tdurbin
join:2010-01-10
Merrillville, IN
2 edits | Linux and Malwarebytes This post was in response to the original Linux and Malware post.
I have been meaning to add my thoughts here for some months now...
For all of those who think that running a Windows anti virus/malware app under the Linux OS has no beneficial gain, consider this:
Round about six months back I personally ran into a rash of malware infections causing XP Operating Systems to crash (BSoD) upon running any number of certain applications. With Safe Mode crippled, no help from an file/integrity check, and application installs claiming infected/corrupted files what can you do? Backup, reformat, clean install, cleanse/restore data, and customize, right? Wrong, as the client specified that a reformat was unacceptable as numerous software installation sources had gone missing. Well, that's when I realized that if I could run Malwarebytes' Anti-Malware, I could at least remove the infections, run an file/integrity check or repair (in-place upgrade) depending on the repercussion severity and theoretically have a functional OS. Everything worked out great, I did end up having to re-associate multiple extensions, clean up the registry, and replace a few OS files, in the end the client was happy and so was I. Instead of rewriting the directions, have a look here if your interested:
Windows will not boot, regular nor safe mode, what to do? |
|
|
|
 antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 | Nice! Can that Wine trick be done with other programs too? Is there a known list? |
|
tdurbin
join:2010-01-10
Merrillville, IN | I did some limited experimenting with wine and AntiVir without success, but I gave up after the results from a Malwarebytes' scan. To tell you truthfully I haven't had to use any other scanners external to the OS. For application information you can take a look at the Wine Application Database. |
|
Reviews:
 ·Cybersurf Intern..
| reply to tdurbin
I'm confused. The 1st post doesnt really mention linux. Also I dont understand why you would run a windows anti-virus under wine; when there are many options for native linux anti-virus.
I also assume you are using the antivirus for some sort of gateway app. Like a mail server or something? Or you screen files before moving them to a windows machine?
Linux.com awhile back did testing to see how many virii actually infect Wine. The results was basically 5 would successfully execute and have an effect. The effect was actually just a loop or something that degraded the performance of the box. Not actually achieving any part the malware wanted to achieve...
This was a little while ago. More recently, possibly because of that original article, someone figured out how to get a bit of malware to work properly. It was essentially. You have to login as root. You have to execute wine and everything under wine. You have to break the malware out of the wine jail of ~/.wine
Even after all that. The malware has to be reassembled specifically for wine's api build. As wine is reverse engineered windows and not exactly windows. Afterall Wine Is Not an Emulator. |
|
tdurbin
join:2010-01-10
Merrillville, IN | Re: Linux and Malwarebytes munky99999, the reason I mentioned the original post was to clarify that running a Windows app under Linux has great potential.
munky99999 and KodiacZiller, Your both right in your statement that there are native AV apps for Linux, but these scanners were built for Linux, not Windows, and are lacking in their detection methods. Malwarebytes' is an application that will scan files, the Windows Registry, and perform heuristics, even while running under Linux and Wine. The fact of the matter is that this procedure can be used to essentially resurrect a dead Windows box... |
|
| reply to tdurbin
So if I understand this correctly, you could take this one step further and have a USB drive with Linux and Malwarebytes' Anti-Malware already installed, and if you have a major infection you could just boot from the USB drive, clean things up, and then hopefully reboot from Windows. This would have definitely come in handy a few years ago when I got hit with a rootkit.
Thanks for the info. |
|
tdurbin
join:2010-01-10
Merrillville, IN | jsturner, Your absolutely correct. That is exactly what I would suggest as well. The possibilities for a portable read/write Linux OS are endless. Have a look here if you would like more info: Installing Puppy Linux on a flash drive. |
|
SUMwarePremium
join:2002-05-21
kudos:2
1 edit | said by tdurbin :
running a Windows app under Linux has great potential. Many of us have been cleaning up Windows infections and problems, using Linux, for years.
Many of us have been running Windows apps under Linux for years.
This is nothing new nor extraordinary. There are several free Linux based 'rescue disks' currently available.
said by munky99999 :
More recently, possibly because of that original article, someone figured out how to get a bit of malware to work properly. It was essentially. You have to login as root. You have to execute wine and everything under wine. You have to break the malware out of the wine jail of ~/.wine In addition the user would need to explicitly instruct Wine to specifically execute a Windows executable, as Linux natively cannot, and will not, do so.
said by munky99999 :
there are many options for native linux anti-virus Not really. Most Linux distros (if not all) do not install an anti-virus (ClamAV) by default as there is no need. 3rd party AV offerings for Linux are irrelevant. |
|
| reply to tdurbin
said by tdurbin:munky99999 and KodiacZiller, Your both right in your statement that there are native AV apps for Linux, but these scanners were built for Linux, not Windows, and are lacking in their detection methods. Malwarebytes' is an application that will scan files, the Windows Registry, and perform heuristics, even while running under Linux and Wine. The fact of the matter is that this procedure can be used to essentially resurrect a dead Windows box... My first response got deleted by the mods for some reason, even though I only said that your observation was not news to most people here (I said the same thing SUMware said above).
At any rate, there is nothing to add -- SUMware said it well. Cleaning up Windows boxes using Linux is not news to (most) of us here. |
|
 MxxCon
join:1999-11-19
Brooklyn, NY | reply to tdurbin
we need a legal alternative to what Hiren's BootCD offers.
it's a ~100mb iso file full of (pirated) applications for all kinds of computer troubleshooting. but in addition to that, it also has a minimal live windows xp image with a bunch of updatable antivirus apps. they update virus definitions to ram drive.
i think solution like this can be more compatible with various antivirus/malware applications, rather than trying to get wine to work with whatever crazy methods antivirus programs use to scan.
--
Check out my awesome city of MxxTopia »mxxtopia.myminicity.com/ind or »mxxtopia.myminicity.com (the more people visit, the bigger it is) |
|
tdurbin
join:2010-01-10
Merrillville, IN | KodiacZiller, I completely agree, as this is what I have been doing as well... it's just that I have never seen a working solution between Malwarebytes' and Wine... hence the reason for my post.
MxxCon, That's the kicker... "legal". While Wine has made leaps and bounds, it's not the greatest solution. But in this case, it worked as I was hoping and got the job done with flying colors. |
|
| reply to MxxCon
A good alternative that I haven't seen mentioned is Windows Utlimate Boot CD (»www.ubcd4win.com/)
It is loaded with tons of freeware and shareware apps, no illegal software. It can be modified with your own custom software. It's my primary tool for disinfecting and troubleshooting.
Hats off to Ben Burrows!
\ Mike Teeples / - SLC, Utah |
|
tdurbin
join:2010-01-10
Merrillville, IN | reply to mteeples
Re: Linux and Malwarebytes mteeples, If I remember correctly, ubcd4win is based on BartPE, which is an excellent, highly customizable Preinstall Environment builder for Windows. Actually, I still have a copy from a project dated 2006. Problem is... I don't believe there will be a portable version of Malwarebytes', there have been attempts, but nothing I could ever get to work properly. This is the reason I posted, as Malwarebytes' seems to do what other malware scanners cannot.
Regards,
Ted |
|
