I think you have given me more credit for thinking this thru than I deserve. I know almost nothing about Wubi, so I am speculating how it works. In any case I'm now thinking it doesn't much matter how you get into Ubuntu. If you boot into Windoze at any time after the install you can't really be sure your Linux is clean. However the odds of infection are low, at least for now. So perhaps I shouldn't worry about it. -- Allen Brown http://brown.armoredpenguin.com/~abrown/ There is no free lunch. ---Milton Friedman
> Yes, Microsoft Windows, by default has zero write access to anything but > NTFS and FAT. So what? Also, by default, Microsoft Windows has zero > viruses. > > On the other hand, Windows by default does have access to other > partitions and it's not hard to find windows code that is capable of > writing to ext3 format file systems. I'm sure a smart virus writer > would be able to incorporate that code into his virus and make the leap > across partitions and operating systems if he wanted to. If it has not > been done that's because there's not much bang for the buck from the > virus writer's point of view. > > Allen said "Then whenever you boot Wubi you get the infection." This > tells me that the scenario that Allen imagined involved using wubi to > install ubuntu, then picking up a virus while running windows which then > somehow corrupts the boot file installed by wubi.exe in such a way that > it in turn infects your ubuntu system. Not impossible but I still think > it would be easier to directly write to the ext3 filesystem from > windows. The point of my original post was to make a COMPARISON between > the two risks. I still think that the direct danger to a linux system > from a infected windows windows system makes any additional risk due to > having installed via wubi INSIGNIFICANT. > > Maybe Allen had something else in mind . Several other possibilities > occurred to me but in each case I could come up with a similar line of > reasoning. > > If my reasoning is wrong please let me know but, in fact, I didn't > COMPLETELY miss anything. > > - Dave > > p.s. Maybe in the future we can skip the excessive caps. > > > Mr O wrote: >> Except you COMPLETELY missed the fact that Microsoft Windows, by >> default, has ZERO write access to anything but NTFS and FAT. >> >> Now, infected Wubi.EXE, that's different. Many viruses target EXE files >> but a seperate partition is a no-go. >> >> >> --- On Tue, 2/24/09, Dave Compton <[email protected]> wrote: >> >>> From: Dave Compton <[email protected]> >>> Subject: [Eug-lug] Re: Linux Ubuntu Install Tutorial >>> To: "Eugene Unix and Gnu/Linux User Group" <[email protected]> >>> Date: Tuesday, February 24, 2009, 8:37 PM >>> I think the greater danger is from dual booting windows >>> & linux (with or without wubi). An infected windows >>> machine could write malware directly to the unbooted linux >>> partition. This would be both an easier way of spreading an >>> infection and more effective since *any* windows/linux >>> system would be vulnerable to it - not just those that were >>> installed via wubi. >>> >>> In fact, even the generic dual boot vulnerability seems >>> like a pretty convoluted way to spread malware. Once you >>> have control of a windows machine, the thing to do would be >>> to *use* that windows machine to carry out your evil plot - >>> not try to infect an unused linux partition in the hope that >>> it might someday be booted. The windows -> wubi -> >>> linux risk seems even lower. >>> >>> Once the wubi install process is complete you *do* end up >>> with a linux system that, at a low level, piggybacks off of >>> the windows boot system to work. It bothers me too but just >>> as a matter of principle - not for security reasons. >>> >>> - Dave > > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
