I recently made the switch from Windows Vista to Ubuntu and am in the process of figuring out how everything works and finding the software which I need. With Vista I have always used Mailwasher to check my mails and delete anything which I don't need right away. I have not found anything for Ubuntu which can do the same, so I was thinking to run Mailwasher via Wine to get the same results. I have disabled the z:\ drive for Wine, but would like to know exactly how safe it is to keep this running. More particularly, would it be possible for malicious code to be injected via Wine even while I am surfing with the Ubuntu Firefox browser? And if so, what damage could it do?
maybe this will answer your question http://www.linux.com/archive/feed/42031
Hmmmm, but that post was written back in 2005. Plus it is based on you actually running the virus. What I would like to know is whether it is safe to run Wine, meaning that if you just have Wine running (and in my caee, Mailwasher within Wine), would there by any chance of my system getting infected with a Windows virus? For example, if I put a Windows exe on my Ubuntu desktop and click it, Wine will run it. Suppose it was a virus, then it would be executed as well, albeit probably just within the Wine environment. Now, suppose I am surfing and come across a site (without my knowledge) which has malware etc... would this cause my system to get infected as well or would I be safe?
http://wiki.winehq.org/FAQ#head-3cb8f054b33a63be30f98a1b6225d74e305a0459
On Tue, 2010-03-30 at 04:48 -0500, Patrick70 wrote:> I recently made the switch from Windows Vista to Ubuntu and am in the > process of figuring out how everything works and finding the software > which I need. >In Linux anti-spam and anti-virus packages are designed to run in conjunction with a mail server, thats usually Sendmail which is a bear to configure but can be easily replaced. I prefer Postfix. If your ISP has adequate spam and virus traps, just point your mail reader at their mailserver and change the aliases on your internal mail server to redirect system mail from root to your ISP account - this way you'll see it as part of your normal mail stream. OTOH, if you like to experiment, here's a summary the bits that are typically used to assemble a small mailserver-based set-up. The key to understanding it is that each item does just one task and does it well: - I use the Postfix mailserver as the centre of the system. - aliases redirect system mail to my usual login user - getmail retrieves mail from my ISP usual POP3 and passes it to Postfix. - outbound mail goes through Postfix, which forwards it to my ISP's mailserver - Spamassassin is used by Postfix to mark up spam. It doesn't delete anything, just marks mail as spam or not-spam. Most mail readers can sort spam into separate folders or you can use procmail to delete spam automatically. - ClamAV does the same for virus detection. As an all-Linux set-up I don't use any anti-virus software, but if I had Windows on my local network I would use it. - amavis-new can be used to manage Spamassin and Clamav on behalf of Postfix but you don't have to use it. - if you have several computers, the one running your central mailserver must also run Dovecot, which provides POP3 or IMAP services to mail readers on the other computers. They send mail to the central mailserver using SMTP, which collates it and forwards it to the outside world or to your other computers. Once you have such a system running you can pretty much forget it because it all "just works". I haven't changed my Postfix, getmail and Dovecot configurations for over 5 years. The only fiddling I do on anything like a regular basis is to write new Spamassassin rules as new types of spam starts to appear - and I only do that because its my equivalent of solving crosswords. Martin
On 30 March 2010 10:48, Patrick70 <wineforum-user at winehq.org> wrote:> I have disabled the z:\ drive for Wine, but would like to know exactly how safe it is to keep this running. > More particularly, would it be possible for malicious code to be injected via Wine even while I am surfing with the Ubuntu Firefox browser? And if so, what damage could it do?As the FAQ notes, Wine doesn't sandbox programs in any meaningful sense, even if you delete the link to the fake z:\ drive. In normal use, Wine is best used for running essential programs you just happen to need to move from Windows to Unix. If you really want to test possible malware, the ZeroWine approach is to run the prospective malware in Wine on Debian running in a QEMU virtual machine - that way the toxic waste is sandboxed such that it can't break free to the host system. If you want reasonable isolation, you could run Wine and programs in it in a separate Unix username - this will isolate things from your main account. Note that this is very fiddly and tedious and you get to do it all yourself ;-) - d.
Patrick70 <wineforum-user at winehq.org> wrote:> >Hmmmm, but that post was written back in 2005.It still applies today, even more so.>Plus it is based on you actually running the virus. >What I would like to know is whether it is safe to run Wine, meaning that if you just have Wine running (and in my caee, >Mailwasher within Wine), would there by any chance of my system getting infected with a Windows virus?Depends. If you use a Linux/Unix based mail reading/writing system, probably not. If you run a Windows based system, very likely you will get your Wine prefix infected and depending on which user you run under and what the virus does it may fully function.> >For example, if I put a Windows exe on my Ubuntu desktop and click it, Wine will run it. Suppose it was a virus, then it >would be executed as well, albeit probably just within the Wine environment.Again, it depends on what the virus does and what user is running the program. Most file infection viruses work like they are supposed to, but most other viruses do not.>Now, suppose I am surfing and come across a site (without my knowledge) which has malware etc... would this cause my system >to get infected as well or would I be safe?Basically, you would be infected. What happens after this depends again on who was running Wine. The real bottom line is that Wine rates everyone as an Administrator for Windows purposes... James McKenzie
[Arrow] By compiling a windows executable in a non-standard way, e.g. linking it to Linux libc6, which is trivial enough to do that some beginning programmers do it accidentally, the virus have full read access to linux paths, e.g. /etc and system() calls regardless of whether Z:\ drive exists. The damage will be limited to the access rights of the account that runs wine. They had better not be a member of the disk group... Root exploits are nothing new, but they never get old. http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html
On Wed, Mar 31, 2010 at 6:30 AM, Patrick70 <wineforum-user at winehq.org>wrote:> Thanks everyone for the comments and suggestions. > > I think the best thing to do is to forget about using Wine and try another > solution within Ubuntu. After all, using a Windows environment within Linux > (with all the possible consequences) kind of defies the point of using Linux > in the first place ;-) > > > >True for most things. Games and apps that are necessary for a particular purpoae that have no Linux equivalent come to mind. Example: I play WOW. But, anything else I do, I do in Linux. And never at the same time. That may be overdoing it, but ... Jim -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.winehq.org/pipermail/wine-users/attachments/20100401/cd4ee407/attachment.htm>