him EVOLUTION.
Reply With Quote
  #9  
Old 13th June 2007, 01:25 AM
eck Offline
Registered User
 
Join Date: Jun 2007
Posts: 14
Yeah. Wine would more likely error out like it does when the dll files get mismatched between native and Wine fake dlls. You'd probably have to work hard with the configuration and install lots of native dlls for virus's to work. Hey, maybe they'll open a virus compatibility wiki!

Likely the worst would be deleting the whole fake Windows drive and you just did your own anti-virus remover. Just reinstall your programs and you're back running again. Nice that winecfg takes about a second to install Windows. Even easier with Crossover probably as you won't have to remember all the tweaks you did to get your programs to work. Crossover handles it for you (for supported applications, anyway).
__________________
Epox EP-8KRAIPRO, AthlonXP3200+, 2x512 Crucial PC3200 DDRSDRAM, GeForce 6600GT, Audigy 2 ZS
Reply With Quote
  #10  
Old 13th June 2007, 06:15 AM
leadgolem Offline
Registered User
 
Join Date: Apr 2005
Location: Littleton, CO
Age: 29
Posts: 2,857
Quote:
Originally Posted by Winehq
Wine makes it possible to run Windows programs alongside any Unix-like operating system, particularly Linux. At its heart, Wine is an implementation of the Windows Application Programing Interface (API) library, acting as a bridge between the Windows program and Linux. Think of Wine as a compatibility layer, when a Windows program tries to perform a function that Linux doesn't normally understand, Wine will translate that program's instruction into one supported by the system. For example, if a program asks the system to create a Windows pushbutton or text-edit field, Wine will convert that instruction into its Linux equivalent in the form of a command to the window manager using the standard X11 protocol.
And
Quote:
Originally Posted by Winehq
Some people mean by that that Wine must emulate each processor instruction of the Windows application. This is plain wrong. As Wine's name says: "Wine Is Not an Emulator": Wine does not emulate the Intel x86 processor.
Wine is not an emulator. As it says there, it would be closer to the truth to say it was a compatibility layer. Though I will grant you the distinction is confusing for the non-programmer.

I think I will go update a wikipedia entry.
__________________
S.C.O.U.R.G.E. Heroes of lesser renown, contributor.
Reply With Quote
  #11  
Old 13th June 2007, 06:31 AM
Zero-Override Offline
Registered User
 
Join Date: May 2005
Posts: 741
for starters, a virus is a program to exploit very VERY specific flaws in a windows machine, if even one file of it doesn't match up it won't work

Wine, as great as it is, is NOT windows and simply does not have the bloatware that virusses exploit, wine only has the very very basics to make some programs able to run in there


as for a little example (i have written a few simple viruses to pester friends and such )
a simple virus would be a buffer-overflow for a media player, the thing is that most of those are statically programmed, they always use the same sort of data and store them in the same place, now in windows that place will be place XYZ specific folder, specific dll file to load from, specific sound driver to route to, stuff like that
in Wine that entire place does not exist... bye bye virus the way Wine needs to route its sound to alsa would be entirely different for example

a virus COULD still be cross-platform but that would take way way more effort then any virus programmer is prepared to do mostly
__________________
LINUX NUMBER 389596
machine number 290131
Reply With Quote
  #12  
Old 13th June 2007, 07:19 AM
A.Serbinski Offline
Registered User
 
Join Date: Jul 2006
Posts: 1,123
Quote:
Originally Posted by leadgolem
Quote:
Originally Posted by Winehq
Originally Posted by Winehq
Wine makes it possible to run Windows programs alongside any Unix-like operating system, particularly Linux. At its heart, Wine is an implementation of the Windows Application Programing Interface (API) library, acting as a bridge between the Windows program and Linux. Think of Wine as a compatibility layer, when a Windows program tries to perform a function that Linux doesn't normally understand, Wine will translate that program's instruction into one supported by the system. For example, if a program asks the system to create a Windows pushbutton or text-edit field, Wine will convert that instruction into its Linux equivalent in the form of a command to the window manager using the standard X11 protocol.
And
Quote:
Originally Posted by Winehq
Some people mean by that that Wine must emulate each processor instruction of the Windows application. This is plain wrong. As Wine's name says: "Wine Is Not an Emulator": Wine does not emulate the Intel x86 processor.
Wine is not an emulator. As it says there, it would be closer to the truth to say it was a compatibility layer. Though I will grant you the distinction is confusing for the non-programmer.

I think I will go update a wikipedia entry.
You seem to be missing the distinction between a hardware emulator and a software emulator. Its true that wine is not a hardware emulator. The key component of the above quoted passages is as follows;
Quote:
when a Windows program tries to perform a function that Linux doesn't normally understand, Wine will translate that program's instruction into one supported by the system
That means that it is EMULATING WINDOZE. Not the hardware, the OS.

Your alternative to a SOFTWARE emulator, of course is a HARDWARE emulator. This would be something like qemu. With a HARDWARE emulator, you are NOT emulating the software - you are running the ACTUAL software.


Quote:
Originally Posted by American Heritage Dictionary
Emulate: 3) Computer Science To imitate the function of (another system), as by modifications to hardware or software that allow the imitating system to accept the same data, execute the same programs, and achieve the same results as the imitated system.
And since Wine is NOT WINDOZE (ie, it is not from the same source written (stolen) by microsoft), it is therefore an IMITATION of some of the function of windoze, and qualifies as an EMULATOR.



And finally;
Quote:
Though I will grant you the distinction is confusing for the non-programmer.
Be careful of what assumptions you make. Murphy's Law suggests that more often than not, they're WRONG, as is the case here.
Reply With Quote
  #13  
Old 13th June 2007, 07:48 AM
leadgolem Offline
Registered User
 
Join Date: Apr 2005
Location: Littleton, CO
Age: 29
Posts: 2,857
I have no wish to continue what is essentially an irrelevant argument. Have a nice day.
__________________
S.C.O.U.R.G.E. Heroes of lesser renown, contributor.
Reply With Quote
  #14  
Old 13th June 2007, 03:06 PM
OralDeckard Offline
Registered User
 
Join Date: Nov 2006
Posts: 474
Well, gee folks, thanks for all your thoughts. I have certainly leanred a lot here.
I guess if I ask a question I should be prepared to get it answered.
I'll be going over this in more detail this evening.

And thank you all very much
Reply With Quote
Reply

Tags
install, malware, run, windows, wine

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Malware cracks me up crainey69 Security and Privacy 20 19th October 2008 07:27 AM
Wine (not wine deskop) windows show no decorations with Beryl in F7 Thetargos Using Fedora 2 3rd February 2008 07:51 AM
install windows software in wine 123my Using Fedora 5 7th October 2007 06:28 PM
Malware phree Security and Privacy 4 17th July 2007 11:36 AM
Malware Update with Windows Update PsikoticWandrer Wibble 8 16th May 2007 12:14 PM


Current GMT-time: 17:36 (Thursday, 31-07-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat