[Wine] Re: Crazy (and just maybe awesome) idea: Winux

Sun Mar 7 22:03:36 CST 2010

Issue is under 12 months there will be no need for wine to be able to run anti-virus programs from a Linux point of view.  Ie Linux will be able todo the job for it.

Wine does not really do windows permission structs that can redue risk of applications.   Instead everything get told its admin

Selinux work on user sand-boxing also is providing a reduction to risk path.  

Really the biggest problem for selinux in wine is wineserver and other server side parts.   Same bug as RDBMS hard to sort out who is doing what.  Transparency issue.   Seeing data go in one side of a program and out the other get very hard when mult users are using the same service.

This transparency issue is a problem with lot of orcale and ms sql clients running under wine.   Ie wineserver sends some network traffic you don't know what application behind wineserver did it.   This makes it extremaly tricky to create permissive firewall rules and the like.   Ie all in or not at all.   Yes a really bad thing.

Even that you say looks like legitimate activity if can really see close enough most viruses give themselves away.   Application profiles really limit what applications can do as legitimate activity so reduce risk.

Double layers.   If wine cannot spreed out threw the system it risk is reduced.     Like you don't forget the lock doors just because you have walking patrols.  selinux is the locked doors.  anti-virus and items like tripwire are the walking patrols.   You need both.

Anti-viruses also will always miss a percentage.    Sooner we get fully functional snaps-hotting as well the better.  Ie the third layer good and regular back ups.

Linux systems without wine I don't have to depend on hope.    Ok People lose all non package install applications that were not on backups.   There are ways to audit and clean data files.  Ie remove all unknown executable parts.   You can be sure at the end you did get it all.

Windows is far to hard to audit.  Simpler to nuke and start over with the windows parts.