Re: [SLUG] wine and viruses

• Next message: Paul M Foster: "[SLUG] WNCLUG Bounces"
• Previous message: Ronald KA4INM Youvan: "Re: [SLUG] possible virus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Brian Coyle wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sunday 31 August 2003 23:14, ethan@ethanzimmerman.com wrote:
>
>>just out of curiosity has anyone ever tried to run windows viruses under
>>wine? In other words. does wine have complete compatability with windows
>>viruses? :-)

It's amazing how most simple Windows software runs without a hitch. It's
usually the larger applications that use obscure APIs or other
unimplemented interfaces that have a difficult time running under WINE
anymore.

Unfortunately, most Windows malware can be considered this simple.

Worms and Viruses need entry vectors, however, which WINE tends to quash
as a side-effect of its implementation.

> I seriously doubt Windows specific malware would function as expected
> under wine... The propagation code might work, but the initial vulnerability
> vector would be missing.

If you're using the WINE native DLLs, any exploit vectors will probably
not work (note: some APIs are emulated as "perfectly" as possbile,
including undocumented behaviors). If you're using the official
Microsoft DLLs in place of the WINE native DLLs, you are just as vulnerable.

As for "malware", generally yes. Most "malware" is aquired by clicking
on the wrong thing, or having an application (like Outlook) run an
attachment without your approval. Running Microsoft native software like
IE or Outlook under WINE is inviting bad things to happen.

> Now VMWare, Bochs, Plex86 or any other emulation system that requires a full
> copy of Windows under Linux, that's another story! :)

These are at least virtual machines, however: anything that happens to
them *should* remain within the virtual machine. Unfortunately, there
are ways to break outside many of these virtual machines (VMWare has an
API for doing just this) - making it difficult to truely sandbox malware
that is aware of such virtual environments (this is rare to the extreme,
but slowly catching on).

-- 
- Ian C. Blenke <icblenke@nks.net>
(This message bound by the following:
http://www.nks.net/email_disclaimer.html)
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

• Next message: Paul M Foster: "[SLUG] WNCLUG Bounces"
• Previous message: Ronald KA4INM Youvan: "Re: [SLUG] possible virus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:10:30 EDT