Malware on Wine review
Ben Klein
shacklein at gmail.com
Tue Feb 24 23:15:57 CST 2009
2009/2/25 Scott Ritchie <scott at open-vote.org>:
> Chris Robinson wrote:
>> On Tuesday 24 February 2009 6:07:08 pm Scott Ritchie wrote:
>>> When I brought this up at the Ubuntu Developer Summit a while back, the
>>> security conscious there wanted to check an executable for the execute
>>> bit before launching it with Wine. Then, the user would be prompted if
>>> they wanted to run it, and if yes the execute bit would be set and the
>>> program launched.
>>
>> Seems a bit too easy to me for this to be ineffective. It's been repeated
>> often around here how people, especially Windows users, are conditioned to
>> click "Yes" and not actually see or comprehend what they're clicking yes too
>> ("I thought it was going to open it in notepad, not run it!"). IMHO, it would
>> be better if they had to take the initiative to mark it +x, then run it again.
>> That would prevent these kinds of surprises.
>>
>
> It would also make it completely unusable. Remember, all downloaded
> executables (even intentionally downloaded ones) will be -x by default.
> Do you really expect users to go right
> click->properties->permissions->allow execution? Or will they just
> conclude that it doesn't work.
>
> Worse, you could actively irritate them - suppose they do double click
> and you DONT offer the ability to open it, but instead instruct them to
> go through that annoying procedure.
And what happens if they intentionally download a Linux-native
executable or script? It won't run unless it's marked +x or passed as
an argument to the appropriate interpreter. Wine/Windows apps
shouldn't be different.
It's admirable to think of new users and say "how much will they
get?", but you're holding them back if you don't educate them with
things like this. If it's the *correct* way to do it, which I believe
it is, it's *incorrect* to assume that new users are incapable of
learning how to +x their apps when they're downloaded.
>>> This check would be skipped if you clicked a link on the start menu
>>> (since you obviously meant to launch a program then).
>>
>> Not necessarily. Along with the .desktop trojan, the blog I read also showed
>> how to override system menu entries (by placing a replacement in the local
>> folder which will override the system one). So the link you clicked on may not
>> be what you intended..
>
> But in order to do that a malicious script has to already be running!
> Such a system is already owned.
What he's talking about here, if I understand correctly, is a .desktop
file that can be clicked on in a web browser, and executed by the
system without warning. It's an entry-point for malware.
More information about the wine-devel
mailing list