WowME for Linux - It's Back!

[L'Lawliet]

1. no it will not work.
2. yes you can with wine,crossover, cedega.

[nikomo]

NO NEED TO SCAN SINCE LINUX CANT GET VIRUSES

WRONG

There's a bug on GNOME and KDE that allows you to make a script that copies a program anywhere within /home, then the script makes a launcher for it on the desktop. Launchers will launch programs even if they don't have the execute bits, which is a bug in GNOME and KDE currently.
After that, you have complete control over the user.
You can then use that and make it so that when a package manager launches and you type in your superuser-account's info, you actually first execute a program as superuser and then the package manager.

[L'Lawliet]

si, but then again, who would install such a script...

[Cypher]

si, but then again, who would install such a script...

Who would "install" a virus on Windows?

Yes Linux is a more secure base operating system, but a properly configured Windows box is pretty ****en rock solid. I have not been infected with a single piece of malware since buying my own PC years ago (previously the family PC got malware because of my sibling and parents).

The weakest link is ALWAYS the user. It's not about "who would install such a script". Most people aren't very computer savvy, and 99.99% of malware infections basically come from "stupidity".

Linux is not invulnerable to malware, its userbase just tends to be of a higher level of computer knowledge on average, and also, its nowhere near as big a target as Windows. Windows holds the majority of the consumer market, and of the consumer market Windows holds pretty much 100% of the computer illiterate users.

It doesn't take a genius to figure out that Windows is the more profitable target in our age of botnets and spam.

[suicidity]

One day.. when I am bothered enough; I will screw Mac users over so hard.

[Lenn]

Ha very nice one, thanks

[nikomo]

si, but then again, who would install such a script...

Oh you don't have to, the e-mail client in Ubuntu which is called Ubuntu, will launch a Python script when you just double-click it.

[Xarg0]

Who would "install" a virus on Windows?

Yes Linux is a more secure base operating system, but a properly configured Windows box is pretty ****en rock solid. I have not been infected with a single piece of malware since buying my own PC years ago (previously the family PC got malware because of my sibling and parents).

The weakest link is ALWAYS the user. It's not about "who would install such a script". Most people aren't very computer savvy, and 99.99% of malware infections basically come from "stupidity".

Linux is not invulnerable to malware, its userbase just tends to be of a higher level of computer knowledge on average, and also, its nowhere near as big a target as Windows. Windows holds the majority of the consumer market, and of the consumer market Windows holds pretty much 100% of the computer illiterate users.

It doesn't take a genius to figure out that Windows is the more profitable target in our age of botnets and spam.

Sorry but your wrong about the 99% part, infact most infections happen because of secourity holes in AktiveX, Flash and the like, you can't realy say it's the users fault if they're getting infected without installing a thing.
Even if you've got a good AV software you might get infected with something by just surfing around the web, ofcourse it's more unlikely if you tun of AktiveX and such and keep every pice of software up to date at all time, but I wouldn't call those infections users fault.

[Cypher]

Sorry but your wrong about the 99% part, infact most infections happen because of secourity holes in AktiveX, Flash and the like, you can't realy say it's the users fault if they're getting infected without installing a thing.
Even if you've got a good AV software you might get infected with something by just surfing around the web, ofcourse it's more unlikely if you tun of AktiveX and such and keep every pice of software up to date at all time, but I wouldn't call those infections users fault.

Bzzzzt. Wrong. You do realize you can lock down your PC so stuff like that doesn't happen in pretty much all 'normal' cases. Right?

Get x64. Enable forced hardware DEP, enable ASLR, disable javascript, etc etc. Through just taking common precautions you can neuter 99% of 0-day exploits.

For example, the most recent IE 0-day that I managed to catch in the wild was using a javascript heap spray for its payload.

No javascript? No exploit.

Lets say you enable javascript though (which I did to test).

Tried again. Hard-crash of IE because of ASLR.

Now, lets say you don't have ASLR.

Tried again on an x86 box with DEP enabled (couldn't work out how to force off ASLR on the browser). Crash again.

Run any internet-facing software that is of high-risk in a VM that resets state on every reboot and you're pretty much never gonna get infected.

That, or you can just run software which hooks any potentially malicious APIs and allows you to make decisions on whether to allow or deny that specific behaviour. Should IE8 be launching software, creating services, injecting DLLs, etc etc? No? Then deny it.

Its quite easy with a bit of common sense to defang most 0-day exploits without actually doing anything. DEP and ASLR have done the trick on their own for me in all the cases I could catch (plus I run on Server 2008 so often Vista shellcode won't work on my machine).

