What.

[twigathy.livejournal.com]

So apparently wine is now good enough that a windows virus will work in it. Don't ask how this happened, because I'm not entirely sure myself.

Apologies in advance to 56kers for the Huge Image.

Comments

[the-reda.livejournal.com]

Part of me cannot help but gloat at all those 'oh so superiror ones' who looked down on us 'tools' who use a windows OS. I have been waiting for this. I have. I have. So many yummy totally unprotected computers out there ....

[dagbrown.livejournal.com]

WINE has been capable of running Windows viruses for years and years now, and you haven't heard any tales of virus-infested Linux boxes, have you?

Running Internet Explorer in Linux was the unwise move. Get rid of IE from a Windows box and you've more-or-less secured it against the worst of the you-stop-by-our-website-and-you're-infected nasties.

The cleanup for a Windows virus running on Linux would be pretty trivial--just kill all your WINE processes. It's not running as root, and it doesn't even realize that it's not running on Windows.

[the-reda.livejournal.com]

Linux is not my area. I just have some highly annoying accquaintances who cannot but lord the linux superiority over on anyone (not) willing to listen.
Thus this made me chuckle.

[pikaporeon.livejournal.com]

It hasn't changed the fact that they are right, however ; )

[ravenofdreams.livejournal.com]

Until I simply have the overOS eat the VM. Problem solved. (I've moved from WINE to VMWare; I know that this isn't exactly true for WINE. It's still not getting root, though.)

[mattcaron.livejournal.com]

Yes, because the way to get a virus on Linux is to.... emulate.. Windows...

Windows - a clear and present danger to the stability of the internet since 1995.

[tjernobyl.livejournal.com]

Google's not showing it to me right now, but I remember a couple years ago there were whoops and cheers when Wine first became capable of supporting the Melissa virus...

[geekgrrl-ca.livejournal.com]

Actually there's some on in the xkcd (irc://irc.xkcd.com/xkcd) irc community that has a vm "virus fishbowl" for quite a while now (I forget their name but I remember them talking about it).

there's also a comic about it http://xkcd.com/350/ but I'm not sure which came first, the comic or the actual virus infected system.

[yanni85.livejournal.com]

I had been wondering if someone actually did that. I'd love to see their setup.

[yozuki.livejournal.com]

What? WINE runs Windows programs. That is what a Windows Virus is isn't it?

[coyoteden.livejournal.com]

Exactly. Wine is a subsystem, not an emulator. Windows malware in Wine can hook a BHO into IE, spawn processes, and go nuts as your user account.

There's not much chance any windows app is going to get root, unless you a) run wine as root or b) there's a vulnerability in Wine.

Both are possible, but neither has to be the case for your files to be at risk. Your ~home is accessible by apps running under Wine, isn't it? Wine lets Windows apps run in Linux. Malware is malware. If it can run on your OS, it's dangerous.

[yozuki.livejournal.com]

As far as computer code is concerned, it is not safe from hackers. Supervisor mode has loops that can be found, as is evident by ROM only code circumvented by software. Computers are becoming more mainstream, virus attacks on them will become more common on the dominant OSes, and Linux and Mac are currently rising to power.

Linux and Mac aren't safe. I expect someone bored enough to make a virus with a payload, in the future.

[mattcaron.livejournal.com]

No, but they are better because it is much harder to do privilege escalation (Windows up to XP you just asked it nicely) and they compartmentalize things much more nicely, so damage to you is mitigated. Further (and this is specific to Linux systems here), the centralized package management systems make rolling out patches to your OS AND applications much easier - something which is lacking in Windows.

You could still get haxored and used in botnet, however.

[mouser.livejournal.com]

If I'm not mistaken, that one is more of a "hook" spyware - it's an IE add-on meant to make you THINK you've got an actual virus so you download their "helper" application which loads you with TONS of spyware.

My users get them one every six months despite my best (allowed) efforts.

[twigathy.livejournal.com]

Yep, that's exactly what it was. Very easy to get rid of.

I expect the virus piggybacked on top of a crack for a windows game which I couldn't run because wine doesn't quite support the copy protection (Like starforce) yet..

What I should probably make clear is that this didn't just appear magically through a vulnerability in some linux program.

[azleaneo.livejournal.com]

This is what I thought when it said 'probably infected' so click ok to 'donwload antispyware'