[Wine] Wine runs your malware!
jjmckenzie51 at earthlink.net
Tue Feb 24 13:39:25 CST 2009
David Gerard <dgerard at gmail.com> wrote on Feb 24th:
>2009/2/24 kareeser <wineforum-user at winehq.org>:
>> Windows malware cannot affect the Linux filesystem, just as most viruses can't do much damage to a Linux filesystem.
>> It has to do with the limited permissions given. Therefore, if you get malware from using iexplore.exe, it will only affect files in your virtual WINE C drive.
>Ah, stuff running under Wine runs as you. So it can change any file
>you can. Which means your entire home directory, i.e. anything you
>actually care about.
>(For added points: a sufficiently obnoxious piece of malware could
>easily put itself in a quiet corner of your home folder, set itself to
>restart as a cron or at job, listen to the net on a high port as you,
>send email on port 25 as you ... that's just obvious stuff off the top
>of my head.)
At least Storm would not be able to function and you would definitely know it was there (it attempts to use port 25/SMTP). However, the person who blogged the article was not able to get a keylogger to run successfully. I consider that an improvement as a normal user running Wine should not be able to grab the keyboard. It will be interesting to see if this will be possible as improvements are made to Wine.
More information about the wine-users