1

I have installed wine and I am afraid that viruses will affect my PC now. I will not open any other .exe file other than mine one (which I use everyday)

Anthon
  • 78,313
  • 42
  • 165
  • 222

1 Answers1

1

Full disclosure: I'm not a WINE user but found this question interesting so I did a bit of digging. Apparently malware has been found to run inside of WINE, but what is the potenial for it to affect the host system?

I would assume WRT normal windows viruses, there is no meaningful context for them to do their real work in. They'll just think they are, or not work. But, e.g., if there is a way to write to the boot sector of your hard drive in a transparent way from WINE (by "transparent way" I mean, whatever way it is a virus would do this via Windows), then that's a serious risk, because some of them do that.

Since WINE isn't a real emulator (a good thing) and wasn't created from actual windows source, exploits based on real windows flaws/backdoors probably cannot work. However, a virus that targets WINE specifically -- i.e., one which can tell it is running in WINE on *nix -- could presumably do things with the privileges of the WINE process.

The last question in the WINE FAQ addresses the issue a bit, which I'll reproduce part of here:

11.1. Wine is malware-compatible

Just because Wine runs on a non-Windows OS doesn't mean you're protected from viruses, trojans, and other forms of malware.

There are several things you can do to protect yourself:

  • Never run executables from sites you don't trust. Infections have already happened.
  • In web browsers and mail clients, be suspicious of links to URLs you don't understand and trust.
  • Never run any application (including Wine applications) as root (see above).
  • Use a virus scanner, e.g. ClamAV is a free virus scanner you might consider using if you are worried about an infection; see also Ubuntu's notes on how to use ClamAV. No virus scanner is 100% effective, though.
  • Removing the default Wine Z: drive, which maps to the unix root directory, is a weak defense. It will not prevent Windows applications from reading your entire filesystem, and will prevent you from running Windows applications that aren't reachable from a Wine drive (like C: or D:). A workaround is to copy/move/symlink downloaded installers to ~/.wine/drive_c before you can run them.
  • If you're running applications that you suspect to be infected, run them as their own Linux user or in a virtual machine (the ZeroWine malware analyzer works this way).

So, it appears that there are reported cases of malware appearing inside of WINE, but none reporting that they are somehow affecting stuff outside of WINE. However, the potential obviously exists, if someone wrote malware that targeted WINE specifically, or if WINE gives transparent access to certain hardware. You can guard against the nastiest potentials there by never running WINE as root.

goldilocks
  • 86,451
  • 30
  • 200
  • 258
  • The whole point of WINE is to offer an interface to the linux system, so I'd say that you should just treat infections as problematic as in Windows. I mean, aren't WINE applications able to access the filesystem? That means viruses could infect files *outside* of WINE, and effectively contribute to spreading the virus. If you want containment, use a virtual machine (and even then, you can't be 100% sure some virus won't try to exploit the VM...). – njsg Oct 19 '13 at 14:52
  • @njsg I think the difference is that a windows virus would not be designed to tackle *nix permissions, or do it's thing in the context of the FHS hierarchy, so the fact that it has access to the filesystem would be (mostly) meaningless. I'd recommend running it as a dedicated, non-privileged user -- as you imply, containing it in a VM won't do you any good if it breaks out. But if it's running as a the "wine" user, than all it can damage is `/home/wine`. – goldilocks Oct 19 '13 at 15:10