Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 22 Nov 2014, 12:54
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
issues with wine running viruses
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [17 Posts]   Goto page: 1, 2 Next
Author Message
37fleetwood


Joined: 09 Aug 2007
Posts: 403

PostPosted: Sun 09 Nov 2008, 08:29    Post subject:  issues with wine running viruses
Subject description: might be a serious issue for Puppy users
 

ok, I didn't know exactly where to put this post but I think this is a very serious issue for Puppy users since Puppy has us running as root. I found this on the Ubuntu forum after google searching for information on viruses in wine.

http://ubuntuforums.org/showthread.php?t=72598

on the older versions of wine it seemed that in order to run an .exe file you had to open the wine browser but in the newer versions of wine this is not the case, you can click on an .exe anywhere and it will open.
the issue compounds when you run as root because the virus theoretically has the ability to change anything it likes.
viruses don't run correctly in Linux but to some degree they will run.
my advice is if you are going to run wine run clam av as well and scan everything for windows.
the glaring thing about the article was just how the guys there avoided the obvious issue, that the most common way of getting a virus in wine is pirated software. most of us are kinda used to things being free and Linux users seem to be of the more adventurous ilk but I advise against this type of piracy not only because it is illegal but it seems that it is also possibly unsafe.
for legitimate wine users I can't imagine a way of running into this problem as you would have to be running a browser or mail client in wine for it to open something you didn't want it to, wouldn't you? the simple precaution of not opening something you shouldn't anyway may basically suffice to keep you safe.
could some of you who are more knowledgeable comment on this please.
thanks
Scott Cool
Back to top
View user's profile Send private message 
Béèm


Joined: 21 Nov 2006
Posts: 11782
Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win

PostPosted: Sun 09 Nov 2008, 08:50    Post subject:  

What I understand from the referenced post is, that it only affects the wine install.
_________________
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
Consult Wikka
Use peppyy's puppysearch
Back to top
View user's profile Send private message 
37fleetwood


Joined: 09 Aug 2007
Posts: 403

PostPosted: Sun 09 Nov 2008, 10:48    Post subject:  

I thought it said it copied files as far as it had permission and only got so far because the guy was running as user rather than root. the one guy found 1300? virus files all over his system. this thing can spread files to any directory that is accessible as root which is every single one in Puppy. the one the guy tested only went as far as copying itself all over the place (which for certain systems could be disasterous, say a dual boot with Windows where it would find the directory structure it expects to find) the other kinds of viruses discussed were the key loggers and other such which could actually do what they were designed to do. the overall threat is possibly small compared to windows but it is still there and also one of the stress points they were making was that the damage was minimized due to the fact that access as root was denied, this however is not the case in puppy.
Scott Cool
Back to top
View user's profile Send private message 
Béèm


Joined: 21 Nov 2006
Posts: 11782
Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win

PostPosted: Sun 09 Nov 2008, 12:20    Post subject:  

If you go unprotected at the net, you can expect illness.
I have a dual boot XP/Puppy.
I never had a virus in Puppy.

_________________
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
Consult Wikka
Use peppyy's puppysearch
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8637

PostPosted: Sun 09 Nov 2008, 13:50    Post subject:  

Hmm well for example wine usually has c:\ and z:\... z:\='\' in puppy to give wine access to the full file system (as root). Now viruses tend to target know windows folders/files eg to use IE to restansmit themselves so would not normally even bother with a z:\ drive as mentioned in the article only the .wine folder would be affected...but that doesn't actually feel very secure.

Another point is the usual way in for windows is IE and open ports like 135...neither normally apply to wine but there is available true IE for wine for testing purposes...the developers themselves say it is risky using it.

As a side note I have deliberatly tried dodgy sites and exe files in puppy and in windows with IE removed and apart from crashing firefox or using 100% cpu until killed no other damage was done....hence my feeling that a 'standard' windows setup is what is normally targetted.

One other point....I never have c:\ mounted in puppy when running wine....there is a known bug that programs run in wine from there (as root) can wipe the mbr and its's true.
I even had one program....a game emulator...wipe it without c:\ mounted.

Wine attempts to mimic windows..bugs and all...so always be cautious with it

regards

mike
Back to top
View user's profile Send private message 
bdup12

Joined: 11 Nov 2008
Posts: 8
Location: Florida

PostPosted: Fri 14 Nov 2008, 21:29    Post subject: viruses
Subject description: viruses
 

So what you guys are saying is that there is a problem, with the program Wine and its kind of like a virus that messes with the drives?
And if im right how harmful is it to us puppy users?

