Can WINE Compromise Unix? 87
gbulmash asks: "As API's like WINE and Crossover Office gradually make it easier to run Windows binaries on Unix, will the system inherit some of Windows' vulnerabilities? For example, has anyone tried to get Outlook up and running under Wine, then deliberately tried to infect themselves with a Windows virus to see if it could raid the Outlook address book and start mailing itself out? It just seems to stand to reason that the better these systems get at running Windows binaries, the easier it will become to infect them with Windows viruses. Or am I just totally off base here?"
A better question is... (Score:4, Funny)
Re:A better question is... (Score:3, Insightful)
Re:A better question is... (Score:2)
I tried to forward all my email to my linux box, but rich text and meetings where flakey. Wonder why noone made a linux client that could just read the incoming emails and parse locally, skip exchange server all together, then departments could se
Re:or... evolution (Score:2)
Parent was referring to evolution.
Re:A better question is... (Score:2)
Re:A better question is... (Score:1)
Re:A better question is... (Score:2)
It does, with reduced functionality.
You know, there is also a reason why so many people use Exchange/Outlook. It's really quite good.
Re:A better question is... (Score:2)
Well, if your school doesn't tell you what the features of Exchange/Outlook are V. random pop3/pegasus; the only good thing about Exchange is it takes way more servers to do the same mail as qmail; oh and it gets screwed up more often.
Not that I'm bitter because my school didn't help me understand why Exchnage/Outlook is good, it's not as if I would have run Outlook anyhow; I'd rather not send out stupid viru
Re:A better question is... (Score:2)
Why do you assume the parent poster is at school? The features of Exchange/Outlook are aimed more at business rather than school/uni students.
Exchange/Outlook is not just about email. It provides a whole lot more including calendaring, resource booking, task management, web access, and custom forms (which are used in the company I work for for things like leave requests, expense claims, etc.).
O
Re:A better question is... (Score:2)
Probably because the comment above the one i replied to said:
yeah, my stupid school is switching to exchange.
Outlook 2003 also ups the ante over email clients like Pegasus with funky new features such as search folders, smart date grouping, *useful* new message notifications, and the new vertical 3 pane layout.
I don't know what a 'search folder' is, but pegas
Re:A better question is... (Score:2)
It shows the new 3 pane vertical layout. Note the smart date grouping in the messages pane (Today, Yesterday, Sunday...). Also note the unread mail search folder in the favourite folders section of the folder pane - viewing this folder will show all your unread messages in the messages pane. A search folder is basically 'contains' messages that match a user defined filter - however the messages may actually be in many different folders.
As for new message notification
Re:A better question is... (Score:2)
OWA works fine with Mozilla (Score:1)
The version of Outlook Web Access included with Exchange 2000 works fine with Mozilla. Don't know about other versions, though.
Re:A better question is... (Score:1)
Well I wouldn't either. But a while back when I was still saddled with a Umax parport (windows-only) scanner I did attempt to get that working under Wine.
My attempts were frustrated by the fact that I was unable to get Wine to run anything more challenging than Notepad, and in the end I gave up and got a proper scanner, which was a cheaper option than vmware.
Re:A better question is... (Score:2)
The greater danger.. (Score:2, Insightful)
Re:The greater danger..Patches MY A.. (Score:2)
Re:The greater danger..Patches MY A.. (Score:2)
When you want to test software, start up the relevant test virtual machine you want, run the stuff. If anything goes wrong, extract the information you need, then click "revert". And you revert to the pristine snapshot.
No need to restore. You can make copies of the pristine snapshot just to be sure.
Heck you could even run your email software in one virtual machine, and browse in another. If you download something funny in your email and stuff goes
Re:The greater danger..Patches MY A.. (Score:1)
Yep... (Score:1, Interesting)
That's why I don't run WINE and have absolutely no appreciation for the WINE project. At all. The effort would be better spent writing software for Linux that at least has some measure of security built in the the OS.
If you run proprietary software, then you have proprietary bugs and security holes. WINE is a lot of work, just to provide a crutch for people who want to say they run Linux, but are afraid of learning a different way to get their stuff done.
