Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Win32.malware.gen and W32.obfuscated.gen in Wine

  1. #1
    Join Date
    Aug 2013
    Beans
    8

    Win32.malware.gen and W32.obfuscated.gen in Wine

    Hi all,

    I have installed Ubuntu Studio 64 bit. I formatted the partition. I run the first updates. I installed Wine megapack. I have configured wine. I copied the .wine directorie to my windows computer. My windows computer is scanned with: Mallwares' bytes, Webroot and Bitdefender.

    Then scanning the wine directorie with webroot, this scanner finds 45 infections with w32.malware.gen and 1 infection with w32.obfuscated.gen.

    I can clean this and copie them back, but ubuntu can make updates and create new infections.

    Even when this infections can not be active within a running Linux OS, running wine there is acces to my Linux files.

    I do not like this, I do not trust this!

    Ho is this possible and can we trust Linux?
    What more should we know?
    Even Linux needs security updates. That is not because is it safe as it is.


    Kind regards,

    Jan Florijn

  2. #2
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    9,333
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Win32.malware.gen and W32.obfuscated.gen in Wine

    WINE has gotten good enough to be violated by many Windows viruses. This is what you wanted - for WINE to provide an API compatibility layer so Windows programs could run, correct?

    Stop using WINE and/or stop downloaded "megapack" - whatever that is. Seems to be pre-installing less-than-ideal programs, if you ask me.

  3. #3
    Join Date
    Jul 2008
    Beans
    2,887

    Re: Win32.malware.gen and W32.obfuscated.gen in Wine

    I have Bitdefender installed in my Linux OS and once it found malware within FF. I;m not sure if the maleware could have done anything to th Linux OS but I now scan once a week. It take about 2 min to scan a /home directory if not less.

  4. #4
    Join Date
    Aug 2013
    Beans
    8

    Re: Win32.malware.gen and W32.obfuscated.gen in Wine

    TheFu,

    That is the same when man says to the doctor: "My arm hearts" and the docter says: "Do not use it."

    You are right. But! I use wine to run audio plugins.

    And more important: I can not trust anything what I download using synaptic! When wine can be wrong, the other stuff can also be infected.

    Kind regards,

    Jan Florijn

  5. #5
    Join Date
    Aug 2013
    Beans
    8

    Re: Win32.malware.gen and W32.obfuscated.gen in Wine

    They say that infections do not harm Linux. "Can not" does not exist. I can not prove the opposit. But when Wine can be wrong, why malware received by FF even not also? Should f.e. a key-logger say: Hi, this is FF on Linux, I skip?

    JanFlorijn

  6. #6
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    9,333
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Win32.malware.gen and W32.obfuscated.gen in Wine

    Quote Originally Posted by JanFlorijn View Post
    TheFu,

    That is the same when man says to the doctor: "My arm hearts" and the docter says: "Do not use it."

    You are right. But! I use wine to run audio plugins.

    And more important: I can not trust anything what I download using synaptic! When wine can be wrong, the other stuff can also be infected.

    Kind regards,

    Jan Florijn
    A base WINE install does not show any infections. It is only AFTER you install some Windows stuff, correct?
    That means it isn't WINE that is not trustworthy. WINE is just an API compatibility layer to make win32 programs think they are on a real Windows OS. Nothing more.

    There are viruses for Linux.
    There are worms for Linux.
    There are cross-platform attacks that work on Win/Lin/OSX.

    I think Windows is attacked for 2 main reasons.
    * 90% of the desktops run it.
    * Lots of legacy code was written for a single-user Windows OS, hence security was not a primary concern and we are still seeing the results.

    No platform is 100% secure. We have to use our brains as the first line of defense. As Linux becomes more popular, we still need to use our brains to avoid being powned.

    Don't believe me? http://krebsonsecurity.com - he was the Washington Post's (highly regarded newspaper in the USA) computer security writer for years.

    Android is making the Linux kernel more interesting to attackers, plus over 50% of internet servers run Linux, so the platform is getting more and more attention. Almost ZERO Linux servers run WINE, BTW.

    Getting trustworthy code is easier on Linux than any other platform, IMHO. That doesn't prevent bad code, just look at the most popular FTP servers - 3 of them had back doors added to their source code and nobody noticed for months/years. ssh was modified by a debian developer to remove critical code for randomness. It wasn't noticed for a few years either. Malicious? Probably not. Harmful to security, definitely. I use ssh as my default method of connecting between 20+ systems a day. I assume everyone is doing their best, until proven otherwise. That includes the WINE dev teams. Of course, a few "teams" either aren't doing their best or aren't allowed to do so .... Adobe, Oracle ... come to mind. Codec-pak devs on Windows are another group who seem to include "extra stuff" that no end-user really wants.

    Since I don't make money with video or audio processing, it is easy for me to say - "if VLC can't play it, then I don't need to hear or watch it."

    Anyway, I think your complaints are mislaid on WINE based on the description above. I could be wrong ... yes?

  7. #7
    Join Date
    Aug 2013
    Beans
    8

    Re: Win32.malware.gen and W32.obfuscated.gen in Wine

    A base install of wine(meta package synaptic) and run configure wine once gives infections. I did not install anything.

    I agree, there is no 100% safety. Providers of opensource applications and os: Please inform the users correct!

    Kind regards,

    Jan Florijn

  8. #8
    Join Date
    Jan 2009
    Location
    ::1
    Beans
    2,485

    Re: Win32.malware.gen and W32.obfuscated.gen in Wine

    Quote Originally Posted by JanFlorijn View Post
    I installed Wine megapack.
    Jan, what is "Wine megapack"? How did you install it?

  9. #9
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    9,333
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Win32.malware.gen and W32.obfuscated.gen in Wine

    If you just installed "wine" and didn't install anything else, I'd bet the AV scans are only showing _false positives_.

    Any single Windows AV is 50% accurate. Even running 5 different vendor versions of AV only provides 80% effectiveness. Ask any CISSP.

  10. #10
    Join Date
    Aug 2013
    Beans
    8

    Re: Win32.malware.gen and W32.obfuscated.gen in Wine

    I used synaptic, searched wine, and the first hit in the description contains "megapack".

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •