Malware on Wine review
chris.kcat at gmail.com
Tue Feb 24 20:35:32 CST 2009
On Tuesday 24 February 2009 6:07:08 pm Scott Ritchie wrote:
> When I brought this up at the Ubuntu Developer Summit a while back, the
> security conscious there wanted to check an executable for the execute
> bit before launching it with Wine. Then, the user would be prompted if
> they wanted to run it, and if yes the execute bit would be set and the
> program launched.
Seems a bit too easy to me for this to be ineffective. It's been repeated
often around here how people, especially Windows users, are conditioned to
click "Yes" and not actually see or comprehend what they're clicking yes too
("I thought it was going to open it in notepad, not run it!"). IMHO, it would
be better if they had to take the initiative to mark it +x, then run it again.
That would prevent these kinds of surprises.
> This check would be skipped if you clicked a link on the start menu
> (since you obviously meant to launch a program then).
Not necessarily. Along with the .desktop trojan, the blog I read also showed
how to override system menu entries (by placing a replacement in the local
folder which will override the system one). So the link you clicked on may not
be what you intended..
More information about the wine-devel