[Wine] Help with Wine and running exe w/ possible malware?
research at science.su
Mon Jan 23 02:27:18 CST 2012
> Other people have told me that it would affect your wine prefix located
> normally inside ~/.wine and that any program running inside a wine prefix has
> only access to the virtual bottle in that .wine prefix folder in your home
> and nothing else. They are close inside that bottle.
> Is this true?
No. Everything you run in Wine will have as much rights as your user. You
can minimize probability of getting infected by removing z:, but this does not
guarantee safety: anything you run in Wine still will be able to read or harm
your files outside of drive_c (if your user is allowed to read/write to them).
Wine is not a "sandbox" or isolated virtual machine.
> how would I create a secure environment to run this program?
Create another user. Make sure this user does not have any write
permissions outside home directory and cannot read any of your private files
and folders. Run anything you want in Wine as this user. Never use files from
this user as any other user without checking files for possible "infection"
first. But this is not 100% secure, especially if you do not have specific
experience to setup everything as necessary for maximum security. You can get
better safety by using chroot for this user. But even then there is possibility
for some security hole(s), especially if you setup something improperly (for
example, if you share your files in local network without password protection
even this limited user will have permission to read or, if you allowed this, to
write to your files).
Or, use VirtualBox http://virtualbox.org and create isolated virtual
machine. Again, you have to assume every file in it as infected, and again this
may be not 100% secure if you make a mistake in configuration.
Also, you need to remember that any virus-protection software can be wrong.
For example, such a software can tell you that there is virus or trojan when
there is none or vice versa (this is why you need to assume for maximum safety
that everything that can be infected is infected after running untrusted
application or allowing untrusted user to access some writable files).
Of course, in most cases just removing z: is enough, but if you do this and
run untrusted programs like that you have to accept possibility of losing some
or all your important files and/or get corrupted backups because some
virus/trojan ruined your file(s) silently and you did not notice before doing a
More information about the wine-users