[Wine] Crazy (and just maybe awesome) idea: Winux

James McKenzie jjmckenzie51 at earthlink.net
Wed Mar 10 19:20:06 CST 2010 

oiaohm wrote:
> James McKenzie
>
>
>   
>> Actually, if a Linux or Windows system gets 'infected' it gets 'blown
>> away'. That is because you cannot ever be certain that all affected
>> files were removed, no matter what OS. Now, you can image any OS and
>> 'blow' it onto an empty hard drive. This is done all the time in
>> industry. The point is that there is a complete product suite to
>> monitor Windows systems, called SCCM/SCOM. I don't know of a similar
>> product for Linux, but there has to be one. This is where money is
>> really made.... 
>>     
>
>
> Myths again.  There is more than 1 way to clear a system ie blow it away.  Linux you can compare all application files install on a system to packages they came from and user data to backups and user data threw executable code clearing.  Ie only stuff without macros scripts... left.   It kinda impossible to sneak past a binary compare audit.  This can be done due to Linux's package management.  This is boot loaders kernels libs everything.
>
>   
I'm not disputing what you are saying.  I'm studying for my CISSP and I
have over 20 years of playing around with computers (try 29 to be
exact).  However, the ONLY sure way to entirely remove a virus is to
junk the computer and get another one.  That being said, you really
don't expect a company with 500+ computers to do this.  The next best
thing is to hit up the computer stores and get enough hard drives to
replace those in the infected machines and swap them out and build new
systems.
> All altered files from the infected system can be archived.   Ie the reduces the size of the data to backup from an infected system to prevent the infection causing data loss.
>   
HUH?  You should NEVER backup an infected file.  However what you are
suggesting is NOT a best practice, by far.  You replace the drive,
reload and recover from a non-infected backup.

Best practice is to pull the hard drive from a live system (this can be
done.)  Then you replace the drive, build on top and restore, restore,
restore.  This is what I did when I was infected.  Sadly, I had to run
through three backups before all was well. 

And yes, you can figure out what files belong to what application.  When
you are talking industry, we don't have the time.  If you fail, you have
less than 24 hours to be back up.  Otherwise and unless you occupy a
real niche, you might as well close down completely.  9/11/2001 taught a
lot of companies this lesson.

As to using Wine, it is not a sandbox.  Thus you can get a Windows virus
or worm infection and keep on keeping on.  Thus some sort of Windows
based AV is necessary until the solution you stated is ready, tested and
accepted.

The OP does and continues to have a valid point.  What good is Wine if
it emulates WindowsXP too good and it cannot stop the bad guys from
continuing to spread their 'badness'?  The simple explanation is that we
are dealing with a broken operating system that is like a good sieve. 
It stops only the big chunks of food, but the 'water' will flow
through.  The best program is user education.  That stops 99% of the
badness from getting through.   Sort of like adding several layers of
cheesecloth to the sieve.

BTW, in the early 1990s, NSA rated Window NT 3.51 SP 2 as safe.  All you
had to do is remove the NIC, floppy and CD drives.  No USB transmission
was allowed,  No modems.  Basically no outside connections of any kind. 
In this day, this would not be a very productive machine.

Very respectfully,

James McKenzie

More information about the wine-users mailing list