Jason Green wrote:
On 3/27/06, Segin segin2005@gmail.com wrote:
Due to the current state of Wine, plus it's archjitechure, Even if a virus was found, it is much easier to remove.
If the virus is a memory-resident kind, you can do pkill -9 wine as root or your user and shut down ile essentially killing said virus.
A lot of viruses, in order to keep small, attempt to make fnction calls based on a DLL function absolute address. This has a 1 in 256 million cnahce in working, because each time you recodmile wine, the function entry points change. all that aill result in is a segmentation fault.
I agree that running viruses are much more difficult in Wine than in Windows, however, by default, Wine maps Z:\ to your entire Linux tree. If the user running Wine has write-access to any other folders in the Linux system tree and runs a virus which randomly deletes or modifies files on any accessible drive letter, that is still a problem. Plus, some users don't use "rm -rf .wine/" on a daily basis like most devs do, and they may actually store useful things under their .wine/ folder. In the (albeit, unlikely) event of "succesfully" running a Windows virus, those files are at risk.
There are plenty of distros that install some version of Wine by default and automatically associate .exe's and the like with Wine, so users that aren't careful are still at risk. Granted, that risk is minimized by not being fully compatible with everything Windows does [yet], but it's still a risk.
maybe if we put in a md5sum database of viruses and refuse to run those that are viruses? it's not as good as a real a/v app, but it's a start.