[Wine] Help with Wine and running exe w/ possible malware?

Mon Jan 23 02:27:18 CST 2012

> Other people have told me that it would affect your wine prefix located
> normally inside ~/.wine and that any program running inside a wine prefix has
> only access to the virtual bottle in that .wine prefix folder in your home
> and nothing else. They are close inside that bottle.
> Is this true?

	No. Everything you run in Wine will have as much rights as your user. You 
can minimize probability of getting infected by removing z:, but this does not 
guarantee safety: anything you run in Wine still will be able to read or harm 
your files outside of drive_c (if your user is allowed to read/write to them). 
Wine is not a "sandbox" or isolated virtual machine.

> how would I create a secure environment to run this program?

	Create another user. Make sure this user does not have any write 
permissions outside home directory and cannot read any of your private files 
and folders. Run anything you want in Wine as this user. Never use files from 
this user as any other user without checking files for possible "infection" 
first. But this is not 100% secure, especially if you do not have specific 
experience to setup everything as necessary for maximum security. You can get 
better safety by using chroot for this user. But even then there is possibility 
for some security hole(s), especially if you setup something improperly (for 
example, if you share your files in local network without password protection 
even this limited user will have permission to read or, if you allowed this, to 
write to your files).

	Or, use VirtualBox http://virtualbox.org and create isolated virtual 
machine. Again, you have to assume every file in it as infected, and again this 
may be not 100% secure if you make a mistake in configuration.

	Also, you need to remember that any virus-protection software can be wrong. 
For example, such a software can tell you that there is virus or trojan when 
there is none or vice versa (this is why you need to assume for maximum safety 
that everything that can be infected is infected after running untrusted 
application or allowing untrusted user to access some writable files).

	Of course, in most cases just removing z: is enough, but if you do this and 
run untrusted programs like that you have to accept possibility of losing some 
or all your important files and/or get corrupted backups because some 
virus/trojan ruined your file(s) silently and you did not notice before doing a 
backup.