I think the greater danger is from dual booting windows & linux (with or
without wubi). An infected windows machine could write malware directly
to the unbooted linux partition. This would be both an easier way of
spreading an infection and more effective since *any* windows/linux
system would be vulnerable to it - not just those that were installed
via wubi.
In fact, even the generic dual boot vulnerability seems like a pretty
convoluted way to spread malware. Once you have control of a windows
machine, the thing to do would be to *use* that windows machine to carry
out your evil plot - not try to infect an unused linux partition in the
hope that it might someday be booted. The windows -> wubi -> linux risk
seems even lower.
Once the wubi install process is complete you *do* end up with a linux
system that, at a low level, piggybacks off of the windows boot system
to work. It bothers me too but just as a matter of principle - not for
security reasons.
- Dave
Allen Brown wrote:
Just wait until somebody comes up with a Windoze worm that targets
Wubi. Then whenever you boot Wubi you get the infection.
Hmm. I suppose that's not very likely. But I'm still nervous about
entering a "secure" system by way of an insecure system. It just
seems wrong.
_______________________________________________
EUGLUG mailing list
[email protected]
http://www.euglug.org/mailman/listinfo/euglug
