Could Linux Fall Prey To Windows Malware?

Can software that allows you to run Windows software on a Linux system also expose your system to Windows malware? In practice, the answer appears to be no.And in theory? Let's face it: When common sense goes missing, anything is possible.

For about a month now, I have been following the response to one user's attempt to answer a simple question: Can a Windows virus actually damage a Linux system?

This experiment involved an application called Wine that makes it possible to run many (but not all) Windows applications on a Linux desktop system. Wine is free and open-source software; a company called CodeWeavers also sells a commercial open-source version called CrossOver.

I won't delve into the technical details here, but Wine is a very different product than virtualization tools like VirtualBox or VMware. I personally prefer to use virtualization rather than Wine when I need to run a Windows app on a Linux system, but Wine certainly has its uses (and its supporters).

In this case, disregarding all of the warnings and installing a shifty-looking piece of software via Wine, did, indeed, result in all sorts of strange and disagreeable consequences. Unlike a real Windows system, however, once the malware got loose, it couldn't wander very far.

Here is how another reader described the results on a subsequent Slashdot post: "Wine has advanced enough to make Linux not immune to Windows viruses. However, just like many Wine applications, it takes a bit of effort to get the program off the ground. Also, just like some Windows programs running via Wine, not all features may work  in this case, the crippling of the system, immunity to the task manager, identity theft, etc." Some of the most interesting perspectives on this story, however, surfaced in comments posted both on he original site and in response to the Slashdot story. Reading through these makes two things very clear about the security risks associated with running Wine-enabled Windows apps on a Linux system:

- There are, in theory, situations in which Windows malware running on Wine could cause serious damage to a Linux system.

- All of these scenarios are extremely unlikely unless a Linux user displays a stunning lack of common sense, such as running Wine under a root account.

In fact, according to a 2008 CodeWeavers white paper that addresses exactly this topic, nobody has actually seen this happen in a real-world setting: Not surprisingly, a question we sometimes hear is whether or not Wine exposes users to the same level of risk. The short answer is: in theory, perhaps; in practice, no. That is, a virus could theoretically infect a Unix-based system (either Mac OS X or Linux) running a Windows program, but it would require an extremely unlikely scenario for that to happen. To our knowledge, it has never happened. Risk assessment is always a matter of context: When one compares the risk of a piece of Windows malware escaping Wine and damaging a Linux system versus the risk that a typical Windows system will fall prey to a malware attack, it is only possible to draw one conclusion.

Still, if you're a Wine user and want to cover all of your bases, CrossOver adds some additional security features, along with the technical support to ensure that you use them effectively.

If Linux ever gains ground as a mass-market desktop OS, we might have to revisit this question; clueless users who will click on anything can always find ways to get themselves into trouble. For now, however, most Linux users can definitely find more important things to worry about than whether running Wine will expose them to unnecessary security risks.