digg

Facebook Connect Join Digg About

Wine Sucks at Running Windows Viruses!

os.newsforge.com It just isn't fair that Windows users get all the viruses. I mean really, shouldn't Linux users be in on the fun as well? Well... thanks to the folks running the Wine project, Linux users can "catch the virus bug" too -- sort of.

Who dugg this? Made popular Aug 10, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

53 Comments

show profanity settings
expand all
  • MonsterChaOS, on 10/10/2007, -1/+27wow man, you totally missed what he was saying...
  • neko, on 10/10/2007, -1/+26Nice to know that the nasty ones will have trouble running (no doubt because the whole API, bugs and all, isn't complete), but I am a bit concerned at how easy it is to run .exes these days. Distros like Ubuntu are making it work straight out of Nautillus, and I've seen the default action of Firefox for .exes become "open with wine" or slightly more disturbing, "wine-safe"... which I think would give many a false sense of security.

    Someone could still send you a "Dancing Potatoes Screensaver.exe" which simply deletes all the files it can find. Thanks to the Z:\ drive which seems to be set up by default, it might still be able to nuke your home directory, which isn't pleasant for anyone.

    For native linux binaries, this wouldn't be a problem - you'd have to switch on the 'execute' bit before the system will run it. Wine has no such restriction, and I think perhaps it should, and encourage good habits.
  • toxicgonzo, on 10/10/2007, -2/+18I don't get it.

    If WINE fails at emulating a Windows virus, is that a bonus security "feature" or a testament to how much WINE sucks?
    If WINE successfully runs a Windows virus, does that show how good WINE is or how it poses a security risk?

    Is this good news or bad news?
  • subliminalurge, on 10/10/2007, -2/+16First of all, way to miss the point.

    Second, I've seen plenty of Windows screen savers that came wrapped in an executable installer.
  • Izacus, on 10/10/2007, -0/+9Well a simple bash script with something like: echo "Enter your password for loads of free porn: " ; sudo rm -rf / could do the same without wine.

    Users are stupid, remember that.
  • Fordi, on 10/10/2007, -2/+9.scr files are simply .exes with special hooks. They'll still run OOB with Wine.
  • MBHoy, on 10/10/2007, -0/+6Article wrtten: Wednesday January 26, 2005 (06:12 PM GMT)

    Plus, it was already dugg, 168 days ago: http://digg.com/linux_unix/What_would_happen_if_you_ran_a_Windows_virus_in_Linux_using_wine



  • UlicBelouve, on 10/10/2007, -0/+6And was already submitted, very same tagline.

    http://digg.com/linux_unix/Running_Windows_viruses_with_Wine
    2 years 194 days ago
    It just isn't fair that Windows users get all the viruses. I mean really, shouldn't Linux users be in on the fun as well? Well... thanks to the folks running the Wine project, Linux users can "catch the virus bug" too -- sort of.

    That's just lame.
    Plus, topic covered in another one about 5-6 months ago:
    http://digg.com/linux_unix/What_would_happen_if_you_ran_a_Windows_virus_in_Linux_using_wine

    Bury this dupe.
  • Mejogid, on 10/10/2007, -0/+5You wouldn't necessarily have to flip the x bit - if they wrap it in a tarball it may already be set once you've decompressed it.
  • saftaplan, on 10/10/2007, -0/+4Conclusion: unless you run wine as root for some stupid reason, you can only screw up your own account, not the whole computer. But maybe these H: (home) and Z: (root) drives should be disabled by default or only accessible after a sudo-like confirmation.
  • GMorgan, on 10/10/2007, -0/+4Standard reply. Apache, IIS, explain. Or is this the exception that proves the rule.
  • GMorgan, on 10/10/2007, -0/+4Most viruses and malware take advantage of obscure implementation details in the host OS. It's no wonder they don't work with Wine since Wine is a different implementation. Malware isn't tied to API's in such an obvious way, it is designed to exploit flaws in the way that API was built rather than in the API itself. WRT web servers and buffer overflows, there is only an issue because the implementation doesn't do boundary checking on array accesses, if you implemented the same external API but with a system that throws an exception, asserts, rejects or even tries to fix a request that would cause an overflow then the exploit no longer works despite no changes to the API (at least as far as legitimate programs are concerned).

