wineboot: Start items in StartUp folder on boot, includes
mk144210 at bcm.tmc.edu
Mon Feb 12 08:18:15 CST 2007
On Sun, 2007-02-11 at 23:49 -0600, John Smith wrote:
> What prevents malicious programs from writing this registry key on
> their own?
> On 2/11/07, Chris Robinson <chris.kcat at gmail.com> wrote:
> On Sunday 11 February 2007 06:49:58 pm richardvoigt at gmail.com
> > This sounds almost perfect.
> What would stop the program from adding the registry key
> itself when placing
> the item in the startup folder, or wherever else?
> > I think the counterpoint raised by James
> > Hawkins would be adequately addressed by adding a winecfg
> option as
> > follows:
> Sounds like it's just asking if it should ask.
> I'm not really sure what you could do as a user that a program
> couldn't just
> override and do itself. Besides, users might not know whether
> what's being
> installed into an auto-start key/folder is necessary, deny it
> for "safety
> concerns", and have a broken installation.
Yes, I will admit a program can just write this registry key and have
itself run. My assumption is that most malware is currently written for
Windows and not specifically for Wine, and thus such programs generally
would not have any reason to write such a key. I think if malware really
wanted to run _specifically_ on Wine it would be pretty easy to do with
or without my patch, for example, overwrite a key system DLL and then
just set the appropriate registry key so Wine uses the "native DLL" that
the malware program has put. I think the "security" of my patch is based
on the fact that most malware programs are written for Windows and I
think if we start seeing Wine-specific malware we are going to have to
develop a lot more security in a lot of places.
More information about the wine-devel