I recently made the switch from Windows Vista to Ubuntu and am in the process of figuring out how everything works and finding the software which I need.
With Vista I have always used Mailwasher to check my mails and delete anything which I don't need right away.
I have not found anything for Ubuntu which can do the same, so I was thinking to run Mailwasher via Wine to get the same results.
I have disabled the z:\ drive for Wine, but would like to know exactly how safe it is to keep this running.
More particularly, would it be possible for malicious code to be injected via Wine even while I am surfing with the Ubuntu Firefox browser? And if so, what damage could it do?
Wine & Windows viruses
-
roderakker
- Level 2
- Posts: 41
- Joined: Thu Mar 04, 2010 3:17 am
maybe this will answer your question
http://www.linux.com/archive/feed/42031
http://www.linux.com/archive/feed/42031
Hmmmm, but that post was written back in 2005.
Plus it is based on you actually running the virus.
What I would like to know is whether it is safe to run Wine, meaning that if you just have Wine running (and in my caee, Mailwasher within Wine), would there by any chance of my system getting infected with a Windows virus?
For example, if I put a Windows exe on my Ubuntu desktop and click it, Wine will run it. Suppose it was a virus, then it would be executed as well, albeit probably just within the Wine environment.
Now, suppose I am surfing and come across a site (without my knowledge) which has malware etc... would this cause my system to get infected as well or would I be safe?
Plus it is based on you actually running the virus.
What I would like to know is whether it is safe to run Wine, meaning that if you just have Wine running (and in my caee, Mailwasher within Wine), would there by any chance of my system getting infected with a Windows virus?
For example, if I put a Windows exe on my Ubuntu desktop and click it, Wine will run it. Suppose it was a virus, then it would be executed as well, albeit probably just within the Wine environment.
Now, suppose I am surfing and come across a site (without my knowledge) which has malware etc... would this cause my system to get infected as well or would I be safe?
Create a new wineprefix and sandbox it (meaning remove all references to / and /home/username), then run anything you don't trust in only that wineprefix... If it's a virus, you'll know quickly enough and you can clean up that wineprefix.Patrick70 wrote:Now, suppose I am surfing and come across a site (without my knowledge) which has malware etc... would this cause my system to get infected as well or would I be safe?
Generally, though, risk for getting a virus is VERY low. Especially since apps can't be launched right from your browser, it'll need your permission to download and run files.
-
Martin Gregorie
Wine & Windows viruses
On Tue, 2010-03-30 at 04:48 -0500, Patrick70 wrote:
conjunction with a mail server, thats usually Sendmail which is a bear
to configure but can be easily replaced. I prefer Postfix.
If your ISP has adequate spam and virus traps, just point your mail
reader at their mailserver and change the aliases on your internal mail
server to redirect system mail from root to your ISP account - this way
you'll see it as part of your normal mail stream.
OTOH, if you like to experiment, here's a summary the bits that are
typically used to assemble a small mailserver-based set-up. The key to
understanding it is that each item does just one task and does it well:
- I use the Postfix mailserver as the centre of the system.
- aliases redirect system mail to my usual login user
- getmail retrieves mail from my ISP usual POP3 and passes it
to Postfix.
- outbound mail goes through Postfix, which forwards it to my ISP's
mailserver
- Spamassassin is used by Postfix to mark up spam. It doesn't delete
anything, just marks mail as spam or not-spam. Most mail readers can
sort spam into separate folders or you can use procmail to delete spam
automatically.
- ClamAV does the same for virus detection. As an all-Linux set-up
I don't use any anti-virus software, but if I had Windows on my local
network I would use it.
- amavis-new can be used to manage Spamassin and Clamav on behalf of
Postfix but you don't have to use it.
- if you have several computers, the one running your central mailserver
must also run Dovecot, which provides POP3 or IMAP services to mail
readers on the other computers. They send mail to the central
mailserver using SMTP, which collates it and forwards it to the
outside world or to your other computers.
Once you have such a system running you can pretty much forget it
because it all "just works". I haven't changed my Postfix, getmail and
Dovecot configurations for over 5 years.
The only fiddling I do on anything like a regular basis is to write new
Spamassassin rules as new types of spam starts to appear - and I only do
that because its my equivalent of solving crosswords.
Martin
In Linux anti-spam and anti-virus packages are designed to run inI recently made the switch from Windows Vista to Ubuntu and am in the
process of figuring out how everything works and finding the software
which I need.
conjunction with a mail server, thats usually Sendmail which is a bear
to configure but can be easily replaced. I prefer Postfix.
If your ISP has adequate spam and virus traps, just point your mail
reader at their mailserver and change the aliases on your internal mail
server to redirect system mail from root to your ISP account - this way
you'll see it as part of your normal mail stream.
OTOH, if you like to experiment, here's a summary the bits that are
typically used to assemble a small mailserver-based set-up. The key to
understanding it is that each item does just one task and does it well:
- I use the Postfix mailserver as the centre of the system.
- aliases redirect system mail to my usual login user
- getmail retrieves mail from my ISP usual POP3 and passes it
to Postfix.
- outbound mail goes through Postfix, which forwards it to my ISP's
mailserver
- Spamassassin is used by Postfix to mark up spam. It doesn't delete
anything, just marks mail as spam or not-spam. Most mail readers can
sort spam into separate folders or you can use procmail to delete spam
automatically.
- ClamAV does the same for virus detection. As an all-Linux set-up
I don't use any anti-virus software, but if I had Windows on my local
network I would use it.