P.S. how come bill or other XP users gave us viruses?
Back to top
View user's profile Send private message 
37fleetwood


Joined: 09 Aug 2007
Posts: 403

PostPosted: Fri 14 Nov 2008, 23:52    Post subject:  

the viruses don't really work in Linux but can sort of run in wine.
usually this is safeguarded by the typical linux install running in user and not root. Puppy runs as root which means that linux can't really protect itself.
again the viruses don't really work but what has happened was that the virus started copying itself and other new viruses as far and wide as it could.
if you run on a computer which has windows installed I am guessing that there is at least the chance it could screw things up a bit.
as far as linux is concerned it won't do much except fill up your hard drive with viruses that don't really work, at which time you have to go back through and find and delete them all, and maybe mess with your wine install.
my concern is the viruses that target hardware firmware, or fat tables, etc. could a virus run under wine in linux run as root succeed in attacking my firmware or boot tables and such on fat32 or ntfs drives? of course I understand that the typical virus doesn't really do anything in Linux but is it possible that the combination of wine and running in root leave us vulnerable especially with windows partitions?
Scott Cool
Back to top
View user's profile Send private message 
cb88


Joined: 28 Jan 2007
Posts: 1169
Location: USA

PostPosted: Sat 15 Nov 2008, 01:05    Post subject:  

there is VERY little chance that a virus running in wine could damage your HW since the HW access in linux is not the same as windows and wine does not implement hardly any of it

it mostly only implements sounds gui and directx apis

which only give access to functions exposed securely by Linux

_________________
Taking Puppy Linux to the limit of perfection. meanwhile try "puppy pfix=duct_tape" kernel parem eater.
X86: Sager NP6110 3630QM 16GB ram, Tyan Thunder 2 2x 300Mhz
Sun: SS2 , LX , SS5 , SS10 , SS20 ,Ultra 1, Ultra 10 , T2000
Mac: Platinum Plus, SE/30
Back to top
View user's profile Send private message Visit poster's website 
mikeb


Joined: 23 Nov 2006
Posts: 8637

PostPosted: Sat 15 Nov 2008, 01:41    Post subject:  

To put things in proportion the 4 main vunerabilities in windows are IE integration activex, the zone system and open ports...wine does not suffer from these normally..linux is secure by default and the sort of software most use on wine would not infringe on this.

Just bear in mind that you are using a form of windows and are running as root...use reasonable caution and common sense.

Quote:
P.S. how come bill or other XP users gave us viruses?

I have never been convinced by the competancy of microsoft's programmers...particularily the non business side (95/98/me)..most of the good stuff was written or plagarised from other companies. They created an OS that was wide open to attack and sold it to everybody...irresponsible if you ask me.
And instead of removing the cause they simply patch up the holes...('Are you sure you want to press that key Dave')

Sleep soundly

mike
Back to top
View user's profile Send private message 
Arthur

Joined: 10 Nov 2008
Posts: 15
Location: Earth

PostPosted: Sat 15 Nov 2008, 21:19    Post subject: windows problems come with wine
Subject description: virus ms32dll.vbs
 

While connecting a selection of external hard drives and pens this virus which comes with an auto run file managed to spread itself onto every drive and partition. This was using wine with puppy dingo. Wine version 1. Puppy 4.0. I don't run wine since that experience!
Back to top
View user's profile Send private message 
37fleetwood


Joined: 09 Aug 2007
Posts: 403

PostPosted: Sat 15 Nov 2008, 21:39    Post subject:  

this is exactly the concern I wanted to express, inexperienced Linux users such as myself need to be warned to be careful when using wine in Linux generally, and Puppy specifically. as a root user, wine can allow viruses to do bad things. just because it won't be as bad as it would be in windows, it doesn't mean bad things won't happen. I am currently running Xubuntu as the main OS on my computer but most of my junk is still on a large NTFS drive so it can be accessed by any OS. I fear that this NTFS drive is the weak point in my system as the directory structure is what the virus expects to find. at the very least I would suggest that anyone wanting to run wine should also have anti virus and scan anything with virus possibilities.
Scott Cool
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8637

PostPosted: Sat 15 Nov 2008, 22:04    Post subject:  

Quote:
auto run file


windows no longer auto runs usb drives...perhaps the wine team need to check the latest security measures coming from redmond.

mike
Back to top
View user's profile Send private message 
Arthur

Joined: 10 Nov 2008
Posts: 15
Location: Earth

PostPosted: Mon 05 Apr 2010, 07:32    Post subject: wine and viruses  

Not involving wine but a friend saved a file onto his usb memory stick at an internet cafe and at the same time picked up a nasty autorun virus. Since I had set up his laptop with Puppy Linux he was not affected. However, problems started when he used his memory stick again to take a document to a friend to print it out. The virus was still there and tried to infect her machine when the usb stick was plugged in. I was asked to sort out the mess. She thought his machine was the source of the virus and was concerned that I was allowing him to pick up viruses using an unprotected linux system.....so perhaps a good idea to scan files to avoid infecting windows pcs by passing malware on.
Back to top
View user's profile Send private message 
mikeslr


