issues with wine running viruses

Antivirus, forensics, intrusion detection, cryptography, etc.
Post Reply
Message
Author
User avatar
37fleetwood
Posts: 403
Joined: Fri 10 Aug 2007, 03:25

issues with wine running viruses

#1 Post by 37fleetwood »

ok, I didn't know exactly where to put this post but I think this is a very serious issue for Puppy users since Puppy has us running as root. I found this on the Ubuntu forum after google searching for information on viruses in wine.

http://ubuntuforums.org/showthread.php?t=72598

on the older versions of wine it seemed that in order to run an .exe file you had to open the wine browser but in the newer versions of wine this is not the case, you can click on an .exe anywhere and it will open.
the issue compounds when you run as root because the virus theoretically has the ability to change anything it likes.
viruses don't run correctly in Linux but to some degree they will run.
my advice is if you are going to run wine run clam av as well and scan everything for windows.
the glaring thing about the article was just how the guys there avoided the obvious issue, that the most common way of getting a virus in wine is pirated software. most of us are kinda used to things being free and Linux users seem to be of the more adventurous ilk but I advise against this type of piracy not only because it is illegal but it seems that it is also possibly unsafe.
for legitimate wine users I can't imagine a way of running into this problem as you would have to be running a browser or mail client in wine for it to open something you didn't want it to, wouldn't you? the simple precaution of not opening something you shouldn't anyway may basically suffice to keep you safe.
could some of you who are more knowledgeable comment on this please.
thanks
Scott 8)

User avatar
Béèm
Posts: 11763
Joined: Wed 22 Nov 2006, 00:47
Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win

#2 Post by Béèm »

What I understand from the referenced post is, that it only affects the wine install.
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]

User avatar
37fleetwood
Posts: 403
Joined: Fri 10 Aug 2007, 03:25

#3 Post by 37fleetwood »

I thought it said it copied files as far as it had permission and only got so far because the guy was running as user rather than root. the one guy found 1300? virus files all over his system. this thing can spread files to any directory that is accessible as root which is every single one in Puppy. the one the guy tested only went as far as copying itself all over the place (which for certain systems could be disasterous, say a dual boot with Windows where it would find the directory structure it expects to find) the other kinds of viruses discussed were the key loggers and other such which could actually do what they were designed to do. the overall threat is possibly small compared to windows but it is still there and also one of the stress points they were making was that the damage was minimized due to the fact that access as root was denied, this however is not the case in puppy.
Scott 8)

User avatar
Béèm
Posts: 11763
Joined: Wed 22 Nov 2006, 00:47
Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win

#4 Post by Béèm »

If you go unprotected at the net, you can expect illness.
I have a dual boot XP/Puppy.
I never had a virus in Puppy.
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#5 Post by mikeb »

Hmm well for example wine usually has c:\ and z:\... z:\='\' in puppy to give wine access to the full file system (as root). Now viruses tend to target know windows folders/files eg to use IE to restansmit themselves so would not normally even bother with a z:\ drive as mentioned in the article only the .wine folder would be affected...but that doesn't actually feel very secure.

Another point is the usual way in for windows is IE and open ports like 135...neither normally apply to wine but there is available true IE for wine for testing purposes...the developers themselves say it is risky using it.

As a side note I have deliberatly tried dodgy sites and exe files in puppy and in windows with IE removed and apart from crashing firefox or using 100% cpu until killed no other damage was done....hence my feeling that a 'standard' windows setup is what is normally targetted.

One other point....I never have c:\ mounted in puppy when running wine....there is a known bug that programs run in wine from there (as root) can wipe the mbr and its's true.
I even had one program....a game emulator...wipe it without c:\ mounted.

Wine attempts to mimic windows..bugs and all...so always be cautious with it

regards

mike

bdup12
Posts: 8
Joined: Tue 11 Nov 2008, 17:08
Location: Florida

viruses

#6 Post by bdup12 »

So what you guys are saying is that there is a problem, with the program Wine and its kind of like a virus that messes with the drives?
And if im right how harmful is it to us puppy users?

P.S. how come bill or other XP users gave us viruses?

