Wine Security Disclosure
James McKenzie
jjmckenzie51 at sprintpcs.com
Sun Mar 16 20:01:58 CDT 2008
Dmitry Timoshkov wrote:
> "Dan Kegel" <dank at kegel.com> wrote:
>
>
>>> What's so special about Wine that doesn't apply to say VMWare,
>>> Parallels, Win4Lin, DOSBox, and others?
>>>
>> With vmware, parallels, and win4lin, you can actually
>> run commercial virus scanners inside those environments,
>>
>
> Is it really necessary to require running a virus scanner from
> inside of Wine?
>
>
No, but files should be scanned on Linux/UNIX/MacOSX using a virus
scanner like ClamAV. There even is a front end for the Mac.
>> and everybody knows that one should do that if one
>> cares about viruses.
>>
>
> Same sentence applies to Wine I'd assume.
>
>
Viruses depend on the environment. The more APIs that are built, the
more likely a virus will be able to run in Wine.
>
> It's still possible to run a native virus scanner outside of Wine.
> Wine is just a part of underlying system, not a separate environment.
>
>
See my comment above. Linux users have to become aware that Wine will
make their systems vulnerable to Windows Viruses as well as running
Windows Code.
>> and
>> (worst of all) everybody assumes Linux is impervious to viruses.
>>
>
> I already answered to this one.
>
>
Macs are not impervious to viruses, it just is not popular enough and
the 'hoops' you have to go through to run a virus are major. However,
adding Wine does make Macs vulnerable to Windows viruses (at least some
of them).
>>> Probably yes, we could extend the FAQ section about
>>> security, but that's almost everything we can do.
>>>
>> I pointed out several other things we could do.
>> Another one is we could make the wine package list clamav
>> as a dependency.
>>
>> Denying there's a problem, or that we can do anything about it,
>> might lead to a large number of unhappy users.
>>
>
> Nobody denies that there is a problem, the thing is that personally
> I don't see why that problem is Wine specific.
>
>
The problem is that adding Wine to Linux/UNIX/MacOSX opens the system to
Windows vulnerabilities unless they are blocked. If we attempt to do
this, the project may suffer. So the other alternative is to make Wine
users aware that adding this product to their systems may increase the
likelyhood they may become infected if they do not practice good
computer security habits, like using virus scanners to prevent
introduction of viruses to their systems. Even I as a Mac user practice
good computer security, and that is because I got burned with a DOS
virus on OS/2.
+1 to adding Virus warnings on the Wine FAQ.
James McKenzie
More information about the wine-devel
mailing list