WINE: A New Place for KLEZ to Play? 318
An anonymous submitter sends in this cautionary tale about Wine being maybe a little too good at emulating Windows. Update: 10/23 21:05 GMT by M : Better links: mirror 1, mirror 2.
Memory fault - where am I?
Wine and / mounted as Z: ? (Score:5, Interesting)
I've just recently done a wineinstall to clean out my wine settings, and I don't have a Z:. Does that happen if you're running as root?
The only potential issue I can see is that your whole home directory is 'shared' between Linux and Wine by default.
Maybe I just read ~/ as /
Old Story, Kinda (Score:5, Interesting)
The good comes with the bad (Score:5, Interesting)
Re:Too good at emulating? (Score:1, Interesting)
Re:I'll say this only once... (Score:5, Interesting)
There was recently some discussion [winehq.com] on the Wine newsgroup about limiting emulated applications' access to the system. This could be handy for dealing with semi-malware or just programs that don't fully like the emulated environment (and might need to be prevented from doing too many suspicious is-it-really-Windows checks). The reply was that since a Wine emulated program is running as an ordinary executable, it could call Unix system calls anyway, so there would be little point (from a strict security point of view).
However, something like NetBSD's and OpenBSD's recently added feature to monitor system calls and define policies could potentially be very handy for running binary-only programs you don't fully trust: and of course most such programs are on the Windows platform.
Re:I'll say this only once... (Score:3, Interesting)
Speaking of Wine... (Score:2, Interesting)
Maybe I'm being paraniod here, but it looks like Linux Global Partners [linuxglobalpartners.com] is buying up lots of Linux technology. And given that Xandros doesn't follow the "free as in beer" model, I've got to wonder how this bodes for the future of Linux. I mean, the projects are still under GPL, but that doesn't mean it will be released for free [slashdot.org]. Clearly they are in this to turn a profit.
I guess the free ride has to end at some point.
SAMBA is also vunerable (Score:2, Interesting)
Klez crawls network shares. So if you saved a few bucks by setting up samba servers, you'd better be running antivirus on them.
If you've got an ftp site that Windows users are uploading files to, you'd better be running antivirus on them.
Sure, the virus won't run on Linux, but it'll still spread as soon as someone on a Windows box uses one of these files.
That is all.
Re:It's not a Wine problem... (Score:5, Interesting)
To me this sounds like a bug in the configuration rather than the software. And it does sound like a configuration mistake in the default install of this distribution.
Re:It's not a Wine problem... (Score:4, Interesting)
WINE FAQ argument backfires (Score:2, Interesting)
Excerpt:
[snip]Code Red did what any "virus" presented with a large homogeneous population would do: it infected more than 359.000 computers in just the first day.[snip]
It is only a matter of time before a more virulent worm appears. The only way to decrease its impact is to diversify the OS population. Because it is an alternate implementation of the Win32 API and runs on top of a completely different OS, Wine does not have the same flaws and thus can provide this needed diversity.
Re:i would think (Score:3, Interesting)
And WINE executed it anyway. Major blunder.
Which just sort of goes to show, Unix's executable permission bit, is really mostly just "advisory" and not really enforced by kernel. (How could it?) Filesystem permissions, feh.
Re:Slashdot crashed my machines (Score:1, Interesting)
I still think that a polite note on the bottom of a page that's been there for two and a half years is and should be sufficient.I naively thought that this would be sufficient for slashdot to not link. Checking the referrer would mean a twelve character regex being performed every single time the page is viewed.
This is a small site we're talking about with an average of 1200 hits a day and 4,000 hits on an excellent day. Do the math: 1200 * 365 * 2.5 * 12 = 13 million character comparisons, not including php overhead, for one link once in two and a half years.
Introducing checks into mainline code is something that should not be done trivially Tet. Don't take my word for it. Search in the LKML archives about it. Linus talks about it with the Linux kernel often
Detailed Klez Analysis (Score:3, Interesting)
http://www.virusbtn.com/resources/viruses/indepth