|
wine and viruses
:newbie:
Now I know 'wine is not an emulator', so I'm gathering that general emulated OS+virus logic might not apply. If a Windows program running wine has virus, what is the risk of that virus somehow staying resident in the linux OS? I'm gathering its not quite the same as running a virused Windows OS inside an emulator, since wine actually suppies the Windows API to the programs & lets them run somewhat natively. I'm a bit of a :newbie:, so no flames for not understanding something seemlying fundamental like this. |
given the file and permission structures of linux, there is little risk, true wine would potentially be able to host a virus, however it would not likely be able to do much to your system, and even if it did once wine was shut down it would be completely unable to do anything, however it may leave some dead files on your hdd but be assured they would be entirely non-volatile
|
How about a virus that can delete files? Wine has the ability to access some linux files, normally the files
in the user home directory. If one run wine with virus as a normal user, it will not damage the whole system, but i am afraid it can delete some personal user files, which are more important compared to the so-called system files. |
Still the virus would have to be programmed to attack those linux files ,and if its invected a windows filesystem, there is little chance it could like poly-morph into a linux virus. Basically the virus was made for windows not Linux ,and as far as the virus is concerned it "thinks" its on a windows box!
|
Hmmm.. Thanks for giving this some thought. What about say, a virus which is told to switch between drives (A:, B:, C:, D:, E:, uh whats next? oh yeah F: ) and decided to delete the whole drive?
Surely joe user has the ability to delete their own /home/joe directory? I gather it falls down to the user's permissions eh? I gather that trojan horses would have more luck in wine (provided there was no firewall beezwax going on). |
I doubt it would really do much at all, so long as your running wine as a normal user it probably wont even hurt anything in your home directory though it may very well destroy your installation of wine, thats probably it, however if you are as root it is possible that you could mess up a windows partition given that your running wine off of a real windows install and not a fake one
|
Quote:
You're not going to damage the system, but could easily destroy all your personal data. You're best off (if you must run wine) disabling virtual drives which access data outside fake windows. |
hm thats interesting. i should try running a trojan in wine and then see how it works from my dads computer on my network.. wonder what the screen captures would look like?
|
I would suggest you dont, or actually, that you do, but with precautions, while you do it remove all windows computers from the network and also make sure your network is not connected to the internet, if you want to see what it does to windows find an old pc and put windows on it or another hdd for your dads computer and then dont hook that drive up again on any network that has another windows computer or access to the internet until it has been reformatted, remember even if your dad is okay with the idea of it he may not like the results and hes not the only one who will have to deal with them if your connected to the internet, I know a trojan isnt a big deal but there is TRULY no sense in just adding to the problems on the internet already even if they dont directly affect you, all of us are affected in some way by viruses trojans worms and even things like spam in ways that are more than annoyances they DO cost us money, as a nation, as a world, through lost business, raised bandwidth cost, slower connections (more lost time that people pay for) and so on and so forth, not to mention all the computer literate OSS people who are too busy to work on their projects because they are fixing windows computers.
Anyways, I'm sure you didnt need that whole speech so I cut it short in the middle, in short take precautions so you dont spread the internet-hazard problem even if its only gonna do things to that "other" OS. Another suggestion, tar your hdd and back it up since you dont know what sort of things will be left on your computer, theyll be harmless but may be annoying trying to get rid of them and its good practice to back up anyways. If you dont back up everything at least back up your /home stuff for your sake. Sorry if this will seem like talking down to you I really dont know what level you are at, but the best way I've found to back up your hdd(partition by partition) is boot into a livecd, slackware, knoppix, damn small, gentoo, whatever as long as it has a CLI and tar since you are using gentoo I should hope you still have the livecd that will work perfectly now you need a separate partition, disk or other medium that is approximately 2/3 the size of all your data files boot into the livecd OR another linux install on the same computer mount the partitions you want to save cd to each partition in turn tar -cvjpf /wherever/your/empty/datapartitionis/fullbackup0x.tar.bz2 * reboot into your normal install to replace the files boot the livecd or other distro mount your partitions rm -rf /mnt/xxxx/* cd /mnt/xxxx/ tar -xvjpf /wherever/your/empty/datapartitionis/fullbackup0x.tar.bz2 at the very worst from here you would need to chroot into your distro and run /sbin/lilo but that is unlikely to happen and you can find the instructions from the gentoo website which I'm sure you already know Again, sorry if it feels like I am talking down to you by telling you all this stuff that you probably already know, I cant see your post count in the