Solved - viruses

Me again.

I’ve been wondering about the following scenario.

One PC. Dual boot (Linux + XP, where XP is never allowed online).

Is it even thinkable that a windows virus could sneak in via Linux (where obviously it couldn’t run), find the windows files on the same hard drive, and execute when XP is booted?

Or would Linux disable the execute bit and ask for permission to run? And even if it did, and was denied permission, would the file remain on the drive and run happily under XP next time it was booted?

M

Linux is unlikely to have permission to mount the Windows partition … so even Linux cannot write to it without asking your permission.

add to that the fact that to write to the Windows partition the virus would need to be able to execute in Linux then tell Linux to do the writing … and that if it came to Linux from the web it will have its execute bit disabled (or be contained in a non executable archive)…

Think about it :wink:

Thanks Mark.

Please humour me a bit longer - I’m an old applications programmer, but pretty new to Linux and also not techie enough to understand the nuts and bolts of the kernel (yet).

When I boot into Ubuntu, I see a volume labelled ‘52 GB volume’, which is in fact the volume containing Windows. I assumed that meant it was mounted. In Ubuntu, I can navigate around it without further ado and see the Windows files, including all the registry ones. My worry is that if I can see them, so might a Windows virus, and even though it can’t run under Linux, it might just languish on the drive until one day I boot directly into XP. Then, Bingo! It’s virus time. Every dog has his day, etc.

The (Windows)virus would not be able to self propagate onto the Windows partitions. It would have to be able to run under linux first, which it cannot.
The only way (IMHO) to get it there is for YOU to put it there. See the problem?

Yeah the question really is “how does it get from Linux to the Windows partition ?”

it would either need:-

a) Linux to move it there … Linux isn’t going to move any files to the Windows partition for no reason and without your knowledge

b) You to move it there manually … Linux aint gonna protect you from this :wink:

c) Somehow the file manages to execute in Linux and requests the Linux kernel move the file … this isn’t going to happen for multiple reasons.


The other side of the coin is that Windows can’t read a Linux partition, so it’s no good it hanging around on the Linux partition and hoping Windows will execute it.


The Windows partition may be visible in the left hand column of yourr file manager, but it’s not normally mounted until you manually click on it (or automount it via fstab)

OK. I feel a bit less paranoid now.

I had thought that since I could see the 52 GB Volume, that meant it was mounted.

I suppose an incoming virus just lands on whichever partition the OS happens to be running on and is stuck there unless it’s able to execute and look around, so I see the point you’re both making. Thanks.

Marking this solved now.

I’ve wondered about the reverse of this scenario - within Windows, if you picked up a nasty randsomware virus, could/would it encrypt the Linux partitions too? My gut say no, because Windows couldn’t mount the Linux filesystems, is that correct?

Windows can’t read or write to Linux partitions (without third party software being installed), so it’s not going to encrypt any data on them then hold that data for ransom … but theoretically it could destroy/remove/format the Linux partitions. or remove them from the drive map making them hard to recover.

As far as I know, there currently hasn’t been anything that does this … but I suppose it’s possible, but that’s a Windows security issue not a Linux one.