Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

General discussion area and chat

Moderators: Indalecio, satrow

Forum rules
This General Discussions forum is an open chat area, so you can talk about almost any subject. Please keep things civil, though!

Please do try to somewhat stick to the relevance of this forum, which focuses on everything around the Pale Moon project and its user community. "Totally random" subjects don't really belong here, even in the general discussion area.
User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1119
Joined: Tue May 19, 2015 2:26 am
Location: Arizona U.S.

Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Thehandyman1957 » Thu Sep 14, 2017 9:30 pm

Just when you might have thought things for W10 were finally settling down.
http://thehackernews.com/2017/09/window ... lware.html

This reminds me of a movie scene. :mrgreen:
https://www.youtube.com/watch?v=RrxlbLVcpqI
"War: when your government tells you who the enemy is. Revolution: when you figure it out for yourself." ;)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19679
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Moonchild » Thu Sep 14, 2017 10:53 pm

And this, kids, is why running on the bleeding edge or rolling releases is a bad thing :)
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.
Image

tuxman
Fanatic
Fanatic
Posts: 157
Joined: Mon Sep 17, 2012 4:39 pm
Location: Germany

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby tuxman » Thu Sep 14, 2017 11:02 pm

See: The Linux part is the largest security problem of Windows. :)
No surprises here.
[ OpenDownload² for SeaMonkey, Firefox and Pale Moon :: QFO for SeaMonkey and Thunderbird ]

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1119
Joined: Tue May 19, 2015 2:26 am
Location: Arizona U.S.

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Thehandyman1957 » Thu Sep 14, 2017 11:37 pm

tuxman wrote:See: The Linux part is the largest security problem of Windows. :)
No surprises here.


Uh, no. :think:
According to CheckPoint researchers, the Bashware attack technique could be abused even by a known Linux malware family,
because security solutions for Windows are not designed to detect such threats.


This is actually Microsoft's fault for not seeing this as an issue in the first place.

To relate this, it's like having a screen door designed for certain bugs and then installing it where the bugs are smaller and can fly right through.

So is it the fault of the screen maker or the idiot that installed the door in the wrong region? :crazy:
"War: when your government tells you who the enemy is. Revolution: when you figure it out for yourself." ;)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19679
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Moonchild » Fri Sep 15, 2017 2:22 am

Thehandyman1957 wrote:This is actually Microsoft's fault for not seeing this as an issue in the first place.

No, this is the problem with new technology in Windows that the malware scanners are slow to pick up on. The tech is solid, an API is available and documented, but it's "too new".
On top, this is also disabled by default, only to be enabled by developers.

So you can blame Microsoft but their tech is fine, here (if you want to ignore the fact that it might not be a particularly good idea to mix in a completely different OS's executable formats...). Just slow to be picked up by AV companies (probably because most big ones don't actually write the engines, just use them...)
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.
Image

User avatar
John connor
Lunatic
Lunatic
Posts: 459
Joined: Wed Jan 21, 2015 5:06 am
Location: USA
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby John connor » Fri Sep 15, 2017 2:39 am

HAHA Linux shell in Windows...https://www.youtube.com/watch?v=7xxgRUyzgs0
My forum project :wave:
You ever dance with the devil in the pale moon light?
Cooler Master Storm Scout 2 Advanced |GIGABYTE AORUS GA-Z270X-Gaming K7| i5 6600k | 2666 MHz Ballistix Tactical RAM | Crucial MX300 256GB SSD | 1 TB Hitachi platter | GTX 560TI |Logitech Z 5300 5.1 audio | Logitech mouse/keyboard
Laptop: Dell Precision M6300

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1119
Joined: Tue May 19, 2015 2:26 am
Location: Arizona U.S.

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Thehandyman1957 » Fri Sep 15, 2017 4:50 am

Moonchild wrote:So you can blame Microsoft but their tech is fine, here (if you want to ignore the fact that it might not be a particularly good idea to mix in a completely different OS's executable formats...).


That's kinda what I was referring to. ;)
"War: when your government tells you who the enemy is. Revolution: when you figure it out for yourself." ;)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19679
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Moonchild » Fri Sep 15, 2017 10:07 am

Thehandyman1957 wrote:
Moonchild wrote:So you can blame Microsoft but their tech is fine, here (if you want to ignore the fact that it might not be a particularly good idea to mix in a completely different OS's executable formats...).

That's kinda what I was referring to. ;)

Ah, I get that , but it's probably from the desire that everything must do everything in 2017. It does make me wonder how Linux deals with WINE running Windows malware, and how secure (or not) that was when it was first introduced. Can Linux AV scanners detect Windows malware running under WINE today? If the answer is "No" then Linux is much worse off since WINE has been around for so much longer; it's not new tech.

I'm pretty sure the AV people will catch up, though.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.
Image

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1119
Joined: Tue May 19, 2015 2:26 am
Location: Arizona U.S.

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Thehandyman1957 » Fri Sep 15, 2017 7:44 pm

Here is a interesting tidbit from https://en.wikipedia.org/wiki/Wine_%28software%29

Security

Because of Wine's ability to run Windows binary code, concerns have been raised over native Windows viruses and malware affecting Unix-like operating systems.[93] Wine can run most malware, but programs running in Wine are confined to the current user's privileges, restricting some undesirable consequences. For this reason the developers of Wine recommend never running it as the superuser.[94] Malware research software such as ZeroWine[95] runs Wine on Linux in a virtual machine, to keep the malware completely isolated from the host system.

Another security concern is when the implemented specifications are ill-designed and allow for security compromise. Because Wine implements these specs, it will also implement any security vulnerabilities they contain.[96]


And if you care to read a bit, there is a conversation about it here. https://linux.slashdot.org/story/09/10/24/1759213/now-linux-can-get-viruses-via-wine

As for your question about Wine and AV's. I only found one mainline virus scanner for Linus and it was Comodo. After doing some digging I found this on their forums.
Screenshot - Friday,9,15,17 , 12_58_02 PM.png


They mention Apparmor so I went digging and found this. https://askubuntu.com/questions/236381/what-is-apparmor

Apparmor is a security framework that prevents applications from turning evil. For example: If I run Firefox and visit a bad site that tries to install malware that will delete my home folder, Apparmor has limits on Firefox though preventing it from doing anything I don't want (like accessing my music, documents, etc). This way even if your application is compromised, no harm can be done.


Interesting stuff. ;)
"War: when your government tells you who the enemy is. Revolution: when you figure it out for yourself." ;)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19679
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Moonchild » Sat Sep 16, 2017 8:50 pm

programs running in Wine are confined to the current user's privileges, restricting some undesirable consequences

So, in fact exactly the same as this on Windows, then.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.
Image

User avatar
hobbledehoy899
Fanatic
Fanatic
Posts: 106
Joined: Wed Jul 27, 2016 11:18 pm
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby hobbledehoy899 » Sat Sep 16, 2017 9:47 pm

Moonchild wrote:And this, kids, is why running on the bleeding edge or rolling releases is a bad thing :)

But this isn't even related to Arch or any Arch-based distros!

User avatar
mrmivo
Hobby Astronomer
Hobby Astronomer
Posts: 21
Joined: Thu Aug 31, 2017 3:22 am

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby mrmivo » Sun Sep 17, 2017 4:24 am

The article also says:

Yes, Bashware requires administrator access on the target computers, but gaining admin privileges on Windows PCs via phishing attacks and/or stolen admin credentials is not a difficult task for a motivated attacker.


The article glosses over this, but doesn't it, in the end, come down to users being careless and negligent?


Return to “General discussion”

Who is online

Users browsing this forum: No registered users and 4 guests