Results 1 to 10 of 10

Thread: Is Wine safe?

  1. #1

    Default Is Wine safe?

    I fear from viruses or spyware that may work by running Wine.

    It's known that Wine creates a directory named ".wine". Are the applications (that run in Wine) can read any files above that directory?

  2. #2
    Join Date
    Jun 2008
    Location
    Berlin
    Posts
    2,061

    Default Re: Is Wine safe?

    This thread might give you some interesting info on this subject.

  3. #3

    Default Re: Is Wine safe?

    Quote Originally Posted by gropiuskalle View Post
    This thread might give you some interesting info on this subject.
    I came up to the following conclusions from that thread:

    A virus that runs via Wine can infect the /usr and home (/home/username) directory.
    (Though it shouldn't infect /usr without root permissions)

    Solutions:

    1. As n00bWillingToLearn said:
      Just run wine as an underprivileged user that only has read and write access to ~/.wine ( I would't even give it read access to / as it could read and transmit sensitive data ). Windows privilege escalation attacks don't work in wine ( the emulation isn't THAT good ) and the virus will think that it has Administrator privileges and access to the entire ( fake ) C: drive anyways, it's like a chroot jail.
      One should create a new user specially for Wine that has access only to ~/.wine directory.
    2. The user MUST remove the Z:\ drive, that enables access to / (root), by writing "winecfg" in the terminal (which pop-up a window) and going to the Drivers label, thus.
    3. The user MUST NOT run Wine as root. No even as sudo. But, he MUST install Wine as root, obviously.


    A very recommended reading material:

    Do you agree with me? (I ask this to be sure of what that I wrote)

  4. #4
    Join Date
    Jun 2008
    Location
    Berlin
    Posts
    2,061

    Default Re: Is Wine safe?

    Actually I do not really know, since I have almost no experience in using Wine at all. I suppose the best way to avoid virus-infections is to install only .exes from trustable sources.

  5. #5
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,043

    Default Re: Is Wine safe?

    On Mon, 24 May 2010 10:36:01 +0000, gropiuskalle wrote:

    > Actually I do not really know, since I have almost no experience in
    > using Wine at all. I suppose the best way to avoid virus-infections is
    > to install only .exes from trustable sources.


    Or use Crossover Office, as it launches clamav on the executable before
    running it. Not a 100% guarantee, but better than nothing. :-)

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator

  6. #6
    Join Date
    Jun 2008
    Location
    Frisco, TX
    Posts
    1,233

    Default Re: Is Wine safe?

    On Sun, 2010-05-23 at 18:26 +0000, d0r wrote:
    > I fear from viruses or spyware that may work by running Wine.
    >
    > It's known that Wine creates a directory named ".wine". Are the
    > applications (that run in Wine) can read any files above that directory?
    >
    >


    Is it safe? No. Is it as wide open as Windows? No.

    A lot, if not MOST, malware (the more serious ones) come in through
    services running as a part of the Microsoft platform. So.. in that
    sense, wine is safer. However, that doesn't necessarily protect you
    from all malware, esp. ones that come in through interaction with an
    application (e.g. MSIE, Outlook).

    Is there virus protection that runs in Wine? I'm not aware of any that
    are designed for Wine specifically and I would think that most
    commercial (normal) Windows variants would NOT work.... though some
    pieces might... like pieces that are designed to protect specific
    applications. Obviously, there won't be support for Wine from them
    though, so getting those pieces to work would be risky anyhow.



  7. #7
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    1,376

    Default Re: Is Wine safe?

    There were some tests run on Linux.com a few years back. It may be a little outdated, but the risk seems to be minimal.

    Linux.com :: Running Windows viruses with Wine

  8. #8

    Default Re: Is Wine safe?

    Thank you people for your reply.

    I'm asking if Wine is safe in a sense of damaging my linux system or spying after my unencrypted communication.

    Bottom line: If a create a dedicated & restricted Wine user, and activate Windows program via Wine with that user - Would I be safe when I'll switch to a different user?

  9. #9
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: Is Wine safe?

    d0r wrote:
    > Bottom line: If a create a dedicated & restricted Wine user, and
    > activate Windows program via Wine with that user - Would I be safe when
    > I'll switch to a different user?



    imho: the best thing to do is use Redmond software for all of your
    unimportant stuff like games....and NEVER let any Windows accessible
    partition hold any financial, personal, business, school and other
    important stuff..

    keep everything important on the NON-game machine (or, if you MUST
    have the game system dual booted with your real system...so be it, but
    your 'good stuff' is safest when completely separated from the virus
    magnet)..

    --
    DenverD (Linux Counter 282315)
    CAVEAT: http://is.gd/bpoMD
    posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
    2.6.22.19-0.4-default SMP i686
    AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
    CMedia 9761 AC'97 Audio

  10. #10
    Join Date
    Mar 2008
    Location
    Phuket, Thailand
    Posts
    26,517
    Blog Entries
    37

    Default Re: Is Wine safe?

    Quote Originally Posted by d0r View Post
    I fear from viruses or spyware that may work by running Wine.

    It's known that Wine creates a directory named ".wine". Are the applications (that run in Wine) can read any files above that directory?
    It is, in some cases, possible to get a Virus to run in wine. Here are a couple of interesting articles on this In both cases, from what I can read, the users deliberately ran the .exe files in wine to get the virus installed. The virus was partially crippled in Linux as the wine environment is not a perfect MS-Windows environment. And the virus ability to spread itself to another PC was somewhat debatable.

    Still, as wine improves, the likelihood that someone who foolishly runs wine as root can do damage to their system increases. The above URLs provide IMHO another good reason (to the many already existing) why users should NOT run their desktop as root.

    But having typed that, there are other security threats to Linux that are far far far more dangerous at this time than MS-Windows virus, and IMHO one should spend one's time defending against those other security threats to Linux. For example, on a Linux PC things like ensuring port #22 is closed is important, or if ssh access is desired, remap it to another port, or put security measures in place to defend port#22.

    Also, Linux users are susceptible to Phishing and other email tricks, just like users of any other Operating System.

    There may come a day when Linux users need to worry about Virus, but it is not THIS day.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •