[Wine] Crazy (and just maybe awesome) idea: Winux

James McKenzie jjmckenzie51 at earthlink.net
Sun Mar 7 21:29:59 CST 2010 

oiaohm wrote:
> James McKenzie wine really should never be used to run anti-viruses.
I agree with this statement.  However, we have to remember that folks
THINK that only Windows has viruses.  Until the the turn point is
reached that all OSs have viruses, then we have to think about
supporting them in Wine. 
> Anti-virus is a host OS problem.  You can sit wine on top of clamfs.  fanotify that should hopefully merge this year will enable Linux side anti-virus better under it.
>
>   
Again, I agree wholeheartedly with you.  I have ClamAV for my Macs. 
Why? Because:
1.  There are viruses for the Mac and other UNIXes.
2.  Windows viruses will 'pass through' my system and infect unprotected
Windows systems. 

I've even educated my father about virus protection.  And that is some feat.

> I forget to say it also depends on the RDBMS you are running as well.  http://wiki.postgresql.org/wiki/SEPostgreSQLv8.4  This beast exists that is Selinux friendly.
>
> http://wiki.postgresql.org/wiki/SEPostgreSQL  Really there is a full SELinux compatible stack under development.
>
>   
Yes, but I'm also looking for the turnpoint where Wine will use Oracle
Clients (yes, they do exist for Linux/MacOSX/Solaris, I work with them)
and for MS SQL.  Yes, I know about SEPostGRESQL.  However, the latter is
not in major use as are the first two.  I would love to see a good
spread of RDBMS activity within the SELinux project and we may soon see
this.

> Part of the issue with databases is there will to run secuirty different to the rest of the OS.  There is even SELinux reaching up into the X11 server.
>
>
>   
Again, SELinux affects all parts of Linux.  It is designed to do so. 
However, we also have to include the use of Windows API conversion calls
as well.  If a virus affects the kernel, we need to know how to stop or
mitigate its effects.  SELinux will prevent some but not all activity
and some viruses have been designed to look like they are doing
legitimate activity.  That is always the hard part.  User education is
always the key in virus prevention.  Telling users not to click on that
'install' button is paramount, but then you will always have the rouge
user or the ID10t that will click anyways.  Then you have to clean up
the mess and hope that you got it all.

But we should really get back to Wine and what it can and cannot do. 
Right now, it cannot run a native AV program, and I agree that it should
not be able to for file scanning.

James McKenzie

More information about the wine-users mailing list