wineboot: Start items in StartUp folder on boot, includes security measures.

[James Hawkins]

On 2/11/07, Misha Koshelev <mk144210 at bcm.tmc.edu> wrote:
> Ok, thanks to everybody's responses on the wine-devel list. Here is my
> new version of this patch. It starts the items in the StartUp folder
> like Windows does (again, if anybody who knows about IShellFolder will
> look over my code that would be great :) I tested it and it works for
> the Vector NTI installer, but I would really like to have an expert's
> opinion on whether it is missing osmething). There were a lot of
> comments on wine-devel about malware using this system to start itself
> so here is what I added:
>
> - When wineboot finds a file that it wants to start in the StartUp
> folder, it asks the user whether he wants to run the program. His
> options are: Always, Yes, No (default), and Never.
> - If he selects Yes the program is run, if he select No it is not.
> - If he selects Always or Never, I create a registry key in:
> HKEY_CURRENT_USER\Software\Wine\StartupItems with the full pathname
> of the program and the value "always" or "never." When wineboot sees
> this program in the StartUp folder it checks this key, and if it is
> set it performs the appropriate action.
>
> To me it seems like this would be enough to prevent malware from using
> this system because the user could just click no or never. Also, someone
> pointed out that wineboot already runs quite a lot of other RUN registry
> keys that can be used for malware, and currently there is no system for
> these keys like the one I made for startup. Any comments will be
> appreciated. Thanks.
>

These anti-malware changes are unnecessary.  We implement Wine to be
bug-for-bug compatible with Windows.  Windows doesn't ask this
question, and Wine shouldn't either.  It's not our policy to not
implement portions of Windows that make it easier for malware to run.

-- 
James Hawkins