Wine Security Disclosure

Dmitry Timoshkov dmitry at
Sun Mar 16 10:57:47 CDT 2008

"Dan Kegel" <dank at> wrote:

>>  What's so special about Wine that doesn't apply to say VMWare,
>>  Parallels, Win4Lin, DOSBox, and others?
> With vmware, parallels, and win4lin, you can actually
> run commercial virus scanners inside those environments,

Is it really necessary to require running a virus scanner from
inside of Wine?

> and everybody knows that one should do that if one
> cares about viruses.

Same sentence applies to Wine I'd assume.

> With DOSBox, well, the target market for that tool is so small
> compared to Wine it doesn't matter, they're mostly technical users,
> and there isn't much ms-dos malware being written these days.

There are thousands of existing DOS viruses, it doesn't matter that
nobody writes new ones anymore, there are plenty of them already.

> So Wine really is different; you can't run commercial virus
> scanners in it,

It's still possible to run a native virus scanner outside of Wine.
Wine is just a part of underlying system, not a separate environment.

> it's for users who aren't technical enough to
> be able to find an antivirus solution on their own,

That's not different from other environments providing DOS/Windows

> and
> (worst of all) everybody assumes Linux is impervious to viruses.

I already answered to this one.

>> Probably yes, we could extend  the FAQ section about
>> security, but that's almost everything we can do.
> I pointed out several other things we could do.
> Another one is we could make the wine package list clamav
> as a dependency.
> Denying there's a problem, or that we can do anything about it,
> might lead to a large number of unhappy users.

Nobody denies that there is a problem, the thing is that personally
I don't see why that problem is Wine specific.


More information about the wine-devel mailing list