Malware on Wine review

[Scott Ritchie]

Chris Robinson wrote:
> On Tuesday 24 February 2009 8:57:23 pm Scott Ritchie wrote:
>> Worse, you could actively irritate them - suppose they do double click
>> and you DONT offer the ability to open it, but instead instruct them to
>> go through that annoying procedure.
> 
> It's hardly annoying as it takes all of two seconds (or less). It's part of 
> normal system operation that the user will already have to deal with outside 
> of Wine. And at least they'll know that it's something that is going to be 
> executing, instead of simply opened/read. Trading safety for user convenience 
> like that is a bad habit to pick up.
> 

It takes about 2 seconds once you've learned how to do this, but this is
hardly an easily discoverable task.

Regardless, when a user says "open the program" twice in a row - by
clicking on it and then clicking "run this program" on the associated
dialog box, I think it best we got out of their way rather than assume
they actually meant "no, don't run it until I make 4 more clicks on a
different tab in the preferences dialog."


>>> Not necessarily. Along with the .desktop trojan, the blog I read also
>>> showed how to override system menu entries (by placing a replacement in
>>> the local folder which will override the system one). So the link you
>>> clicked on may not be what you intended..
>> But in order to do that a malicious script has to already be running!
>> Such a system is already owned.
> 
> True enough, I suppose. It just seems unnecessary to me to special-case it 
> since a program installed via Wine (that would have created such a menu entry) 
> is already marked as +x. What kind of scenario would there be for a user to 
> have a menu entry and the program its pointing to to unknowingly be -x?

Does Wine do this in all cases (mark installed executables as +x)?


Thanks,
Scott Ritchie