User avatar
37fleetwood
Posts: 403
Joined: Fri 10 Aug 2007, 03:25

#7 Post by 37fleetwood »

the viruses don't really work in Linux but can sort of run in wine.
usually this is safeguarded by the typical linux install running in user and not root. Puppy runs as root which means that linux can't really protect itself.
again the viruses don't really work but what has happened was that the virus started copying itself and other new viruses as far and wide as it could.
if you run on a computer which has windows installed I am guessing that there is at least the chance it could screw things up a bit.
as far as linux is concerned it won't do much except fill up your hard drive with viruses that don't really work, at which time you have to go back through and find and delete them all, and maybe mess with your wine install.
my concern is the viruses that target hardware firmware, or fat tables, etc. could a virus run under wine in linux run as root succeed in attacking my firmware or boot tables and such on fat32 or ntfs drives? of course I understand that the typical virus doesn't really do anything in Linux but is it possible that the combination of wine and running in root leave us vulnerable especially with windows partitions?
Scott 8)

User avatar
cb88
Posts: 1165
Joined: Mon 29 Jan 2007, 03:12
Location: USA
Contact:

#8 Post by cb88 »

there is VERY little chance that a virus running in wine could damage your HW since the HW access in linux is not the same as windows and wine does not implement hardly any of it

it mostly only implements sounds gui and directx apis

which only give access to functions exposed securely by Linux
Taking Puppy Linux to the limit of perfection. meanwhile try "puppy pfix=duct_tape" kernel parem eater.
X86: Sager NP6110 3630QM 16GB ram, Tyan Thunder 2 2x 300Mhz
Sun: SS2 , LX , SS5 , SS10 , SS20 ,Ultra 1, Ultra 10 , T2000
Mac: Platinum Plus, SE/30

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#9 Post by mikeb »

To put things in proportion the 4 main vunerabilities in windows are IE integration activex, the zone system and open ports...wine does not suffer from these normally..linux is secure by default and the sort of software most use on wine would not infringe on this.

Just bear in mind that you are using a form of windows and are running as root...use reasonable caution and common sense.
P.S. how come bill or other XP users gave us viruses?
I have never been convinced by the competancy of microsoft's programmers...particularily the non business side (95/98/me)..most of the good stuff was written or plagarised from other companies. They created an OS that was wide open to attack and sold it to everybody...irresponsible if you ask me.
And instead of removing the cause they simply patch up the holes...('Are you sure you want to press that key Dave')

Sleep soundly

mike

Arthur
Posts: 15
Joined: Mon 10 Nov 2008, 05:46
Location: Earth

windows problems come with wine

#10 Post by Arthur »

While connecting a selection of external hard drives and pens this virus which comes with an auto run file managed to spread itself onto every drive and partition. This was using wine with puppy dingo. Wine version 1. Puppy 4.0. I don't run wine since that experience!

User avatar
37fleetwood
Posts: 403
Joined: Fri 10 Aug 2007, 03:25

#11 Post by 37fleetwood »

this is exactly the concern I wanted to express, inexperienced Linux users such as myself need to be warned to be careful when using wine in Linux generally, and Puppy specifically. as a root user, wine can allow viruses to do bad things. just because it won't be as bad as it would be in windows, it doesn't mean bad things won't happen. I am currently running Xubuntu as the main OS on my computer but most of my junk is still on a large NTFS drive so it can be accessed by any OS. I fear that this NTFS drive is the weak point in my system as the directory structure is what the virus expects to find. at the very least I would suggest that anyone wanting to run wine should also have anti virus and scan anything with virus possibilities.
Scott 8)

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#12 Post by mikeb »

auto run file
windows no longer auto runs usb drives...perhaps the wine team need to check the latest security measures coming from redmond.

mike

Arthur
Posts: 15
Joined: Mon 10 Nov 2008, 05:46
Location: Earth

wine and viruses

#13 Post by Arthur »

Not involving wine but a friend saved a file onto his usb memory stick at an internet cafe and at the same time picked up a nasty autorun virus. Since I had set up his laptop with Puppy Linux he was not affected. However, problems started when he used his memory stick again to take a document to a friend to print it out. The virus was still there and tried to infect her machine when the usb stick was plugged in. I was asked to sort out the mess. She thought his machine was the source of the virus and was concerned that I was allowing him to pick up viruses using an unprotected linux system.....so perhaps a good idea to scan files to avoid infecting windows pcs by passing malware on.

User avatar
mikeslr
Posts: 3890
Joined: Mon 16 Jun 2008, 21:20
Location: 500 seconds from Sol

Wine & Windoz Viruses -- Build a Chinese Firewall

#14 Post by mikeslr »