Re:Yep... (Score:5, Interesting)
The whole point of open source (Score:1)
Being blindly dismissive is one attribute of Linux zealots that turns many people - people who would otherwise be interested in learning more about Linux - off.
This is a very strange use of the term "zealot." In most non-warped contexts, a zealot is someone who passionately cares about some topic, and generally insists that others share their view. To call someone a zealot specifically because they are dismissivly indifferent to what other people think or do is odd enough, but the capping irony is warn
Zealots did more than "turn off". They killed! (Score:2)
Markus, you said P.S. I can just hear all the people asking themselves "What an odd comment to make; I wonder what his angle is?"
You are thinking more deeply and carefully than is normal for Slashdot commenters. That is unusual.
It is humorous to that the grandparent commenter told "zealots" that they should stop being so intense because they might "turn people off".
Using the Google define: modifier gives this result for zealot [google.com]: Zealot - "a member of an ancient Jewish sect in Judea in the first c
Re:Zealots did more than "turn off". They killed! (Score:2)
It would be good if more technically oriented people re-joined the world.
I don't think they've left really left. My wife and I regularly see a dozen so of her MIT grad school classmates; add a handfull of my old math-and-physics crowd and my work nerd friends and you have a good, handy sample of "technically oriented people".
They all seem to be involved in the world.
Most of them are married, and a lot of them have kids, and all of them seem to be great parents. We all seem to have good relations
Markus, I'm not talking about you... (Score:2)
Markus, I'm not talking about you or anyone you know, apparently. I'm talking about the people you don't know, because they are not social.
Re:Markus, I'm not talking about you... (Score:2)
*laugh* Talk about a nearly-irrefutable position.
How do you know these dark-nerds exist? I suppose we would be safe assuming the interact gravitationally. They might even absorb or reflect photons. But apart from using nmap to see what OS they run, checking their bookshelf for a CRC, etc., how are we to distinguish them from plain old shy people? Or maybe just people who (unlike us, apparently), mind their own business? What reason, apart from Hollywood and a lot of popular stereotypes, do we have
Re:Markus, I'm not talking about you... (Score:2)
Check it out yourself. Not everyone is like you. I mentioned that I thought that in my original post.
You are much smarter than the average person, as I said. Also, from what you say, you have a healthy social life. But you appear not to be aware that few people are as advantaged as you.
Microsoft is trashing its own reputation because of the social inabilities of Bill Gates and Steve Ballmer. Ray Noorda destroyed Novell's chances. Michael (I forget his name.) of Corel reduced Corel to a minor player.
Re:Zealots did more than "turn off". They killed! (Score:1)
Some can however excell in technical or scientific work.
This sort of autism is called Asperger Syndrome. Bill Gates is said to be an asperger.
Re:Yep... (Score:2)
I just can't see a good reason for anyone to run it. Linux at this point does not nee
Re:Yep... (Score:1)
Re:Yep... (Score:4, Insightful)
The point of the WINE project is to provide that bridge. Get all the benefits of using something like Linux or BSD, get all the alternatives available to you (freely or otherwise) and if there are a few you need Windows for, use WINE to run them under Linux. Someone running Outlook under Linux would be a lot better off running Evolution and paying for the Connector license (cheaper licensing and native). However, someone running a core accounting app for which no Linux alternative exists is going to want to use WINE so they can still use that application AND get the benefits of the Linux alternatives for everything else.
WINE is a bridging tool for those migrating from Windows to Linux/Unix but who have applications for which no feasible Linux/Unix alternatives exist.
I would much prefer to save the costs involved in getting a Linux box up and running with WINE that spend the several hundred in licensing just for a few applications.
Hmmm...
($time to get up and running) vs ($time + $licensing costs for Windows)
Which is really the cheaper in the end? Support? Bah, its remote. Like you say, there is VNC if it comes down to it (bad solution really) but X across an SSH session is a lot better (regardless of how badly people think of the X protocol, it does its intended job very well still)
Just my $0.02. We differ in our opinions, but thats the beauty of diversity in life
Re:Yep... (Score:1)
Excuse me, can I make that decision myself? And no, I don't have time to fiddle around with Wine, so I bought Crossover Office [codeweavers.com] for only $55. I can then still run Linux with all the powerful (commandline) tools available, but nevertheless run all the Office apps, including IE. No fiddling, just rockstable.
