Could Linux Fall Prey To Windows Malware? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
Commentary
11/18/2009
05:20 PM
50%
50%

Could Linux Fall Prey To Windows Malware?

Can software that allows you to run Windows software on a Linux system also expose your system to Windows malware? In practice, the answer appears to be no.

Can software that allows you to run Windows software on a Linux system also expose your system to Windows malware? In practice, the answer appears to be no.And in theory? Let's face it: When common sense goes missing, anything is possible.

For about a month now, I have been following the response to one user's attempt to answer a simple question: Can a Windows virus actually damage a Linux system?

This experiment involved an application called Wine that makes it possible to run many (but not all) Windows applications on a Linux desktop system. Wine is free and open-source software; a company called CodeWeavers also sells a commercial open-source version called CrossOver.

I won't delve into the technical details here, but Wine is a very different product than virtualization tools like VirtualBox or VMware. I personally prefer to use virtualization rather than Wine when I need to run a Windows app on a Linux system, but Wine certainly has its uses (and its supporters).

In this case, disregarding all of the warnings and installing a shifty-looking piece of software via Wine, did, indeed, result in all sorts of strange and disagreeable consequences. Unlike a real Windows system, however, once the malware got loose, it couldn't wander very far.

Here is how another reader described the results on a subsequent Slashdot post: "Wine has advanced enough to make Linux not immune to Windows viruses. However, just like many Wine applications, it takes a bit of effort to get the program off the ground. Also, just like some Windows programs running via Wine, not all features may work  in this case, the crippling of the system, immunity to the task manager, identity theft, etc." Some of the most interesting perspectives on this story, however, surfaced in comments posted both on he original site and in response to the Slashdot story. Reading through these makes two things very clear about the security risks associated with running Wine-enabled Windows apps on a Linux system:

- There are, in theory, situations in which Windows malware running on Wine could cause serious damage to a Linux system.

- All of these scenarios are extremely unlikely unless a Linux user displays a stunning lack of common sense, such as running Wine under a root account.

In fact, according to a 2008 CodeWeavers white paper that addresses exactly this topic, nobody has actually seen this happen in a real-world setting: Not surprisingly, a question we sometimes hear is whether or not Wine exposes users to the same level of risk. The short answer is: in theory, perhaps; in practice, no. That is, a virus could theoretically infect a Unix-based system (either Mac OS X or Linux) running a Windows program, but it would require an extremely unlikely scenario for that to happen. To our knowledge, it has never happened. Risk assessment is always a matter of context: When one compares the risk of a piece of Windows malware escaping Wine and damaging a Linux system versus the risk that a typical Windows system will fall prey to a malware attack, it is only possible to draw one conclusion.

Still, if you're a Wine user and want to cover all of your bases, CrossOver adds some additional security features, along with the technical support to ensure that you use them effectively.

If Linux ever gains ground as a mass-market desktop OS, we might have to revisit this question; clueless users who will click on anything can always find ways to get themselves into trouble. For now, however, most Linux users can definitely find more important things to worry about than whether running Wine will expose them to unnecessary security risks.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Future IT Teams Will Include More Non-Traditional Members
Lisa Morgan, Freelance Writer,  4/1/2020
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll