http://bugs.winehq.org/show_bug.cgi?id=11421
Summary: Wine makes possible for windows virus to work? Product: Wine Version: unspecified Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wineserver AssignedTo: wine-bugs@winehq.org ReportedBy: tsalacinski@gmail.com
I know that it's too early to say this, but when Wine started to support Run and RunOnce registry entries, I have few Windows worms on my computer (I've been using ies4linux).
Is this possible, that when for example virus developer will think about supporting Linux he will steal data? I think, yes.
As we know, wine have access to the whole drive (most users have / configured as Z:). If we have a virus installed in Run in the registry, and the virus will look for every drive in the system (especially for Z:) it can try to detect if there is any Z:\home[user] directory and it can steal data from it.
Virus devs can even try to compile their viruses with libwine to check if they will work on Linux.
http://bugs.winehq.org/show_bug.cgi?id=11421
Stefan Dösinger stefandoesinger@gmx.at changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |stefandoesinger@gmx.at Status|UNCONFIRMED |RESOLVED Resolution| |INVALID
--- Comment #1 from Stefan Dösinger stefandoesinger@gmx.at 2008-01-31 15:38:01 --- You're right on all points. Even more than that, a windows virus can do any Linux syscall via INT 0x80. So even without the Z:\ drive a Windows Virus running in Wine can do everything a Linux application running on the same account can do.
This is not a bug though. This is a consequence of how Wine works. Wine is not a security sandbox. If you want to protect yourself against Windows viruses use any Linux or Windows based security software. For example, run Windows apps as a normal user, not root, and your Linux system can't be hurt. Run Windows apps in a chroot environment and they won't be able to access your data.
http://bugs.winehq.org/show_bug.cgi?id=11421
James Hawkins truiken@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #2 from James Hawkins truiken@gmail.com 2008-01-31 15:40:28 --- Closing.
http://bugs.winehq.org/show_bug.cgi?id=11421
Roderick Colenbrander thunderbird2k@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |RESOLVED
--- Comment #3 from Roderick Colenbrander thunderbird2k@gmx.net 2008-01-31 15:41:23 --- There is nothing around that prevents windows viruses from working on wine. We try to be like windows in every regard. In a few ways we are more safe as windows viruses can't gain root permissions and perform more nasty things.
Second if you are worried you can remove the z: link, so that viruses won't see all of the system and only the wine c: drive.
You can run anti-spyware tools or even a virus scanner on wine (some work). Sorry but there is nothing which we can do about. Further some people are planning to add a way to edit run/runonce settings without having to resort to regedit.
http://bugs.winehq.org/show_bug.cgi?id=11421
James Hawkins truiken@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from James Hawkins truiken@gmail.com 2008-01-31 15:43:58 --- Um, closing again.
-
wine-bugs@winehq.org