Re:Yep... (Score:2)
Re:Yep... (Score:2)
Re:Yep... (Score:2)
Ah, the security *model* of NT/2k/XP is superior to that of (most) unix-like OSes in pretty much every way.
Now, if you want to talk about poor default permissions and applications requiring excessive permissions just to work, that's more interesting and accurate, but it's equally applicable to unix as Windows.
Incidentally, the "it'll only affect the current user, not the whole machine" argument is specious. Most machines (particularly
Re:Yep... (Score:2)
WINE *is* a lot of work. Even to set up. I use it. But not because I'm afraid of learning a different way.
I use it to play games. There are some awesome games that run native in linux (AA, NWN, ET And RtCW, Quake3, BZFlag, and all the games Loki ported and many, many others). but there are some games I choose to not live without.
Counterstrike,
Re:Yep... (Score:4, Insightful)
> for the WINE project.
Too narrowminded. There are a lot of legacy win32 apps in regular use out there that won't get ported. Many times it is impossible to even locate the source or any design docs. It only takes ONE to keep a machine chained to Windows. If it takes wine to get that desktop converted it is still a win. Because once the conversion has taken place that shop probably won't invest in MORE win32 software and eventually those stragglers will get discarded as the relentless march of time obsoletes dead end programs that aren't being well maintained and probably never worked flawlessly in the first place.
this HAS happened (Score:2)
basically it's programmed to look for an SMTP on localhost if it doesn't find a default one in the registry, and it started sending viruses out
so um
yeah
Re:this HAS happened (Score:1)
...but if it'll run Microsoft viruses, well, that's just damn cool :-)
It runs PuTTY and SBClient... (Score:2)
However, my wife would like to to run stuff like Dorling Kindersley entertainment software, and on most of them it doesn't even come close. Mind you, the, er, geniuses who wrote a lot of this stuff only tested it in a very limited range of situations, and used all kinds of bizarre special features, so a lot of them run poorly (crash, misdisplay, lose features) on Windows 2000 and XP (haven
Re:this HAS happened (Score:2)
You are totally off the base here (Score:3, Interesting)
This is much like running Win95 in vmware or bochs and infecting it with a virus. Another seperate win95 session in bochs or vmware will not be affected, nor Linux's other mail/X/services be affected.
I'm sure there are enough Outlook lookalikes for Linux, and rather than stretching yourself for outstanding feats of engineering in Linux, try training users a little. It works.
Re:You are totally off the base here (Score:1)
The big advantage to wine (Score:3, Insightful)
The big advantage to something like wine (or to a lesser extent, dosemu, mars, etc.) is that you can insert shims at pretty much any level to catch / filter / stop / watch this sort of thing. I find it amazingly useful to be able to instrument & monitor pretty much any level I want (with the usual cavets about making sure you don't break things by inapropriate logging, etc.). It shouldn't be too hard to put a rubber-room/internal firewall around whatever infection prone software you felt like running, and stopping these things dead in their tracks. (e.g., by default, cap the rate at which network trafic can flow out of applications running under wine, lower the boom if they try to send out too much e-mail too quickly, etc).
-- MarkusQ
Re:The big advantage to wine (Score:2)
In my experience, the most common application running under cxoffice is Outlook. It's sort of CodeWeaver's "killer app." As others have noted, running as non-root doesn't protect you from a virus that is aware of WINE, and takes advantage of the network connectivity of your box to propogate itself, or worse.
I notice that there is this cute "Y" drive under cxoffice that is a window (heh) on to yo
Re:The big advantage to wine (Score:2)
I wonder why I'm not thrilled at the prospect of patching buggy Windows software so it will run safely on Linux.
Like with anything, it's hard to judge the atractiveness of the idea without comparing it to the alternatives. Getting thrown to the lions with nothing but a sharp stick might not seem that great, but if your best alternative is going in without the stick...
