UPDATE: WINE: A New Place For KLEZ To Play

The WINE project is becoming increasingly popular and useful to those who would continue to use proprietary, free, and unported opensource software available only for Microsoft Windows. I've tested it with a few games I had purchased while I still used Windows, and it surprised me. The WINE project, and the two popular forks in the project, WineX, and Codeweavers WINE, have come along quite nicely, albeit it slowly, over the last few years. I give a lot of credit to the many developers that have poured a lot of their time into the project, but, with the good, the bad must be accepted.

Recently a friend of mine, proficient in Linux, and not what you would call a 'newbie' to computing, received an email from a customer. The email was vague and included an attachment. In KMail, he decided to view the attachment, thinking it was simply an image. He clicks it, nothing happens, no viewer, no error, nothing but a few seconds of milling around, and then more nothing. Then, the wine notification pops up. By this time he had realized the file was a Windows executable, and that he'd just executed it with wine because of the MIME typing capabilities of KDE, and WINE's integration with the desktop.

If he were running windows, I would've slapped him upside the head, everyone with any sense at all would've expected an odd email with an attachment to be a ready and willing virus or worm. Of course, this was no different, this attachment contained the worm known as WORM_KLEZ.H. However, because of the sense of security from worms of this nature bestowed to Linux users, by the same type of ignorance in assumption that spreads them amongst Windows users, he never expected the attachment to be a virus or worm that would infect and operate as it normally does. Unfortunately, this is exactly what happened... click, boom, Klez goes nuts, etc., etc., etc.

UPDATE:

  Date: Fri, 25 Oct 2002 18:25:23 +0200  From: Karl-Heinz Zimmer   To: Eric Lubow   Cc: kmail@mail.kde.org  Subject: Might it be possible to comment your LinuxSecurity article?    Hi Eric,   (I am cc'ing the KMail developers mailing list)    on /news/vendors-products  you published part of an article by Zac Jensen stating the following:         (...)           In KMail, he decided to view the attachment, thinking it was       simply an image. He clicks it, nothing happens, no viewer, no       error, nothing but a few seconds of milling around, and then       more nothing. Then, the wine notification pops up.       (...)      As it turned out now, this description of what happened is a bit  inaccurate.    Actually (and Zac stated that this is true) the user did the following:       * Click on the attachment       * See an explicit warning dialog (like the one attached to my mail)       * Click on [Open] - which is *not* the default button of that dialog.    So the difference to the facts described in the text cited on your site  is this:    1. There was an extra _warning_ dialog telling the user explicitely     that 'WINE' would be used with this attachment if he clicks on Open.    2. The user was explicitely told that doing so might compromise the     system's security.    (...)  I am an enthusiastic :-) KMail developer and I got quite frustrated  by reading this article since we added this warning dialog  _intentionally_ for the very reason to _prevent_ such virus execution.    OTOH we are discussing this issue currently and considering several  measures to make it even MORE unlikely that a virus can do harm,  e.g. by restricting the things that executable attachments are  allowed to do when called by the user from within KMail...    (...)      Karl-Heinz