- amavis-new can be used to manage Spamassin and Clamav on behalf of
Postfix but you don't have to use it.
- if you have several computers, the one running your central mailserver
must also run Dovecot, which provides POP3 or IMAP services to mail
readers on the other computers. They send mail to the central
mailserver using SMTP, which collates it and forwards it to the
outside world or to your other computers.
Once you have such a system running you can pretty much forget it
because it all "just works". I haven't changed my Postfix, getmail and
Dovecot configurations for over 5 years.
The only fiddling I do on anything like a regular basis is to write new
Spamassassin rules as new types of spam starts to appear - and I only do
that because its my equivalent of solving crosswords.
Martin
-
David Gerard
Wine & Windows viruses
On 30 March 2010 10:48, Patrick70 <[email protected]> wrote:
sense, even if you delete the link to the fake z:\ drive.
In normal use, Wine is best used for running essential programs you
just happen to need to move from Windows to Unix.
If you really want to test possible malware, the ZeroWine approach is
to run the prospective malware in Wine on Debian running in a QEMU
virtual machine - that way the toxic waste is sandboxed such that it
can't break free to the host system.
If you want reasonable isolation, you could run Wine and programs in
it in a separate Unix username - this will isolate things from your
main account. Note that this is very fiddly and tedious and you get to
do it all yourself
- d.
As the FAQ notes, Wine doesn't sandbox programs in any meaningfulI have disabled the z:\ drive for Wine, but would like to know exactly how safe it is to keep this running.
More particularly, would it be possible for malicious code to be injected via Wine even while I am surfing with the Ubuntu Firefox browser? And if so, what damage could it do?
sense, even if you delete the link to the fake z:\ drive.
In normal use, Wine is best used for running essential programs you
just happen to need to move from Windows to Unix.
If you really want to test possible malware, the ZeroWine approach is
to run the prospective malware in Wine on Debian running in a QEMU
virtual machine - that way the toxic waste is sandboxed such that it
can't break free to the host system.
If you want reasonable isolation, you could run Wine and programs in
it in a separate Unix username - this will isolate things from your
main account. Note that this is very fiddly and tedious and you get to
do it all yourself
- d.
-
James Mckenzie
Wine & Windows viruses
Patrick70 <[email protected]> wrote:
James McKenzie
It still applies today, even more so.Hmmmm, but that post was written back in 2005.
Depends. If you use a Linux/Unix based mail reading/writing system, probably not. If you run a Windows based system, very likely you will get your Wine prefix infected and depending on which user you run under and what the virus does it may fully function.Plus it is based on you actually running the virus.
What I would like to know is whether it is safe to run Wine, meaning that if you just have Wine running (and in my caee,
Mailwasher within Wine), would there by any chance of my system getting infected with a Windows virus?
Again, it depends on what the virus does and what user is running the program. Most file infection viruses work like they are supposed to, but most other viruses do not.For example, if I put a Windows exe on my Ubuntu desktop and click it, Wine will run it. Suppose it was a virus, then it
would be executed as well, albeit probably just within the Wine environment.
Basically, you would be infected. What happens after this depends again on who was running Wine. The real bottom line is that Wine rates everyone as an Administrator for Windows purposes...Now, suppose I am surfing and come across a site (without my knowledge) which has malware etc... would this cause my system
to get infected as well or would I be safe?
James McKenzie
Re: Wine & Windows viruses
By compiling a windows executable in a non-standard way, e.g. linking it to Linux libc6, which is trivial enough to do that some beginning programmers do it accidentally, the virus have full read access to linux paths, e.g. /etc and system() calls regardless of whether Z:\ drive exists.The damage will be limited to the access rights of the account that runs wine. They had better not be a member of the disk group...
Root exploits are nothing new, but they never get old. http://blog.cr0.org/2009/07/old-school- ... ty-in.html
hellork other option is use a selinux sandbox.
Linking to libc6 is not required to get out of wine. Call some wine internal but exported functions even if z: is not mapped you can get files. How do you think wine loads its dll.so and exe.so files that are in /usr/*/lib/wine when z: is not mapped.
Basically wine is not a sandbox thinking it so will get you ass cooked.
If you don't want wine going places sandbox it by user by selinux by something.
Linking to libc6 is not required to get out of wine. Call some wine internal but exported functions even if z: is not mapped you can get files. How do you think wine loads its dll.so and exe.so files that are in /usr/*/lib/wine when z: is not mapped.
Basically wine is not a sandbox thinking it so will get you ass cooked.
If you don't want wine going places sandbox it by user by selinux by something.
-
Jim Hall
Wine & Windows viruses
On Wed, Mar 31, 2010 at 6:30 AM, Patrick70 <[email protected]>wrote:
purpoae that have no Linux equivalent come to mind. Example: I play WOW.
But, anything else I do, I do in Linux. And never at the same time. That may
be overdoing it, but ...
Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-us ... chment.htm>
True for most things. Games and apps that are necessary for a particularThanks everyone for the comments and suggestions.
I think the best thing to do is to forget about using Wine and try another
solution within Ubuntu. After all, using a Windows environment within Linux
(with all the possible consequences) kind of defies the point of using Linux
in the first place
purpoae that have no Linux equivalent come to mind. Example: I play WOW.
But, anything else I do, I do in Linux. And never at the same time. That may
be overdoing it, but ...
Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-us ... chment.htm>
