Malware on Wine review

[Chris Robinson]

On Tuesday 24 February 2009 8:57:23 pm Scott Ritchie wrote:
> It would also make it completely unusable.  Remember, all downloaded
> executables (even intentionally downloaded ones) will be -x by default.
>  Do you really expect users to go right
> click->properties->permissions->allow execution?  Or will they just
> conclude that it doesn't work.

I would expect them to mark it executable. That's how most Unix systems work. 
A Linux-native executable/script would need to be set as executable by the 
user all the same.

> Worse, you could actively irritate them - suppose they do double click
> and you DONT offer the ability to open it, but instead instruct them to
> go through that annoying procedure.

It's hardly annoying as it takes all of two seconds (or less). It's part of 
normal system operation that the user will already have to deal with outside 
of Wine. And at least they'll know that it's something that is going to be 
executing, instead of simply opened/read. Trading safety for user convenience 
like that is a bad habit to pick up.

> > Not necessarily. Along with the .desktop trojan, the blog I read also
> > showed how to override system menu entries (by placing a replacement in
> > the local folder which will override the system one). So the link you
> > clicked on may not be what you intended..
>
> But in order to do that a malicious script has to already be running!
> Such a system is already owned.

True enough, I suppose. It just seems unnecessary to me to special-case it 
since a program installed via Wine (that would have created such a menu entry) 
is already marked as +x. What kind of scenario would there be for a user to 
have a menu entry and the program its pointing to to unknowingly be -x?