[GRLUG] Adware on Linux (Wine)?

Michael Mol mikemol at gmail.com
Wed Jan 14 15:59:08 EST 2009


On Wed, Jan 14, 2009 at 3:47 PM, Tim Schmidt <timschmidt at gmail.com> wrote:
> On Wed, Jan 14, 2009 at 2:21 PM, Casey DuBois <casey at grlug.org> wrote:
>> Hello All,
>>
>> This is a link I received from the GR-ISSA group and wanted to share.
>>
>> http://philosecurity.org/2009/01/12/interview-with-an-adware-author
>
> Yup.  Wine's been capable of running adware, malware, viri, and other
> malodorous things for quite some time.  They're just applications
> after all.

While it should be obvious, it's worth noting that, due to the way
WINE is implemented, it's pretty much its own sandbox.
CreateRemoteThread() will work fine if you want to attach a thread to
a Windows process.  Not so much if you want to attach to a Linux
process from within WINE.  Malicious registry edits won't affect your
Linux native user's dotfiles.  And unless you set WINE up to emulate
drives outside of the default special directories, Win32 calls like
CreateFile() won't be able to open your normal system or user files.

This means that, for example, malware can't set itself up to
automatically run when you log into your X session.  I don't know if
WINE honors the "start on system startup" registry settings when WINE
is explicitly loaded, though.

-- 
:wq


More information about the grlug mailing list