View Full Version : [ubuntu] Will WINE run malware on my system?

May 4th, 2008, 12:21 PM
Well, the subject pretty much tells it all: the question is whther having WINE installed will make my Ubuntu vulnerable to viruses/trojans/spyware/et al.

In an attempt to reduce the possibility of malware intended for Windows running under WINE, I didn't associate .exe extensions with WINE: for instance, double-clicking on a Windows executable returns a "no suitable application" warning, and the only way to run .exe's is using a command line. At least, I hope that's the only way.

Is it possible that WINE still runs some accidentally downloaded malware behind my back?

May 4th, 2008, 12:24 PM

And windows viruses don't do very much in Wine anyway. http://www.linux.com/articles/42031

May 6th, 2008, 12:09 PM
No it won't. Malware tends to look for windows system files to patch for both function and hiding itself. They don't exist with wine as it's a recreation of the windows enviornment. Even if it did run it would in now way affect your linux box besides probably making a mess of itself in your .wine directory that can be cleaned up. Windows malware is written for the windows API, in short it doesn't speak linux.

In theory it could be possible to write malware in an interpreted/compiled cross platform language though most languages that run that way (Java, python, etc) have protections built in to prevent them from being used in that way. To write malware in them would require a coding exploit that allows them to bypass that safety.

Again, you're quite safe from windows malware using linux.

May 7th, 2008, 12:41 AM
I had wine installed a while ago and it got a virus. It then started port scanning all of the computers on my network. Make sure you watch out for that.

May 7th, 2008, 02:42 AM
Viruses are not the only type of malware around. I know for a fact that sdbot and rbot will work in wine. These bots will connect to an irc server and wait for commands. They won't have access to the linux file system will running in wine, but they will be able to scan other ip addresses, as mentioned above, as well as participate in DDoS attacks. They can also offer copies of themselves to other people on irc. When they do manage to get on a real Windows system, they view processes, read and delete files, etc.

It was kind of interesting to monitor their traffic with Wireshark, and then report their controllers to Undernet ircops.

EDIT: Of course, someone still has to intentionally run these files. They won't just magically run themselves, even in Wine, which is more to the point of what the OP was asking.

May 7th, 2008, 03:46 AM
Theoretically, it's entirely possible for Windows malware to run in wine. Since wine generally runs as user, it would have access to all files in your home directory (able to delete them etc.).

That said, there aren't too many "vandal" malwares out there, and the more prevalent worms such as Storm certainly wouldn't zombify your box.

The page GavinZac linked to is over 3 years old and Wine has come a long way since then. It would be interesting to retry those tests using the latest Wine..

May 7th, 2008, 05:46 PM
I began using ubuntu so i don't understand much about it. Thanks for sharing