ubuntu helps spreading windows viruses

Bug #256880 reported by informiloud on 2008-08-11
272
This bug affects 2 people
Affects Status Importance Assigned to Milestone
wine (Ubuntu)
Wishlist
Unassigned

Bug Description

This issue has already been reported in https://answers.launchpad.net/ubuntu/+question/22404 but it seems nobody sees how important is this problem:
I recently found that my flash disk was infected by the ¨New Folder.exe" and ¨scvhsot.exe¨ virus although I didn't use it in any Windows computer... In fact, I was surprised to discover that all the flash disks I put in my PC (where there is a Debian Lenny system) were infected. I think the system was also slower than it used to be.
I found the problem and reproduced it on a notebook with a fresh Hardy and wine installed: when you double-click on a .exe virus, the virus is automatically run by wine and it resides silently in memory, slowing the system and infecting all the removable media it finds...
I used to tell everybody that viruses aren't a problem with GNU/Linux, but it seems it's not so true!
So now, when I install an ubuntu system for a newbie, I 'm facing the dilemma of choosing between the risk of virus infections and the inability of running the windows softwares...
The solution would be simple: to disable the default behavior of nautilus to run clamtk instead of wine when a windows executable is clicked. I tried but I didn't find an easy way to do it. Setting clamtk in the "open with..." dialog didn't work...

steveacab (antonio.chiurazzi) wrote :

If you don't use the windows applications you don't take virus.

the bug is resolved.

Jan Van Buggenhout (chipzz) wrote :

I wouldn't put it as bluntly as the previous comment, but wine becoming compatible with Windows up to a level viri run sounds like a feature to me, not a bug. Plus, the viri will most likely not affect your ubuntu installation. Your assertion that virus infections aren't a problem on Linux is correct in that sense. So this is not a bug.
I think the solution would be to install some kind of virus scanner (yes, those are available for Linux too).

description: updated
Norman Grahams (ndgrahams) wrote :

Wine becoming compatible with Windows up to a level viruses can run is certainly a feature - by implication that Wine is running well. Wine is not designed to distinguish what kind of program it runs, but to run it as the program intends.
However I think this problem of viruses running should be addressed. Even if it isn't damaged by them, Ubuntu shouldn't carry and transmit viruses. And the potential is always there for a Wine-run virus to attack things in the user's home folder, thus becoming a Linux virus. Whether that second option is more likely than a native or cross-platform virus I don't really know, but I can imagine it being so.
Certainly the first at least has happened, and should be addressed.

I don't know how to do it, but checking files with ClamAV (the back end to the aforementioned clamtk) before opening them in Wine sounds like a very good idea. It won't slow down native operations and programs, as an antivirus program on Windows does, but it will protect against Windows viruses running under Wine.

Norman Grahams (ndgrahams) wrote :

I wonder whether it can be solved simply, at least as a workaround, by running ClamWin in wine - probably with its complimentary real-time scanner?

Scott Ritchie (scottritchie) wrote :

(optional) ClamAV integration with Wine would be an interesting feature.

Changed in wine:
importance: Undecided → Wishlist
status: New → Triaged
HoppingWombat (hoppingwombat) wrote :

The problem is not with Ubuntu or Wine, but with Windows programs -- you would get the virus in them whether you were running Windows, OpenBSD, or Ubuntu.

jan (jan-ubuntu-h-i-s) wrote :

Just as Microsoft is advising, it should be standard practice that within Wine a virus scanner is advised for users doing a lot of wine stuff.
Has anyone tried to install virus scanners in Wine ?

Jack Leigh (leighman) wrote :

I also recently experienced problems with a virus via wine. Clamav integration would seem to be a much better solution than the executable-bit fiasco at the moment

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers