Wine Security Disclosure
epssyis at gmail.com
Sat Mar 15 07:18:53 CDT 2008
> However, it is true that we should tell users that Wine is
> able to run many Windows malware, and that they
> should be just as careful running Windows software
> with Wine as they would running it with Windows.
> We should also show how to install the standard
> Linux virus checkers.
> - Dan
That thread got very nasty very quickly starting with dmitry's
comments and getting almost flameful from contributors after that.
Though after continuing testing out malware and known spyware
infecting applications, since I had the environment already setup, my
opinion of this issue has gone from neutral to very strongly in favor
of documenting cases where malware/(and dangerous) spyware cross over.
A solution I think would be to tag the applications that fall in to
this group with a strong warning in appdb.
A good example I found was the first version of iMesh that included
spyware (released in 02) that runs and almost seamlessly installs and
runs spyware bundled with it. While not up to date I feel the better
bug for bug support that wine obtains with windows the more smaller
(and in some cases bigger) software solutions it will run, introducing
more bundled vectors - imagine when that purple ape runs under wine!
While I take the comment that it is misguided to catalog issues with
virus that work maybe valid I cannot see how ignoring software
uneducated windows users consider to be legitimate but still contain
spyware/malware can be any less misguided. People will try and run
these applications and then blame the wine project when they cause
issues with their systems in the same way they do when they load them
Since there is no source available the windows environment binaries
(normally) are far more prone to having malicious software included in
legitimate software and there is no escaping that.
More information about the wine-devel