Malware on Wine review
Damjan Jovanovic
damjan.jov at gmail.com
Tue Feb 24 08:03:09 CST 2009
On Tue, Feb 24, 2009 at 9:59 AM, Ben Klein <shacklein at gmail.com> wrote:
> 2009/2/24 Damjan Jovanovic <damjan.jov at gmail.com>:
>> It generates an association from a file extension, to open with the
>> handler for its ProgID currently in the registry.
>>
>> So it allows .txt to open with Notepad and .dev to open with Dev-C++.
>> It does not make Wine open a new .exe by default - at least, that was
>> not the intention.
>
> This reminds me of something. On some (all? at least, all with
> registry?) versions of Windows, when the user double-clicks a .exe,
> .com, .bat etc, Windows looks up the handler for that filetype in the
> registry. Some malware (and potentially some virus scanners too)
> replace the .exe, .dll, .com etc handlers with a rundll32 call that
> pre-processes the executable.
>
> Now, I'm pretty sure Wine doesn't do this. Someone correct me if I'm
> wrong. In terms of bug-for-bug compatibility, it should, but I think
> in this case it would be safe to diverge from bug-for-bug :)
>
I'll blacklist .exe and .com in the file type associations patch I'm
working on. They open through wine.desktop anyway and should be fixed
there. The .dll shouldn't open at all - it doesn't on Windows.
Damjan
More information about the wine-devel
mailing list