Being able to run a Linux distro on top of Windows 10 has always been the dream of many developers. A dream that, some versions of Windows ago, has become a reality. Thanks to the Windows Subsystem for Linux, also known as WSL, it is possible to install and run a distro using Hyper-V so that we can have a terminal, and all the Linux programs, directly from Windows. Microsoft has done a great job developing this technology that, until recently, seemed unimaginable. However, it seems that the company has forgotten to think about something very important: WSL security.
Windows 10 comes with Windows Defender , its own security suite, by default. This program provides us with antivirus protection and a firewall that is in charge of controlling all traffic, blocking dangerous traffic and allowing us to create custom rules to allow or block certain connections.
Mullvad VPN is a company that offers secure VPN connections to all users who need them. The software of this company is characterized by having a function called ” Always require VPN ” that creates a series of rules in this Windows firewall so that, if we are not connected to the VPN, all traffic generated by the computer is blocked. . Everything except the traffic that is generated through the Windows Subsystem for Linux. And this opens the door to a host of new cyber attacks in which this Windows firewall can be completely circumvented.
With the Windows Subsystem for Linux 2 you must use iptables
The first version of the Windows Subsystem for Linux used a Kernel customized by Microsoft itself to be able to run from Windows 10. What this Kernel did was translate most of the functions and commands into Windows instructions, so, in the end, everything passed through the Windows NT kernel . Including network traffic. Therefore, the Firewall could control it.
WSL 2 eliminated this limitation, and now Windows 10 includes a real and complete Linux kernel . This kernel sends the traffic through a virtual network card to the physical network card of the PC. Therefore, all traffic bypasses the firewall settings and can both send and receive packets without restrictions.
Although it may seem like a security issue, this is actually something that was probably done on purpose. WSL 2 is designed to be able to run all kinds of services and mount our own servers. having an external firewall controlling the traffic could cause problems and would imply a much more complicated configuration. In this way, Windows separates its Linux subsystem from the firewall, and thanks to its real Kernel, it allows us to control traffic through Linux’s own firewall: iptables.
Linux could compromise Windows
Although it would be complicated, and security experts have not begun to worry so far, if hackers start to take advantage of this weakness, this could start to be a problem. It would be difficult for them to be able to attack Windows through WSL, but they could access the PC resources through the subsystem without going through the firewall. And even copy malware to any of the shared paths that can be run later from Windows 10.
At the moment, Microsoft has not made any statements about this alleged weakness in its subsystem. It may be due to a mistake that can be solved with a simple update, or we may not see a solution. Either way, we must be attentive to possible problems that may arise from this.