Perhaps I'm being too naive. As I see it, the problem with viruses designed to run under Windows doesn't effect your Linux Operating System, and seldom Wine, but arises when you --having exposed a partition to viruses--boot into the Windows OS. There's an old Vaudeville Routine, Gallagher & Sheen if my memory serves me: One runs onto the stage, raises his arm above his head and says: "Dokta, Dokta, it hoitz ven I du dis!" The other replies, "Don't du dat!"
One of the advantages of Linux in general is that you don't have to use 50-odd Megs of RAM and considerable CPU to have Anti-malware always running.
Puppy does not automatically mount the drive/partition containing your Windows OS. Windows, unless you've installed the software, can't even read Linux partitions, SFSes, and (if you haven't done a Full install) the compressed Puppy OS files.
Step 1: Build a Chinese Firewall. (The term is used in the legal profession. In the US, when evidence is unlawfully obtained by one group of investigators, neither it nor any evidence obtained as a result of knowledge of it --"Fruit of the Poisonous Tree"--can be used in prosecution. However, evidence obtained by another group of investigators, acting without knowledge of the evidence obtained by the first group, can be used. The Chinese Firewall reflects the rule that the second group can't communicate with the first). Therefore, if necessary, defrag your Windows partition; then resize it to create a VFAT partition for shared data, and any shared portable apps that you'll run under Wine and Windows. Do not install software in Windows enabling it to read Linux partitions. Before accessing anything on the shared partition via Windows, scan it using on-demand anti-malware. Bitdefender has a free edition which is reasonably well thought of. After scanning you can move data you won't need while running Linux.
Step 2. Murphy's Law. There's a great program called ERUNT. Free. While I run Kaspersky's and have never had a virus/trojan problem, ERUNT has saved me several times from software installations which caused conflicts or which I decided I didn't want but couldn't remove without jumping thru hoops. ERUNT takes a snapshot of your current Registry and essential files and compresses it. Takes about 1 minute. Unlike Window's Restore, it doesn't eat up 10% of your hard-drive. Later, you can run ERUNT's ERDNT.EXE to return your system to the condition when the snapshot was taken. Executables installed after the snapshot will no longer run. Then you can run ccleaner, Eusing Free Registry Cleaner, and anti-malware to get rid of junk. If necessary, ERDNT.EXE can be run from a Rescue LiveCD.
Step 3: Protecting your Wine Registry. Imitating the ERUNT approach, you can copy Wine's system.reg, user.reg and userdef.reg files and archive them. Move the archive to your .wine folder. If at any time you even suspect wine has been invaded by malware, you can delete your current "wine system files" and extract your archived "wine system files." Immediately Reboot.
Step 4. Protecting your SAVE file. One of the advantages of a Frugal install is that its system files are compressed. Even the SAVE file is compressed until decompressed at bootup. It would take a dedicated miscreant to figure out how to decompress any of those files, edit them, and re-compress them, especially without you knowing of such events. The weak link is the SAVE file as, during operation, it is decompressed and any changes made during operation are saved. With the evolution of SFSes, much of your software need not be included in your SAVE file. Even apps designed only as pets can be converted to SFSes. Therefore, your SAVE file can be considerably smaller than if it had to include all your added software. Once you've configured your settings and installed only necessary pets and created a SAVE file just big enough to contain them, you can boot LiveCD "Puppy pfix=ram", create a folder 2 levels below the root of a partition into which you copy your SAVE file. By default, Puppies won't even offer to load SAVE files more than one-level below the root of a partition. Such "protected SAVE file" will remain compressed during operation. In the event of a problem, you can again boot LiveCD "Puppy pfix=ram", delete your working SAVE file and copy the "protected SAVE file" to the "working" location. Creating a "protected SAVE file" has a benefit beyond the potential malware situation. It enables you to test installations of applications without fear of irretrievably bonking your system.

You'll notice that Steps 3 & 4, which will take about 5 minutes of your time, are prudent precautions even if you never run Windows and malware didn't exit. And Step 2 is a prudent precaution if you run XP. (ERUNT is not currently available for Vista/Windows7).

mikesLr

somik
Posts: 3
Joined: Thu 08 Apr 2010, 02:34

#15 Post by somik »

tl;dr


Anyway, i was about to install wine onto my puppy linux. I run it off a pendrive. I guess i wont install wine anymore, instead, look for alternative softwares for my puppy.

OT: Anyone know a good media player? I tryed out VLC but it still wont read the .srt subtitles...


Also, is it possible to run wine in secure mode? I mean run wine as a user, instead of as root?

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#16 Post by Makoto »

In regard to VLC, try renaming the .srt file to the exact same name of the video:

videoname.avi
videoname.srt

...load the video and play it, see if the subtitles automatically play along with the video.

I think you normally have to load the subtitles and turn them on/activate them, otherwise.
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

lapis
Posts: 184
Joined: Mon 02 Jun 2008, 08:21

#17 Post by lapis »

somik wrote: OT: Anyone know a good media player? I tryed out VLC but it still wont read the .srt subtitles...
You can use smplayer/mplayer. You can specifically load a subtitle file or it will automatically load ones with the same name, change fonts/colour, raise/lower subtitles and speed up/down.

Post Reply