    For this reason we can get decent compatibility (for all Windows programs that do not rely on obscure implementation details themselves) but still be relatively free of Windows viruses.
  • miztaken, on 10/10/2007, -0/+3Quick! Someone shove his head up his ass!
  • maybeway36, on 10/10/2007, -0/+3That's why distros don't install Wine by default.
  • MBHoy, on 10/10/2007, -0/+3In addition to what I said above:

    Buried.
  • trghpy, on 10/10/2007, -3/+6I for one can't wait till a windows virus decides to execute a wine flaw and seriously hose a linux box.
    ...
    Wait, yes I can. Ain't compatibility a bitch?
  • Acglaphotis, on 10/10/2007, -0/+3People dont wanna reboot to use a wine-compatible application.
  • inactive, on 10/10/2007, -1/+3Dugg down for implying someone who hates Linux owns MS products.
  • scabbers, on 10/10/2007, -0/+2If you download something with a new virus that isn't in the database of your anti-virus, it will pass the virus scan. It's possibly still your fault for downloading something from an untrusted source, but it's not on the same level as opening a "sex.exe" someone from albania sent you in email.
  • schestowitz, on 10/10/2007, -2/+4Maybe Wine has gained virus compatibility since then. Old (and classic) article indeed. There is a similar one at the GNU site.
  • DteK, on 10/10/2007, -1/+3I myself cannot figure out why people want to run Wine.
    If you need to run windows then keep a windozes box around.

    Nowadays my windows machine is a glorified video game console out on my networks DMZ.
  • sneakerelph, on 10/10/2007, -0/+2It is the windows OS that runs everything as administrator, all the time, by default. Vista is making great strides in this area, but the simple fact of a linux virus is that it can't cause system wide damage unless it's being run as root. in order to run as root, it'll need a password, so the noob who gets their system hosed is the one who gave the virus permission to do that.
  • Blitzenn, on 10/10/2007, -0/+2Pretty poor analysis. About 85% of all windows viruses execute a simple copy, delete or edit command. If Wine cannot execute these commands, then most applications would not work. The replicating portion of the viruses (hence email propagation) is not the forefront concern of people who become infected. The issue is the damage it does to the local machine with the copy, delete and edit functions. Spreading the virus after the damage is done is an ancillary problem.



    Secondly there are tens of thousands of viruses out there. It is unfair to test five and declare it good (unfair to Wine users).
  • timestar, on 10/10/2007, -1/+3heres how to make a windows screensaver: rename my-lovely-screensaver.exe to my-lovely-screensaver.scr
  • sneakerelph, on 10/10/2007, -0/+2except for as long as WINE is being run as a regular user (which is the default for noob friendly distros with users who would run a virus), you can't "seriously hose a linux box"
  • Xilon, on 10/10/2007, -0/+2That's more than on Linux... Damn, Vista IS better than Linux :(
  • EvilWalksWithMe, on 10/10/2007, -0/+1Laugh it up *****... you wait until your hailed linux global dommination takes hold and all the viruses you can ever imagine run natively! Oh so much fun for all :P
  • YourDoom123, on 10/10/2007, -0/+1nope :( wine can access anything on your hard drive as long as you give it the appropriate permissions. the Z: drive is the same as / on my ubuntu machine.
  • chrismgtis, on 10/10/2007, -1/+2Boo hoo.

    If you get a virus, it's because you did something stupid.

    Learn to grasp that common sense concept and you're life will be much easier and you will look like much less of an ass hat claiming viruses are such a threat.
  • sirdaz, on 10/10/2007, -0/+1Unless it sucks under wine..
  • arjie, on 10/10/2007, -0/+1Yes, but that user can lose his data which can be more painful sometimes. Of course, if it's a multi-user system then only that user loses his stuff.
  • Skywise, on 10/10/2007, -1/+2On a slightly related note, I found that running a dual core machine really helped keep my performance going after I was infected with a trojan (after viewing a webpage via Digg). It made the "de-trojaning" process a much more delightful experience >sic
  • superterran, on 10/10/2007, -1/+2I don't understand how Wine could hose a linux system if it's strictly staying to the Windows API. Maybe I just don't know enough about how the system works, but obviously Wine can't use a file in the NFS (linux file system) file system and have it work outright. The API wouldn't be able to figure out where the file's located, much less be compatible with all the API stuff with an NTFS/FAT filesystem... i know they have a dummy windows install where it can abstract everything as so to maintain compatibility.

