Wine Security Disclosure
dmitry at codeweavers.com
Sun Mar 16 10:57:47 CDT 2008
"Dan Kegel" <dank at kegel.com> wrote:
>> What's so special about Wine that doesn't apply to say VMWare,
>> Parallels, Win4Lin, DOSBox, and others?
> With vmware, parallels, and win4lin, you can actually
> run commercial virus scanners inside those environments,
Is it really necessary to require running a virus scanner from
inside of Wine?
> and everybody knows that one should do that if one
> cares about viruses.
Same sentence applies to Wine I'd assume.
> With DOSBox, well, the target market for that tool is so small
> compared to Wine it doesn't matter, they're mostly technical users,
> and there isn't much ms-dos malware being written these days.
There are thousands of existing DOS viruses, it doesn't matter that
nobody writes new ones anymore, there are plenty of them already.
> So Wine really is different; you can't run commercial virus
> scanners in it,
It's still possible to run a native virus scanner outside of Wine.
Wine is just a part of underlying system, not a separate environment.
> it's for users who aren't technical enough to
> be able to find an antivirus solution on their own,
That's not different from other environments providing DOS/Windows
> (worst of all) everybody assumes Linux is impervious to viruses.
I already answered to this one.
>> Probably yes, we could extend the FAQ section about
>> security, but that's almost everything we can do.
> I pointed out several other things we could do.
> Another one is we could make the wine package list clamav
> as a dependency.
> Denying there's a problem, or that we can do anything about it,
> might lead to a large number of unhappy users.
Nobody denies that there is a problem, the thing is that personally
I don't see why that problem is Wine specific.
More information about the wine-devel