Malware on Wine review

[Scott Ritchie]

Chris Robinson wrote:
> On Tuesday 24 February 2009 6:07:08 pm Scott Ritchie wrote:
>> When I brought this up at the Ubuntu Developer Summit a while back, the
>> security conscious there wanted to check an executable for the execute
>> bit before launching it with Wine.  Then, the user would be prompted if
>> they wanted to run it, and if yes the execute bit would be set and the
>> program launched.
> 
> Seems a bit too easy to me for this to be ineffective. It's been repeated 
> often around here how people, especially Windows users, are conditioned to 
> click "Yes" and not actually see or comprehend what they're clicking yes too 
> ("I thought it was going to open it in notepad, not run it!"). IMHO, it would 
> be better if they had to take the initiative to mark it +x, then run it again. 
> That would prevent these kinds of surprises.
> 

It would also make it completely unusable.  Remember, all downloaded
executables (even intentionally downloaded ones) will be -x by default.
 Do you really expect users to go right
click->properties->permissions->allow execution?  Or will they just
conclude that it doesn't work.

Worse, you could actively irritate them - suppose they do double click
and you DONT offer the ability to open it, but instead instruct them to
go through that annoying procedure.

>> This check would be skipped if you clicked a link on the start menu
>> (since you obviously meant to launch a program then).
> 
> Not necessarily. Along with the .desktop trojan, the blog I read also showed 
> how to override system menu entries (by placing a replacement in the local 
> folder which will override the system one). So the link you clicked on may not 
> be what you intended..
> 
> 

But in order to do that a malicious script has to already be running!
Such a system is already owned.

Thanks,
Scott Ritchie