[Bug 11421] New: Wine makes possible for windows virus to work?
http://bugs.winehq.org/show_bug.cgi?id=11421 Summary: Wine makes possible for windows virus to work? Product: Wine Version: unspecified Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wineserver AssignedTo: wine-bugs(a)winehq.org ReportedBy: tsalacinski(a)gmail.com I know that it's too early to say this, but when Wine started to support Run and RunOnce registry entries, I have few Windows worms on my computer (I've been using ies4linux). Is this possible, that when for example virus developer will think about supporting Linux he will steal data? I think, yes. As we know, wine have access to the whole drive (most users have / configured as Z:\). If we have a virus installed in Run in the registry, and the virus will look for every drive in the system (especially for Z:\) it can try to detect if there is any Z:\home\[user] directory and it can steal data from it. Virus devs can even try to compile their viruses with libwine to check if they will work on Linux. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11421 Stefan Dösinger <stefandoesinger(a)gmx.at> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |stefandoesinger(a)gmx.at Status|UNCONFIRMED |RESOLVED Resolution| |INVALID --- Comment #1 from Stefan Dösinger <stefandoesinger(a)gmx.at> 2008-01-31 15:38:01 --- You're right on all points. Even more than that, a windows virus can do any Linux syscall via INT 0x80. So even without the Z:\ drive a Windows Virus running in Wine can do everything a Linux application running on the same account can do. This is not a bug though. This is a consequence of how Wine works. Wine is not a security sandbox. If you want to protect yourself against Windows viruses use any Linux or Windows based security software. For example, run Windows apps as a normal user, not root, and your Linux system can't be hurt. Run Windows apps in a chroot environment and they won't be able to access your data. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11421 James Hawkins <truiken(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from James Hawkins <truiken(a)gmail.com> 2008-01-31 15:40:28 --- Closing. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11421 Roderick Colenbrander <thunderbird2k(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |RESOLVED --- Comment #3 from Roderick Colenbrander <thunderbird2k(a)gmx.net> 2008-01-31 15:41:23 --- There is nothing around that prevents windows viruses from working on wine. We try to be like windows in every regard. In a few ways we are more safe as windows viruses can't gain root permissions and perform more nasty things. Second if you are worried you can remove the z: link, so that viruses won't see all of the system and only the wine c: drive. You can run anti-spyware tools or even a virus scanner on wine (some work). Sorry but there is nothing which we can do about. Further some people are planning to add a way to edit run/runonce settings without having to resort to regedit. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=11421 James Hawkins <truiken(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from James Hawkins <truiken(a)gmail.com> 2008-01-31 15:43:58 --- Um, closing again. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org