I fear from viruses or spyware that may work by running Wine.
It’s known that Wine creates a directory named “.wine”. Are the applications (that run in Wine) can read any files above that directory?
I came up to the following conclusions from that thread:
A virus that runs via Wine can infect the /usr and home (/home/username) directory.
(Though it shouldn’t infect /usr without root permissions)
Solutions:
Just run wine as an underprivileged user that only has read and write access to ~/.wine ( I would’t even give it read access to / as it could read and transmit sensitive data ). Windows privilege escalation attacks don’t work in wine ( the emulation isn’t THAT good ) and the virus will think that it has Administrator privileges and access to the entire ( fake ) C: drive anyways, it’s like a chroot jail.
One should create a new user specially for Wine that has access only to ~/.wine directory.
- The user MUST remove the Z:\ drive, that enables access to / (root), by writing “winecfg” in the terminal (which pop-up a window) and going to the Drivers label, thus.
- The user MUST NOT run Wine as root. No even as sudo. But, he MUST install
Wine as root, obviously.
A very recommended reading material:
Do you agree with me? (I ask this to be sure of what that I wrote)
Actually I do not really know, since I have almost no experience in using Wine at all. I suppose the best way to avoid virus-infections is to install only .exes from trustable sources.
On Mon, 24 May 2010 10:36:01 +0000, gropiuskalle wrote:
> Actually I do not really know, since I have almost no experience in
> using Wine at all. I suppose the best way to avoid virus-infections is
> to install only .exes from trustable sources.
Or use Crossover Office, as it launches clamav on the executable before
running it. Not a 100% guarantee, but better than nothing. 
Jim
–
Jim Henderson
openSUSE Forums Administrator
On Sun, 2010-05-23 at 18:26 +0000, d0r wrote:
> I fear from viruses or spyware that may work by running Wine.
>
> It’s known that Wine creates a directory named “.wine”. Are the
> applications (that run in Wine) can read any files above that directory?
>
>
Is it safe? No. Is it as wide open as Windows? No.
A lot, if not MOST, malware (the more serious ones) come in through
services running as a part of the Microsoft platform. So… in that
sense, wine is safer. However, that doesn’t necessarily protect you
from all malware, esp. ones that come in through interaction with an
application (e.g. MSIE, Outlook).
Is there virus protection that runs in Wine? I’m not aware of any that
are designed for Wine specifically and I would think that most
commercial (normal) Windows variants would NOT work… though some
pieces might… like pieces that are designed to protect specific
applications. Obviously, there won’t be support for Wine from them
though, so getting those pieces to work would be risky anyhow.
There were some tests run on Linux.com a few years back. It may be a little outdated, but the risk seems to be minimal.
Thank you people for your reply.
I’m asking if Wine is safe in a sense of damaging my linux system or spying after my unencrypted communication.
Bottom line: If a create a dedicated & restricted Wine user, and activate Windows program via Wine with that user - Would I be safe when I’ll switch to a different user?
d0r wrote:
> Bottom line: If a create a dedicated & restricted Wine user, and
> activate Windows program via Wine with that user - Would I be safe when
> I’ll switch to a different user?
imho: the best thing to do is use Redmond software for all of your
unimportant stuff like games…and NEVER let any Windows accessible
partition hold any financial, personal, business, school and other
important stuff…
keep everything important on the NON-game machine (or, if you MUST
have the game system dual booted with your real system…so be it, but
your ‘good stuff’ is safest when completely separated from the virus
magnet)…
–
DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio
It is, in some cases, possible to get a Virus to run in wine. Here are a couple of interesting articles on this
- Linux.com :: Hands-on testing of the new Linux virus
- *(http://blog.opensourcenerd.com/i-can-haz-virus)
In both cases, from what I can read, the users deliberately ran the .exe files in wine to get the virus installed. The virus was partially crippled in Linux as the wine environment is not a perfect MS-Windows environment. And the virus ability to spread itself to another PC was somewhat debatable.
Still, as wine improves, the likelihood that someone who foolishly runs wine as root can do damage to their system increases. The above URLs provide IMHO another good reason (to the many already existing) why users should NOT run their desktop as root.
But having typed that, there are other security threats to Linux that are far far far more dangerous at this time than MS-Windows virus, and IMHO one should spend one’s time defending against those other security threats to Linux. For example, on a Linux PC things like ensuring port #22 is closed is important, or if ssh access is desired, remap it to another port, or put security measures in place to defend port#22.
Also, Linux users are susceptible to Phishing and other email tricks, just like users of any other Operating System.
There may come a day when Linux users need to worry about Virus, but it is not THIS day.