Can Windows malware use Wine to install and run ?

[OralDeckard]

I have always assumed that Windows viruses and malware could make use of Wine to install and attack, so have not pursued it. If I have to guess, better to err on the safe side.

But it sure would be nice to be able to run some Windows apps of my choice without having to build a Windows VM to sandbox them.

So what I'm looking for is someone with knowledge and experience in this area, who is not limited to guessing and erring on the safe side, who can address this issue.

I installed Crossover Office way back when I was running Xandros, and every time I instered a disk with a Windows program on it, it jumped up and started the install process. That did not impress me. What if it found a virus in my email, and played Johnny Onthe Spot and installed it. I run Linux mainly for security. I got Crossover Office off of there, and don't want the same problem with Wine.

Does Wine submit itself to the will of the user, allowing limitation to provision of the root password, or does it emulate Windows to the point of making things so easy for you that it can install thing behind your back ?

[A.Serbinski]

Wine is still a linux program, so it is subject to the security limitations of linux.
However, it certainly CAN run some wondoze virii.

This is what I can suggest;
1) As far as disk access goes, it has the same access as the user who ran wine, HOWEVER, it is limited to the drives that you MAP - see ~/.wine/dosdevices/
2) As superior as the linux security is to wondoze, nothing is perfect, HOWEVER, usually wondoze virii are designed to exploit wondoze flaws, not linux flaws.
3) A wondoze virus running in wine cannot hide from you like it can in wondoze - it WILL show up as a process when you "ps -A", and you CAN kill it whenever you feel like it.
4) Wine is a real bad hack. Most wondoze programs DO NOT work in it unless wine has been specifically hacked for that program, therefore there is a reasonable chance that any virus you find will simply NOT WORK.

Any particular programs you want to run? There might be alternatives.

[OralDeckard]

Thank you A.Serbinski. If it can stay bottled up in the mapped DOS drives, then it really shouldn't be a problem. I will install it in an F7 VM and then go visit the web and see what happnes. If it can hold out a week I wil get brave enough to do what I am after.

What I want it for is a program that I know it will run, and am pretty sure isn't available in straight Linux: IE. Many sites simply will not function properly with Firefox, and on my Windows machines I have the IE tab set up to automatically catch them. But in Linux, if I want to visit tht site, I have to just move over to a Windows machine.

My working Linux profiles have full access to the data server, so a virus there could erase or corrupt things. But if it cannot see past its mapped DOS drives, that would be a blessing.

Another program that keeps my boss on Windows is Pegasus email. Recon that one would run in Wine ? He just doesn't like Thunderbird or KMail.

[bob]

http://www.tatanka.com.br/ies4linux/page/Main_Page and for the 'how-to's':
http://forums.fedoraforum.org/forum/...d.php?t=154518
http://forums.fedoraforum.org/forum/...d.php?t=134153
http://forums.fedoraforum.org/forum/...d.php?t=125755

[OralDeckard]

I went into Wine Configuration, and opened the Drives folder.
There was one for C, which was defined ad ../drive_c, and another one for Z, which was defined as, /

Oh, my GOD !!! Wine get the whole root folder as Z.

[leadgolem]

Technically yes. Everything there is still restricted by permissions though. Wine won't do anything with a windows file until you tell it to. No automatically running programs. Also, wine would not normally have explorer installed. That removes a major entrance point for virii and malware.

Wine is not a windows emulator, so virtually all virii will not function anyway.

[A.Serbinski]

Despite the propaganda, wine IS a windoze EMULATOR.

Here's an excerpt from wikipedia;

Quote:

Wine is a project which aims to allow a PC with an x86 architecture processor running a Unix-like operating system and the X Window System to execute programs that were originally written for Microsoft Windows.

Hence, it emulates windoze for those programs.

Quote:

Alternatively, those wishing to port a Windows application to a Unix-like system can compile it against the Wine libraries in the form of Winelib.[1]

Originally, Wine stood for WINdows compatibility Emulator. However, today the name 'Wine' derives from the recursive acronym Wine Is Not an Emulator.

-- that basically means that they don't want it *CALLED* an emulator, even though it really IS.

[A.Serbinski]

Quote:

Originally Posted by OralDeckard

What I want it for is a program that I know it will run, and am pretty sure isn't available in straight Linux: IE. Many sites simply will not function properly with Firefox, and on my Windows machines I have the IE tab set up to automatically catch them. But in Linux, if I want to visit tht site, I have to just move over to a Windows machine.

Try this firefox plugin; https://addons.mozilla.org/en-US/firefox/addon/59

Quote:

My working Linux profiles have full access to the data server, so a virus there could erase or corrupt things. But if it cannot see past its mapped DOS drives, that would be a blessing.

Another program that keeps my boss on Windows is Pegasus email. Recon that one would run in Wine ? He just doesn't like Thunderbird or KMail.

Wow. Thats one nasty old out of date POS email program. Give him EVOLUTION.

[eck]

Yeah. Wine would more likely error out like it does when the dll files get mismatched between native and Wine fake dlls. You'd probably have to work hard with the configuration and install lots of native dlls for virus's to work. Hey, maybe they'll open a virus compatibility wiki!

Likely the worst would be deleting the whole fake Windows drive and you just did your own anti-virus remover. Just reinstall your programs and you're back running again. Nice that winecfg takes about a second to install Windows. Even easier with Crossover probably as you won't have to remember all the tweaks you did to get your programs to work. Crossover handles it for you (for supported applications, anyway).

[leadgolem]

Quote:

Originally Posted by Winehq

Wine makes it possible to run Windows programs alongside any Unix-like operating system, particularly Linux. At its heart, Wine is an implementation of the Windows Application Programing Interface (API) library, acting as a bridge between the Windows program and Linux. Think of Wine as a compatibility layer, when a Windows program tries to perform a function that Linux doesn't normally understand, Wine will translate that program's instruction into one supported by the system. For example, if a program asks the system to create a Windows pushbutton or text-edit field, Wine will convert that instruction into its Linux equivalent in the form of a command to the window manager using the standard X11 protocol.

And

Quote:

Originally Posted by Winehq

Some people mean by that that Wine must emulate each processor instruction of the Windows application. This is plain wrong. As Wine's name says: "Wine Is Not an Emulator": Wine does not emulate the Intel x86 processor.

Wine is not an emulator. As it says there, it would be closer to the truth to say it was a compatibility layer. Though I will grant you the distinction is confusing for the non-programmer.

I think I will go update a wikipedia entry.

[Zero-Override]

for starters, a virus is a program to exploit very VERY specific flaws in a windows machine, if even one file of it doesn't match up it won't work

Wine, as great as it is, is NOT windows and simply does not have the bloatware that virusses exploit, wine only has the very very basics to make some programs able to run in there


as for a little example (i have written a few simple viruses to pester friends and such )
a simple virus would be a buffer-overflow for a media player, the thing is that most of those are statically programmed, they always use the same sort of data and store them in the same place, now in windows that place will be place XYZ specific folder, specific dll file to load from, specific sound driver to route to, stuff like that
in Wine that entire place does not exist... bye bye virus the way Wine needs to route its sound to alsa would be entirely different for example

a virus COULD still be cross-platform but that would take way way more effort then any virus programmer is prepared to do mostly

[A.Serbinski]

Quote:

Originally Posted by leadgolem

Quote:

And

Quote:

Wine is not an emulator. As it says there, it would be closer to the truth to say it was a compatibility layer. Though I will grant you the distinction is confusing for the non-programmer.

I think I will go update a wikipedia entry.

You seem to be missing the distinction between a hardware emulator and a software emulator. Its true that wine is not a hardware emulator. The key component of the above quoted passages is as follows;

Quote:

when a Windows program tries to perform a function that Linux doesn't normally understand, Wine will translate that program's instruction into one supported by the system

That means that it is EMULATING WINDOZE. Not the hardware, the OS.

Your alternative to a SOFTWARE emulator, of course is a HARDWARE emulator. This would be something like qemu. With a HARDWARE emulator, you are NOT emulating the software - you are running the ACTUAL software.

Quote:

Originally Posted by American Heritage Dictionary

Emulate: 3) Computer Science To imitate the function of (another system), as by modifications to hardware or software that allow the imitating system to accept the same data, execute the same programs, and achieve the same results as the imitated system.

And since Wine is NOT WINDOZE (ie, it is not from the same source written (stolen) by microsoft), it is therefore an IMITATION of some of the function of windoze, and qualifies as an EMULATOR.



And finally;

Quote:

Though I will grant you the distinction is confusing for the non-programmer.

Be careful of what assumptions you make. Murphy's Law suggests that more often than not, they're WRONG, as is the case here.

[leadgolem]

I have no wish to continue what is essentially an irrelevant argument. Have a nice day.

[OralDeckard]

Well, gee folks, thanks for all your thoughts. I have certainly leanred a lot here.
I guess if I ask a question I should be prepared to get it answered.
I'll be going over this in more detail this evening.

And thank you all very much