Malware on Wine review
scott at open-vote.org
Wed Feb 25 14:17:44 CST 2009
Chris Robinson wrote:
> On Tuesday 24 February 2009 8:57:23 pm Scott Ritchie wrote:
>> Worse, you could actively irritate them - suppose they do double click
>> and you DONT offer the ability to open it, but instead instruct them to
>> go through that annoying procedure.
> It's hardly annoying as it takes all of two seconds (or less). It's part of
> normal system operation that the user will already have to deal with outside
> of Wine. And at least they'll know that it's something that is going to be
> executing, instead of simply opened/read. Trading safety for user convenience
> like that is a bad habit to pick up.
It takes about 2 seconds once you've learned how to do this, but this is
hardly an easily discoverable task.
Regardless, when a user says "open the program" twice in a row - by
clicking on it and then clicking "run this program" on the associated
dialog box, I think it best we got out of their way rather than assume
they actually meant "no, don't run it until I make 4 more clicks on a
different tab in the preferences dialog."
>>> Not necessarily. Along with the .desktop trojan, the blog I read also
>>> showed how to override system menu entries (by placing a replacement in
>>> the local folder which will override the system one). So the link you
>>> clicked on may not be what you intended..
>> But in order to do that a malicious script has to already be running!
>> Such a system is already owned.
> True enough, I suppose. It just seems unnecessary to me to special-case it
> since a program installed via Wine (that would have created such a menu entry)
> is already marked as +x. What kind of scenario would there be for a user to
> have a menu entry and the program its pointing to to unknowingly be -x?
Does Wine do this in all cases (mark installed executables as +x)?
More information about the wine-devel