reply window and I am not familiar with your other posts I just want to give you all the forethought I can to save you some headaches if you do end up going through with this. Interesting test ideas 1. run the trojan first as a user without anything else on the network, I dont know how your network is set up but I would personally take my router and have only my one computer and the power plugged into it, see if anything happens. (worm/trojan only, a virus you need no networking for) 2. Next, do the same thing as root. 3. switch to just a network switch or hub with no firewall or router type protection for the rest of the tests, run as a user with a windows box hooked up on the network 4. run as root with a windows box on the network 5. run as user with a linux box on the network (analyze the webtraffic logs afterwards to investigate what your little friend is doing) 6. same as 5 but root 7. same as 5 and 6 but run the other linux box as root, look for a linux based worm online (yes there are some), and a windows one through wine and make every attempt to fix the victim box to be an open door to malicious code...see how hard it is, see just how open a linux box can be, see if you can set up defaults so it automatically runs .exe files through wine and see if you can get it infected with a windows worm/virus/trojan and if you can get it to act the same as a windows box ie: automatically attack other things on the network or send emails 8. use combinations of the above with different permission settings for your users see how locked down a normal user can be and oppositely how loose and dangerous you can get I would combine some of these tests, and save myself some time but I'm sure you can figure that out on your own. If you do these please please report back in detail on your findings, now that I've started thinking about it I may well do this myself as a refresher lesson in permissions, networking, security, and "getting that computer back up and running as fast as possible". It has truly been too long since I broke my system horribly, I've even gone to running as root 24/7 just in the hopes I'll make a mistake and giving myself an excuse to play. well its 1 in the morning here so I'll finish my work and go to bed and probably feel very appologetic for my ramblings tomorrow one last question of interest that I dont know the answer to, does wine have the permission to halt the system? as a user? as root? perhaps the a lovesan virus will tell us... OK...one more thought then I'm done for now I promise, I think I should check on google to see if this has been done before and if there is information about it, if not someone (I'll do it if no one else will but my html skills are nothing to be overly proud of) should make a small simple page explaining what happened, screenshots, notes, procedures, pictures, and whatever else they feel like. Either my meds are really kicking my arse or I'm rather excited about the prospect of trying all these tests and any others anyone else can come up with, it's been a while since I was able to find something in linux that I could teach to myself and even if wine is incapable of doing any of this I'll at least have done enough networking, permission stuff, and security to learn a bit and re-enforce what I already know. |
Wow, I made someone type all that? Yeah in short, you're probably better off running it all inside an emulator or something. Thats how I test trojans & things.
Although its my tradition that when I get new computer, I copy off my files and blast the hell out of the old one with viruses, trojans, everything, just to see it choke & die in the most violent way possible. Why? Cos if I tried doing that AFTER I smashed it with a sledgehammer, it wouldnt work! Silly. |
Quote:
|
My "stage 4 install" is to make it super small, somewhere there is a cflag that compiles super small code (though it breaks a lot of stuff and is slower) so, if you optimize for i486 and get a decent sized usb thumbdrive and a floppy disk that allows you to boot off of usb (most newish computers can do it automatically) you can fit gentoo onto your keyring and work like your at home anywhere you go. That can be done with a lot of distros if you work hard enough, gentoo is just the easiest to do it with. I'm done straying off topic though, I've never played with trojans, worms, or viruses before so this could be fun to see what they are capable of doing in a controlled setting, does anyone have any resources they could point me to so I can learn more about them as well as getting my hands on them to try? Also, as long as I'm wanting to play with network stuff in a controlled environment can you point me to resources on how to test my own security and beef it up ie: whitehat hacker sites. Any help would be appreciated, if I ever get around to what I described in my previous post I'll post results here and make a little site for it, dont count on it being soon though, I dont know if anyone else is actually interested in it so it will be pretty low on my priority scale, probably lower than sleep, but I'll get to it someday. (heh I have to be up in 2 hours, lucky me)
|
Quote:
http://www.subseven.ws/ - check here for some sub7 trojans. |
no, those flags are for optimizations, they will actually tend to make the code larger, which is why you must be careful which optimizations you use, the programs may execute faster but theyll take longer to load from your hdd which means you may well lose performance
|
it took quite a bit of searching, but I did find it, sorry for mistaking this for a flag read it a looong time ago but anyway if you try it have fun
http://forums.gentoo.org/viewtopic.php?t=72281 |
| All times are GMT -5. The time now is 07:21 AM. |