Wine Security Disclosure

Rolf Kalbermatter r.kalbermatter at hccnet.nl
Sun Mar 16 04:05:41 CDT 2008 

Dmitry Timoshkov [mailto:dmitry at codeweavers.com] wrote:

> > This level of security info is something everyone should have easy 
> > access to and know before starting Wine. Of course, wherever I'm not 
> > accurate, feel free to fill in!
> 
> There is nothing special about Wine that doesn't apply to 
> common unix/linux/windows security practices.

This is correct but with Wine 1.0 approaching you are now targetting an
audience that knows often nothing about Unix/Linux other than it's
mythological lack of sensitivity to viri. That this lack is more a question
of a lack of a common and standardizid target due to it's lower market
penetration in end user systems and many flavors and user specific setups
is beyond them. Wine now offers almost the same attack target as does
Windows due to its already good and still improving compatibility with it.

So although you obviously don't like it, maybe because you do not want to
shy away new potential users, a warning somewhere with a description is
definitly not the wrong thing to do. But I do feel the original poster
used still a to much unix language for the upcoming average Wine users.

There definitely still exists that picture that Linux is much more secure
no matter how bad you treat it and that is simply not true and an upcoming
user should be educated about that. It should be made clear in my opinion
that Wine is not meant and can't be used to run Windows applications
whithout observing exactly the same care and security as you would need
on Windows.

You won't be able to avoid the bad publicity about people messing up their
system under Wine but at least you can say that this was known and
documented
and Wine isn't a magical bulletproof security solution that allows users
to download every single Warez application that is out there without risking
more or less the same problems as you would get under Windows. And once Wine
has gotten the wide spread use we would all like to see, the next step to
Wine aware viri and such is not that big, believe me.

Rolf Kalbermatter

More information about the wine-devel mailing list