Joined: 16 Jun 2008
Posts: 817
Location: Union New Jersey USA

PostPosted: Mon 05 Apr 2010, 12:56    Post subject: Wine & Windoz Viruses -- Build a Chinese Firewall  

Perhaps I'm being too naive. As I see it, the problem with viruses designed to run under Windows doesn't effect your Linux Operating System, and seldom Wine, but arises when you --having exposed a partition to viruses--boot into the Windows OS. There's an old Vaudeville Routine, Gallagher & Sheen if my memory serves me: One runs onto the stage, raises his arm above his head and says: "Dokta, Dokta, it hoitz ven I du dis!" The other replies, "Don't du dat!"
One of the advantages of Linux in general is that you don't have to use 50-odd Megs of RAM and considerable CPU to have Anti-malware always running.
Puppy does not automatically mount the drive/partition containing your Windows OS. Windows, unless you've installed the software, can't even read Linux partitions, SFSes, and (if you haven't done a Full install) the compressed Puppy OS files.
Step 1: Build a Chinese Firewall. (The term is used in the legal profession. In the US, when evidence is unlawfully obtained by one group of investigators, neither it nor any evidence obtained as a result of knowledge of it --"Fruit of the Poisonous Tree"--can be used in prosecution. However, evidence obtained by another group of investigators, acting without knowledge of the evidence obtained by the first group, can be used. The Chinese Firewall reflects the rule that the second group can't communicate with the first). Therefore, if necessary, defrag your Windows partition; then resize it to create a VFAT partition for shared data, and any shared portable apps that you'll run under Wine and Windows. Do not install software in Windows enabling it to read Linux partitions. Before accessing anything on the shared partition via Windows, scan it using on-demand anti-malware. Bitdefender has a free edition which is reasonably well thought of. After scanning you can move data you won't need while running Linux.
Step 2. Murphy's Law. There's a great program called ERUNT. Free. While I run Kaspersky's and have never had a virus/trojan problem, ERUNT has saved me several times from software installations which caused conflicts or which I decided I didn't want but couldn't remove without jumping thru hoops. ERUNT takes a snapshot of your current Registry and essential files and compresses it. Takes about 1 minute. Unlike Window's Restore, it doesn't eat up 10% of your hard-drive. Later, you can run ERUNT's ERDNT.EXE to return your system to the condition when the snapshot was taken. Executables installed after the snapshot will no longer run. Then you can run ccleaner, Eusing Free Registry Cleaner, and anti-malware to get rid of junk. If necessary, ERDNT.EXE can be run from a Rescue LiveCD.
Step 3: Protecting your Wine Registry. Imitating the ERUNT approach, you can copy Wine's system.reg, user.reg and userdef.reg files and archive them. Move the archive to your .wine folder. If at any time you even suspect wine has been invaded by malware, you can delete your current "wine system files" and extract your archived "wine system files." Immediately Reboot.
Step 4. Protecting your SAVE file. One of the advantages of a Frugal install is that its system files are compressed. Even the SAVE file is compressed until decompressed at bootup. It would take a dedicated miscreant to figure out how to decompress any of those files, edit them, and re-compress them, especially without you knowing of such events. The weak link is the SAVE file as, during operation, it is decompressed and any changes made during operation are saved. With the evolution of SFSes, much of your software need not be included in your SAVE file. Even apps designed only as pets can be converted to SFSes. Therefore, your SAVE file can be considerably smaller than if it had to include all your added software. Once you've configured your settings and installed only necessary pets and created a SAVE file just big enough to contain them, you can boot LiveCD "Puppy pfix=ram", create a folder 2 levels below the root of a partition into which you copy your SAVE file. By default, Puppies won't even offer to load SAVE files more than one-level below the root of a partition. Such "protected SAVE file" will remain compressed during operation. In the event of a problem, you can again boot LiveCD "Puppy pfix=ram", delete your working SAVE file and copy the "protected SAVE file" to the "working" location. Creating a "protected SAVE file" has a benefit beyond the potential malware situation. It enables you to test installations of applications without fear of irretrievably bonking your system.

You'll notice that Steps 3 & 4, which will take about 5 minutes of your time, are prudent precautions even if you never run Windows and malware didn't exit. And Step 2 is a prudent precaution if you run XP. (ERUNT is not currently available for Vista/Windows7).

mikesLr
Back to top
View user's profile Send private message 
somik

Joined: 07 Apr 2010
Posts: 3

PostPosted: Wed 07 Apr 2010, 22:40    Post subject:  

tl;dr


Anyway, i was about to install wine onto my puppy linux. I run it off a pendrive. I guess i wont install wine anymore, instead, look for alternative softwares for my puppy.

OT: Anyone know a good media player? I tryed out VLC but it still wont read the .srt subtitles...


Also, is it possible to run wine in secure mode? I mean run wine as a user, instead of as root?
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [17 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1000s ][ Queries: 11 (0.0034s) ][ GZIP on ]