[Wine] wine and intrusion detection
wineforum-user at winehq.org
Tue May 22 23:02:45 CDT 2012
Saw a recent(ish) magazine article about product to surpass snort... 'snort sp'
That this is partially funded by US homeland.
Then read that it can run on mac and windows XP too.
So whereas WINE is not a full OS, which is great, I still wanted to say that an IDS would be ideal and simplest way to stop WINE being rootkit-ed. IMHO.
If the WINE community were to contact snort makers - they may put enough pressure on them to ensure that it is compatible/compliant.
why you ask?
I was running HPquickweb a while back as an alternative after a sustained attack, and found that someone was bombarding my PC with packets. i.e. I would be typing and found that there was a delay of 30 seconds before that letter would eventually be typed where the cursor was at that later stage. How the F* they could do this on the other side of a router - is beyond me. Maybe a flash backdoor, maybe. HP quickeb is a linux variant and does lack a firewall, but it is very lean.
Anyway - maybe it is just me but if you run virus protection and spyware addons and firewalls on something like windows - what is the point it a hacker can just rootkit you from underneath.
Hopefully others will see the benefit of WINE having an up to date IDS.
More information about the wine-users