1

I have outdated Windows 7 and as such do not want to connect it to the university LAN. I decided to make a Live USB Ubuntu and use it to do my networking tasks. My question is whether is it still possible for the ransomware to attack via the Live Ubuntu and encrypt my Windows partitions? I don't think it should be able to. Am I right?

Rochak Gupta
  • 87
  • 1
  • 10
  • 2
    When you are booting Ubuntu from USB, Windows partition is not loaded. Turned off. Windows in not running. Unless you run the virus via wine and mount windows partition to live Ubuntu, the answer is no - it can't. – Michal Polovka May 13 '17 at 15:27
  • 1
    I also doubt if the virus will check for wine paths! That'd be difficult since ubuntu doesn't mount windows partition with letters – Anwar May 13 '17 at 15:38
  • Thanks for the replies. Also, I have a question. I don't have Service Pack 1 update installed on my Windows 7. Can I install the patch to fix this vulnerability directly or try to install the Service Pack 1 update first? Microsoft says that the patch is for Windows 7 Service Pack 1. Please inform me if this question is inappropriate for askubuntu and I'll ask it on superuser. – Rochak Gupta May 13 '17 at 15:47
  • @Michal, but I'll be accessing my Windows partitions by mounting them. Not via Wine though. – Rochak Gupta May 13 '17 at 15:48
  • 2
    If your Ubuntu USB doesn't cointain Wine, you are safe - virus has no mean to launch – Michal Polovka May 13 '17 at 16:03

2 Answers2

2

Irrespective of the file system you're mounting, the attack of any malware depends on your OS. WannaCry uses exploits in the Windows line of OS and hence is incapable of infecting Linux machines. As for wine, It shouldn't be a problem unless you click on the ransomware executable and run. Giving sudo permissions to wine might be dangerous too.

RecursiveCursive
  • 124
  • 1
  • 10
  • You do not need root permissions to access Windows partition mounted to Ubuntu using the default way. So just “do not open ransomware”. – Melebius May 18 '17 at 11:56
  • 1
    I meant that infected wine programs may run other executables if given sudo. Mounting does not need root access of course. – RecursiveCursive May 18 '17 at 12:43
2

Wannacry does not run on Linux natively. If you were to execute a windows executable via Wine, you could, however, get infected, as most Windows programs seem to run on Linux via Wine and can access files as they could if they ran on Windows. If you execute Windows executables via Wine, you have the same problem as you do when executing it under Windows: Anyone could have written that program and anyone could have messed with it to include malicious functionality.

You do, however, have to install Wine for this to happen, as it's not installed by default.

To make sure it's not installed, open a terminal and enter the command wine --version. If the output contains wine: command not found, for example

No command 'wine' found, did you mean:
 Command 'win' from package 'wily' (universe)
 Command 'wipe' from package 'wipe' (universe)
 Command 'line' from package 'util-linux' (main)
 Command 'twine' from package 'twine' (universe)
 Command 'wing' from package 'wing' (universe)
 Command 'xine' from package 'xine-ui' (universe)
wine: command not found

, then Wine is not installed. If it is installed, the version number is shown on the terminal, for example:

wine-1.6.2

There is no need to install Wine if you don't want to run Windows applications and if you want to avoid malware, you shouldn't.

If you only use software you installed via the official repositories, you can be pretty sure it doesn't have malicious features. If you download stuff from the internet and run it, you can't.

Note that there are differences. For example, if you download Windows malware which needs access rights escalation, it can't get it the same way under Linux as it can under Windows. Furthermore, even when targeting Linux machines, access rights escalation is hard to accomplish as over the past few years, every time something like this was possible, bug fixes were created and shipped very fast, sometimes even before the bug was publicly known.

Unfortunately, ransomware usually doesn't require access rights escalation. This is bad news if you keep your Windows partition mounted.

There has been ransomware which runs natively under Linux but its effects were very minor as it required very special conditions which you won't find on a normal Ubuntu installation on a laptop or desktop computer. It required a server running a specific online shop software.

You should be a lot better off with Linux than with Windows but you unfortunately can't be 100% sure that nothing malicious will happen to your data, even if we haven't seen anything like the Windows ransomware on Linux, yet. Moral of the story: Use Linux, update your system when it offers you to install udpates (preferably change the automatic update check from weekly to daily and check the box to install security updates automatically), and keep backups. You should keep backups anyway because if your hard disk fails, you lose your data anyway. Your hard disk failing seems like a much bigger risk to your data than crypto trojans if you use an up-to-date maintained Linux system (like Ubuntu 16.04).

UTF-8
  • 5,580
  • 10
  • 30
  • 66