Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

General discussion area and chat

Moderator: satrow

Forum rules
This General Discussions forum is an open chat area, so you can talk about almost any subject. Please keep things civil, though!

Please do try to somewhat stick to the relevance of this forum, which focuses on everything around the Pale Moon project and its user community. "Totally random" subjects don't really belong here, even in the general discussion area.
User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1252
Joined: Tue, 19 May 2015, 02:26
Location: Arizona U.S.

Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Thehandyman1957 » Thu, 14 Sep 2017, 21:30

Just when you might have thought things for W10 were finally settling down.
http://thehackernews.com/2017/09/window ... lware.html

This reminds me of a movie scene. :mrgreen:
https://www.youtube.com/watch?v=RrxlbLVcpqI
"Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become your character. Watch your character; it becomes your destiny."

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 20346
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Moonchild » Thu, 14 Sep 2017, 22:53

And this, kids, is why running on the bleeding edge or rolling releases is a bad thing :)
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

tuxman
Fanatic
Fanatic
Posts: 159
Joined: Mon, 17 Sep 2012, 16:39
Location: Germany

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby tuxman » Thu, 14 Sep 2017, 23:02

See: The Linux part is the largest security problem of Windows. :)
No surprises here.
[ OpenDownload² for SeaMonkey, Firefox and Pale Moon :: QFO for SeaMonkey and Thunderbird ]

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1252
Joined: Tue, 19 May 2015, 02:26
Location: Arizona U.S.

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Thehandyman1957 » Thu, 14 Sep 2017, 23:37

tuxman wrote:See: The Linux part is the largest security problem of Windows. :)
No surprises here.


Uh, no. :think:
According to CheckPoint researchers, the Bashware attack technique could be abused even by a known Linux malware family,
because security solutions for Windows are not designed to detect such threats.


This is actually Microsoft's fault for not seeing this as an issue in the first place.

To relate this, it's like having a screen door designed for certain bugs and then installing it where the bugs are smaller and can fly right through.

So is it the fault of the screen maker or the idiot that installed the door in the wrong region? :crazy:
"Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become your character. Watch your character; it becomes your destiny."

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 20346
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Moonchild » Fri, 15 Sep 2017, 02:22

Thehandyman1957 wrote:This is actually Microsoft's fault for not seeing this as an issue in the first place.

No, this is the problem with new technology in Windows that the malware scanners are slow to pick up on. The tech is solid, an API is available and documented, but it's "too new".
On top, this is also disabled by default, only to be enabled by developers.

So you can blame Microsoft but their tech is fine, here (if you want to ignore the fact that it might not be a particularly good idea to mix in a completely different OS's executable formats...). Just slow to be picked up by AV companies (probably because most big ones don't actually write the engines, just use them...)
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby John connor » Fri, 15 Sep 2017, 02:39

HAHA Linux shell in Windows...https://www.youtube.com/watch?v=7xxgRUyzgs0

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1252
Joined: Tue, 19 May 2015, 02:26
Location: Arizona U.S.

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Thehandyman1957 » Fri, 15 Sep 2017, 04:50

Moonchild wrote:So you can blame Microsoft but their tech is fine, here (if you want to ignore the fact that it might not be a particularly good idea to mix in a completely different OS's executable formats...).


That's kinda what I was referring to. ;)
"Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become your character. Watch your character; it becomes your destiny."

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 20346
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Moonchild » Fri, 15 Sep 2017, 10:07

Thehandyman1957 wrote:
Moonchild wrote:So you can blame Microsoft but their tech is fine, here (if you want to ignore the fact that it might not be a particularly good idea to mix in a completely different OS's executable formats...).

That's kinda what I was referring to. ;)

Ah, I get that , but it's probably from the desire that everything must do everything in 2017. It does make me wonder how Linux deals with WINE running Windows malware, and how secure (or not) that was when it was first introduced. Can Linux AV scanners detect Windows malware running under WINE today? If the answer is "No" then Linux is much worse off since WINE has been around for so much longer; it's not new tech.

I'm pretty sure the AV people will catch up, though.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

User avatar
Thehandyman1957
Board Warrior
Board Warrior
Posts: 1252
Joined: Tue, 19 May 2015, 02:26
Location: Arizona U.S.

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Thehandyman1957 » Fri, 15 Sep 2017, 19:44

Here is a interesting tidbit from https://en.wikipedia.org/wiki/Wine_%28software%29

Security

Because of Wine's ability to run Windows binary code, concerns have been raised over native Windows viruses and malware affecting Unix-like operating systems.[93] Wine can run most malware, but programs running in Wine are confined to the current user's privileges, restricting some undesirable consequences. For this reason the developers of Wine recommend never running it as the superuser.[94] Malware research software such as ZeroWine[95] runs Wine on Linux in a virtual machine, to keep the malware completely isolated from the host system.

Another security concern is when the implemented specifications are ill-designed and allow for security compromise. Because Wine implements these specs, it will also implement any security vulnerabilities they contain.[96]


And if you care to read a bit, there is a conversation about it here. https://linux.slashdot.org/story/09/10/24/1759213/now-linux-can-get-viruses-via-wine

As for your question about Wine and AV's. I only found one mainline virus scanner for Linus and it was Comodo. After doing some digging I found this on their forums.
Screenshot - Friday,9,15,17 , 12_58_02 PM.png


They mention Apparmor so I went digging and found this. https://askubuntu.com/questions/236381/what-is-apparmor

Apparmor is a security framework that prevents applications from turning evil. For example: If I run Firefox and visit a bad site that tries to install malware that will delete my home folder, Apparmor has limits on Firefox though preventing it from doing anything I don't want (like accessing my music, documents, etc). This way even if your application is compromised, no harm can be done.


Interesting stuff. ;)
"Watch your thoughts; they become words. Watch your words; they become actions. Watch your actions; they become habits. Watch your habits; they become your character. Watch your character; it becomes your destiny."

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 20346
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby Moonchild » Sat, 16 Sep 2017, 20:50

programs running in Wine are confined to the current user's privileges, restricting some undesirable consequences

So, in fact exactly the same as this on Windows, then.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

User avatar
hobbledehoy899
Fanatic
Fanatic
Posts: 134
Joined: Wed, 27 Jul 2016, 23:18
Contact:

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby hobbledehoy899 » Sat, 16 Sep 2017, 21:47

Moonchild wrote:And this, kids, is why running on the bleeding edge or rolling releases is a bad thing :)

But this isn't even related to Arch or any Arch-based distros!

User avatar
mrmivo
Hobby Astronomer
Hobby Astronomer
Posts: 24
Joined: Thu, 31 Aug 2017, 03:22

Re: Linux Subsystem on Windows 10 Allows Malware to Become Fully Undetectable

Postby mrmivo » Sun, 17 Sep 2017, 04:24

The article also says:

Yes, Bashware requires administrator access on the target computers, but gaining admin privileges on Windows PCs via phishing attacks and/or stolen admin credentials is not a difficult task for a motivated attacker.


The article glosses over this, but doesn't it, in the end, come down to users being careless and negligent?


Return to “General discussion”

Who is online

Users browsing this forum: Bing [Bot] and 7 guests