In my experience, the most common application running under cxoffice is Outlook...
In mine it's mostly useful for odd legecy stuff tha
Re:The big advantage to wine (Score:2)
I certainly don't. But sometimes, I don't have a choice. If the groupware platform is Exchange, and they don't support the web interface, and it's not Exchange 2000, Outlook is the only solution that will get you on board with the calendaring and other features besides email. If you want to use Linux, then either VMWare or
Re:The big advantage to wine (Score:2)
If the groupware platform is Exchange, and they don't support the web interface, and it's not Exchange 2000, Outlook is the only solution that will get you on board with the calendaring and other features besides email.
*smile* So you also get a big productivity boost as long as you use anything other than Outlook. Cool.
Like, for example, a virus could respond to your protective pop-up.
How, if it's in the outer context? If Odin stops mortal time to ask Loki if he should smite you or let you tak
Re:The big advantage to wine (Score:2)
turn into
?
I will choose not to use Outlook when I have a choice! When I don't have a choice, Outlook is more productive because the alternative is not getting the job done. It's sad, but a fact of life.
I don't know that much about WINE's internals, so I could be off base. But it seems like the fac
Re:The big advantage to wine (Score:2)
By the transform Joke(p,h) --> p' .
Specifically, in this case, the hidden snide implication h = "calendaring and other features besides email take up more time than they save, resulting in a net loss of productivity".
-- MarkusQ
P.S. On the real topic, the email
Re:The big advantage to wine (Score:2)
OK, it was h I was missing there. Calendaring, or the meetings it facilitates, certainly takes me away from my real work. But actually attending those meetings seems to help keep me employed. Go figure.
I suppose what you are saying is that one response to a widespread virus attack on cxoffice could be to change the WINE loader to do all sorts of security checks, and that it's possible to be clever about running programs under that loader. I guess you could say th
Levels (Score:2)
I'm postulating a virus that is aware that it is running on WINE, which shouldn't be all that hard to figure out, even from VBScript. What's to stop such a virus on cxoffice today from escaping the fake_windows root and causing mischief among all my MP3^H^H^Himportant work files?
What's to stop Lex Luther from taking over your system and using it to defeat Superman? The fact that they are fictional and you are not. They don't really exist; everything they appear to do or say is really a contrived effec
Levels of software (Score:2, Insightful)
Of course it can! (Score:1)
I've just been doing a Linux Desktop rollout... (Score:4, Interesting)
Wine was an essential tool.
There are some applications that you just can't get converted to Linux easily, and Wine is a good solution.
In our case we are primarily using OpenOffice.org, Evolution and Mozilla Firebird as Linux apps, but the essential application that shows the users a nice map of our country with legal boundaries accurately marked is not (yet) available under Linux.
Should we delay our Linux rollout for this? No. The app does everything it needs to under Wine, and we are rolling those desktops out on time.
Once we have 140 PCs out there running Linux, however, the pressure will come on the supplier to provide us a native Linux version next time.
That all seems to me to be a perfect example both of why it is needed, and also of why it is a damn good idead.
Thanks for the project, guys - it's getting to be useful :-)
Re:I've just been doing a Linux Desktop rollout... (Score:2)
Now, if there's competition, great. Write all of the competition (and your supplier) a note, saying "The first company to include full, stable Linux support gets the sale." *THEN* ther
Re:I've just been doing a Linux Desktop rollout... (Score:2)
Yes, it will, really.
Firstly, my client is in a position to influence the authors of the software, being in a position to influence not only their own use of the product, but also being in a position to influence wider use.
Although the product works OK, there is no doubt that a native version would work better. If the current supplier is not forthcoming with one then it is not beyond the realms of possibility for another company to produce one. The underlying data is available through legislation, so i
Re:I've just been doing a Linux Desktop rollout... (Score:2)
Unfortunately, not everyone is in a similar position of buying strength. I'm glad WINE has worked out well for you; I actually rather like the software.
