wine users - Nov 2005 - do I have to worry if executing an exe that may contain a virus under Wine?

Hi, I have a question:
do I have to worry if I run with wine an executable that may contain a
virus (I am running linux as  a normal user, not root)?

-- 
Peter Kostov, webdesigner, photographer
Sofia, Bulgaria

Home sites - www.webdesign.light-bg.com
           - www.light-bg.com

On 11/8/05, peter kostov <fedora@light-bg.com>
wrote:
> Hi, I have a question:
> do I have to worry if I run with wine an executable that may contain a
> virus (I am running linux as  a normal user, not root)?
>
It shouldn't be a problem.  Your .wine/drive_c *may* be infected, but
even if that happens you can just rm -r .wine.  I say *may* because
most viruses rely on very specific internal windows behavior or bugs
to latch onto the system, and it's possible we don't replicate
whatever behavior the virus is expecting.  I think it's fun to try
running .exe's I know are viruses in wine, just to see if it will
work.  The only think that might be of concern is if H: is mapped to
your home directory, which I think it is by default now.  I'm not sure
if the virus would be able to get out to your home folder and corrupt
those files or not.  One thing is certain, just to be safe, don't run
as root like you said.

--
James Hawkins

In basic, I would say "no".

Here's a good read:
http://www.winehq.com/?issue=259#Wine%20&%20Viruses

Hiji

--- peter kostov <fedora@light-bg.com> wrote:
> Hi, I have a question:
> do I have to worry if I run with wine an executable
> that may contain a
> virus (I am running linux as  a normal user, not
> root)?
> 
> -- 
> Peter Kostov, webdesigner, photographer
> Sofia, Bulgaria
> 
> Home sites - www.webdesign.light-bg.com
>            - www.light-bg.com 
> 
> 
> _______________________________________________
> wine-users mailing list
> wine-users@winehq.org
> http://www.winehq.org/mailman/listinfo/wine-users
> 


		
__________________________________ 
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com

Hi Peter,

I think there are two different answers:

In principle, an executable that you run as a user under Wine can do
anything that a malicious Linux executable could do.  So it could
potentially mess up your user's account.  There's no special protection
from malicious programs that comes from running under Wine.

However, a Windows virus or other malicious program that doesn't know
anything about Wine or Linux isn't very likely to do that.  Any harmful
effects will probably be limited to your fake Windows directory, and a lot
of things that a virus might try to do won't work at all.

- Walter



On Tue, 8 Nov 2005, peter kostov wrote:
> Hi, I have a question:
> do I have to worry if I run with wine an executable that may contain a
> virus (I am running linux as  a normal user, not root)?
>
> --
> Peter Kostov, webdesigner, photographer
> Sofia, Bulgaria
>
> Home sites - www.webdesign.light-bg.com
>            - www.light-bg.com
>
>
> _______________________________________________
> wine-users mailing list
> wine-users@winehq.org
> http://www.winehq.org/mailman/listinfo/wine-users
>

I was thinking about this the other day, i decided the only really
security danger would be if the sender knew i was running wine....

not very likely I think. but i got this mail to this address with just
the attachment info.exe. it's a public address, so nothing unusual. i
get them from time to time, lately from china. But this one was from the
mail address quantum_leap@liberto.it

I sent one back and didnt get a miss delivery. liberto seems to be an
italian portal.

the address was so similar to mine to made me stop. Did the virus manage
to run a dictonary, find a connection to my mail and then mail me? i
doubt it. could I easily decompile it and look at its system calls?

a coinsidence ??

I hex edited it. nothing I recognised.
I may play more with this on later.





peter kostov wrote:
>Hi, I have a question:
>do I have to worry if I run with wine an executable that may contain a
>virus (I am running linux as  a normal user, not root)?
>
>  
>

> I was thinking about this the other day, i decided
> the only really
> security danger would be if the sender knew i was
> running wine....
>From my previous reply:
http://www.winehq.com/?issue=259#Wine%20&%20Viruses

Hiji

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

On 11/10/05, James Hawkins <truiken@gmail.com>
wrote:
> On 11/10/05, Sylvain Petreolle <spetreolle@yahoo.fr> wrote:
> > Files are still at risk since the virus has _read_ access on them.
> > As an example viruses replicate by reading mail adresses into files.
> >
>
> The only way you could store personal information outside of your home
> directory is by running as root, which is always a bad idea.
>
> --
> James Hawkins
Right. But, for instance, if he executed some exe file that had a
virus in it, and the virus found some data file to infect, then the
virus is there. It may not matter on his system, but should he send
that file on to someone else then he would be transmitting a virus to
others.

Correct?

- Mark

James Hawkins wrote:
> On 11/10/05, Sylvain Petreolle <spetreolle@yahoo.fr> wrote:
> 
>>Files are still at risk since the virus has _read_ access on them.
>>As an example viruses replicate by reading mail adresses into files.
>>
> 
> 
> The only way you could store personal information outside of your home
> directory is by running as root, which is always a bad idea.

Not necessarily.  I have a data partition formatted as FAT32 to be 
shared between Linux and Windows 2000.  This partition is mounted under 
a "windisk" group which has R/W permissions (umask 0007).  I can then 
work with my OOo documents whether booted to Win or Linux, and I also 
have Thunderbird under each pointing to the same mail files.

Good catch, James.
I didnt even think about this one.
--- "James E. LaBarre" <jamesl@bestweb.net> a ?crit :
> James Hawkins wrote:
> > On 11/10/05, Sylvain Petreolle <spetreolle@yahoo.fr> wrote:
> > 
> >>Files are still at risk since the virus has _read_ access on them.
> >>As an example viruses replicate by reading mail adresses into
files.
> >>
> > 
> > 
> > The only way you could store personal information outside of your home
> > directory is by running as root, which is always a bad idea.
> 
> 
> Not necessarily.  I have a data partition formatted as FAT32 to be 
> shared between Linux and Windows 2000.  This partition is mounted under 
> a "windisk" group which has R/W permissions (umask 0007).  I can
then
> work with my OOo documents whether booted to Win or Linux, and I also 
> have Thunderbird under each pointing to the same mail files.
> 
Kind regards,
Sylvain Petreolle (aka Usurp)
--- --- --- --- --- --- --- --- --- --- --- --- ---
Tired of a proprietary Windows on your computer ?
Use free ReactOS instead ( http://www.reactos.org )