Besides, most of the major malware infections don't even come from 0-days, they come months after the exploit is patched. *cough* Conficker *cough*. People who don't patch their machines are just asking to be hit either way.

Browsers are the biggest attack vector, because with a decent hardware firewall (i.e. a router) you're very unlikely to get hit with some random OS vulnerability (assuming you secure your box and router correctly). So just lock down your browser and disable things like flash/javasript/etc except for low risk scripts and you're not gonna get infected.

Frankly, if a hacker is determined enough to bypass NoScript, ASLR, and DEP they deserve to get in, because bypassing the latter two is insanely hard. (Obviously the former isn't gonna do shit against CSS exploits or the likes)

P.S. ActiveX? WTF? Anyone running with ActiveX enabled deserves to be infected. And not with a computer virus, with AIDS.

[Xarg0]

Well, does Microsoft ship a Manual with their operation system that explains how to work with the interwebz safely? No they don't.
And how should normal users find out about these security tricks without browsing the interwebz and getting infected :-)?

[Cypher]

Does Linux? No they don't.

Linux still gets hit by browser exploits, Linux still gets hit by software exploits. So please, where is the difference?

The fact of the matter is, even if you don't lock down a Windows box super-hard you can just run everything as a standard user and escalate only selected things to administrator mode. (i.e. The recommended mode for Vista and onwards).

How is that different to Linux in terms of user-security model? Either way you can get hit with a software exploit, and either way they can do the same amount of damage (wiping out My Documents or your Home directory, killing config info, etc).

Don't get me wrong, nothing against Linux (I use it on my servers), but it seems your argument is based on the fact that Linux is somehow impervious to malware and exploits (which it isn't).

P.S. Macs suck.

[elinventor]

Damn linux...

[Xarg0]

Does Linux? No they don't.

Linux still gets hit by browser exploits, Linux still gets hit by software exploits. So please, where is the difference?

The fact of the matter is, even if you don't lock down a Windows box super-hard you can just run everything as a standard user and escalate only selected things to administrator mode. (i.e. The recommended mode for Vista and onwards).

How is that different to Linux in terms of user-security model? Either way you can get hit with a software exploit, and either way they can do the same amount of damage (wiping out My Documents or your Home directory, killing config info, etc).

Don't get me wrong, nothing against Linux (I use it on my servers), but it seems your argument is based on the fact that Linux is somehow impervious to malware and exploits (which it isn't).

P.S. Macs suck.

I'd never claim that Linux is impervious to malware xD
And infact OpenSuse comes with a very good hand book that explains how to use it correct and safe.

Yet Linux is somewhat safer that Windows while surfing throught the web, mainly because Linux maleware is pretty rare and it's sometimes diffcult to target different distributions, it's very unlikly that you're going to find an exploit to gain superuser privileges that works on all Linux distritbutions.
Another reason is that Linux security updates are more frequently than Windows ones, so it's more unlikely that a security hole will be exploited before a patch and there are way more Linux Versions than Windows Versions including the service packs.

And I didn't post to say Linux is sooo much better that Windows, that was never my intetion, I just wanted to clearify that getting infected with maleware is not 99% of the time the users fault.

[Cypher]

"Mainly because Linux [malware] is pretty rare" <-- Right, as I said, Windows is a target because it holds 99.99% of the consumer market.
"It's sometimes difficult to target different distributions" <-- I could say the same about Windows if I replace 'distributions' with 'versions'. Shellcode often crashes and burns across different Windows versions.
"Way more Linux versions than Windows versions" <-- Why does that matter in the slightest? Except for pissing people off who care about software compatibility (one thing where Windows is leaps and bounds ahead of both the *nix and the Mac worlds).
"Linux security updates are more frequently than Windows ones, so it's more unlikely that a security hole will be exploited before a patch" <-- More bugs are found and fixed preemptively so that means you're less likely to be able to exploit the bugs? You don't get it. Conflicker started infection a MONTH after a patch for the exploit it uses was released. That means people don't patch their machines. That's a USER problem. So it doesn't matter how many patches you release, if users don't apply them it's a moot point. That was my point all along, at the end of the day the user is the weakest link.

P.S. 'Linux' != OpenSuSE. Unless all distros come with said 'hand book' you can't really claim it as a blanket fact.

[argh44z]

oh no, its why i am saying you still need wowme.exe. this is a script which simply makes it work for linux. took a while to make, yet it works.

I might be missing something, but it took you "a while" to make a two line shell script that 1). changes directories to the WoW directory 2). runs wine on the wowme executable. What?