Let's not just pick on WINE here. (Score:3, Insightful)
Generally, I try to set things up so the Windows instance doesn't have any ports open to the world, and if at all possible, its "filesystem" is within a file in the real filesystem, so it can't trash anything but itself. :)
sure, but it's easy to fix (Score:1)
purge fake_windows and you just took care of the problem. granted this isn't such a great solution if you want to keep persistant data around, but it works great for 1-time applications where you just want to fuddle w
"Windows Virus" don't really exist any more (Score:4, Interesting)
So, to save time: WINE+Outlook=YES. Outlook is COM based. The worms that Script Kiddies cut-and-paste together use COM to access the Outlook DB to pick addresses, and then most use COM (or Winsock which is interfaced to the Linux Socket environment) to send the e-mails outbound containing their script-kiddie payload. BUT, THESE ARE NOT VIRUSES! 1) They require other applications to be running. 2) They are not self-infecting. They require the second hand user to do something (click the
Back in the old days, we had true viruses on computers. These would make themselves TSR's (Terminate and Stay Resident for you Windows only script kiddies). They would them append the EXE their own startup code. Finally, they modify an EXE's header so that their startup code would execute them, and then execute the program.
Part of the virii's startup code was to "infect" all other EXE's on the computer. This meant that if you ran the program, everytime you had a INT21 executed (in the MSDOS/PCDOS days, this was a file access system interrupt), it would search for other EXE's to attach to, or possibly execute it's code.
This is where the term Virus came from. It could "spread" from one host to another. And each time, it could inflict more damage until it killed the host computer.
Now days, we have worms. Worms are the dreams of script kiddies (yes, you little @$#@# dorks who sit at home thinking your stuff is 31337). They use the underlying applications failures to infect something, rather than being native code that does the job. (For us techies, 8086 Assember vs. VB Script that the kiddies cut-and-paste today from newsgroups)
If your WINE implementation has the nessesary GUID's expose for COM/DCOM/ActiveX/.NET/your buzzword of the day, then, to answer your question... YES WINE IS HACKABLE. By implementing the Windows OS, it inherics the COM system, which all Microsoft products use heavilly.
Enough history lesson. I'm going to go script myself a web browser that isn't IE... it just uses Microsoft's IE Active X component for browsing.. I shall call it, Iesm... And it shall be grand...
Re:"Windows Virus" don't really exist any more (Score:1)
Re:"Windows Virus" don't really exist any more (Score:2)
Actually, "virus" has to do more with how they reproduce than the fact that they spread. Computer viruses reproduce like biological viruses: by inserting their code (or DNA) into a host, and then being read as a part of the host. Worms, on the other hand, really are self-replecating, since they are standalone programs.
Whether or not any
Sir Cam virus runs under wine (Score:3, Interesting)
I find it funny to find a this virus listed in the compatibility database [winehq.com]. It's a testament to the success of wine!
Already seen that. (Score:2)
ah, here you are:
http://linuxsecurity.com/articles/vendors_p
The more funny part of that is that there are
actually DAUs as worse as the usual WinDAU.
This is why I don't think people not capable of
handling Unix correctly should be forced to use
it (unless they aren't root on their own PCs, of
course - that makes for new jobs
It's better than windoze... (Score:2)
Wine can use any directory in Linux as a drive, so you simply create an outlook directory, run it in its own environment which means that the only problems you will see are those brought about by the application. As even a virus in Wine will happily run in a contained environment.
When you want to send an attachment from another app, you simply copy or make a symlink using your favorite Linux tools.
As far as bugs in Outlook, i
Re:It's better...With Slackware! (Score:2)
Re:It's better...With Slackware! (Score:2)
Re:It's better...With Slackware! (Score:2)
My Linux box was hit by Code Red (Score:2)
Needless to say, I was surprised to find that my Linux box was one of the machines that got hit by Code Red. The sysadmins probably had to tell me three times before I'd believe it.
Re:My Linux box was hit by Code Red (Score:1)
so that I could run Outlook (required by the company)
The sysadmins probably had to tell me three times before I'd believe it.
Well, did you tell him how much of an arse he is for requiring outlook?
Head, wall, bang, bang (Score:2)