Malware on Wine review
Ben Klein
shacklein at gmail.com
Tue Feb 24 01:59:38 CST 2009
2009/2/24 Damjan Jovanovic <damjan.jov at gmail.com>:
> It generates an association from a file extension, to open with the
> handler for its ProgID currently in the registry.
>
> So it allows .txt to open with Notepad and .dev to open with Dev-C++.
> It does not make Wine open a new .exe by default - at least, that was
> not the intention.
This reminds me of something. On some (all? at least, all with
registry?) versions of Windows, when the user double-clicks a .exe,
.com, .bat etc, Windows looks up the handler for that filetype in the
registry. Some malware (and potentially some virus scanners too)
replace the .exe, .dll, .com etc handlers with a rundll32 call that
pre-processes the executable.
Now, I'm pretty sure Wine doesn't do this. Someone correct me if I'm
wrong. In terms of bug-for-bug compatibility, it should, but I think
in this case it would be safe to diverge from bug-for-bug :)
More information about the wine-devel
mailing list