    Worse case - those files get ***** up. but, since those files are protected outside of Wine, I'd figure that Wine on Linux would be so much more secure than running somethathing from within windows t this stuff shouldn't even be a blip on anybodies radar. Seems like the absolute worst that could happen is that you'd have to apt-get wine again; and even then that doesn't seem like it's likely. Isn't that how it's suppose to work?
  • doolittle, on 10/10/2007, -2/+3Ahh I remember the wine WMF exploit well in early '06... In the matter of a couple of days a fix was released in CVS so I created a little howto check-out the latest CVS release here:

    http://ubuntuforums.org/showpost.php?p=641761&postcount=19

    It's not all that difficult, will have to try it an SVN checkout some time, CVS is old school :)
  • flashingcurser, on 10/10/2007, -0/+1Ya good argument, why historically have IIS and mssql been hit so hard by viruses? Especially when the web runs on apache and any database except mssql. Though I understand IIS is at about 20% now, all time high however.
  • razor150, on 10/10/2007, -1/+1Quick, somebody please post an even dumber article.
  • ShogunWarPig, on 10/10/2007, -3/+3You are a very unintelligent individual. My guess is that you own both a Xbox and a Zune, and you hate Linux only because you have yet to evolve enough to figure out the simple-to-all-but-dumbasses procedure of installing a Linux distro.
  • no1unorightnow, on 03/02/2009, -0/+0At the time this was submitted, there was already a Digg for this exact same article: http://digg.com/linux_unix/Running_Windows_viruses ...

    However, that link, too is outdated. The current one is: http://www.linux.com/articles/42031
  • ram100987, on 10/10/2007, -0/+0F*ckin hilarious!
  • ku16610, on 10/10/2007, -0/+0Nice article Recycle it was better the first time i read it on digg though.
  • Gumboot, on 10/10/2007, -0/+0Vista also sucks - only 2-4% of current viruses work under Vista.

    Source: http://www.symantec.com/avcenter/reference/Impact_of_Malicious_Code_on_Vista.pdf
  • therealkidsmoke, on 10/10/2007, -0/+0Don't like windows, need to/like to use some applications built for windows is a reason to run wine..
  • Thehound666, on 10/10/2007, -0/+0They just need to write more for Vista. Many Windows 9x virii don't work on NT/2000/XP and Vista is yet another overhaul to the OS in some ways. Likewise I have seen NT/2000/XP virii that won't even run on 9x despite the horrible overall security of 9x simply because they depend on an NT service that isn't present. There is more for Linux, but it usually takes bad software running as root to exploit it, Vista writers will probably go that route, give Vista's enhanced permissions system vs other Windows.
  • Thehound666, on 10/10/2007, -0/+0WINE has become very good at running .exes in themselves. I would not be too worried about this for several factors. WINE doesn't run as a daemon in Linux, thus the virii can be manually killed or will be killed at next boot, though I have had luck with running exes that depend on a startup exe simply by invoking the dependency exe first. WINE, if run properly, also cannot have system root privileges unless you explicitly gave it such. For greater security on doubtful .exes, it can also be run as a suicide user that has no access to any folders your normal user has via Linux permissions. So bottom line is permissions virii need to work correctly are lacking on WINE. This article is a bit funny because it seems this person is running virii out of boredom, but it could actually be useful in using WINE as a VMWare of sorts, without all the overhead for virus research. This goes with the basic idea of the usefulness of Linux: It's infinitely useful based on user's imagination, just like writing your own shell scripts.
  • Thehound666, on 10/10/2007, -0/+0Exactly. Integration into your otherwise better OS on a single machine is the key. Some applications do actually run better on WINE, so it is always worth checking if that's the case, as well. A matter of principle too. We're breaking down the OS camps and making things more universal. It's really a beautiful thing.
  • inactive, on 10/10/2007, -10/+9Old. SO old. Buried as spam.
  • lioneljaffry, on 10/10/2007, -1/+0Article from 2005... Lame.
  • arekarek, on 10/10/2007, -1/+0Article from 2005... Duplicate!
  • jthomp, on 10/10/2007, -3/+1lamest article ever. buried.
  • Fetching more discussions...
    Show 51 - 54 of 54 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.