On Sun, 2007-02-11 at 23:49 -0600, John Smith wrote:
What prevents malicious programs from writing this registry key on their own?
On 2/11/07, Chris Robinson chris.kcat@gmail.com wrote: On Sunday 11 February 2007 06:49:58 pm richardvoigt@gmail.com wrote: > This sounds almost perfect.
What would stop the program from adding the registry key itself when placing the item in the startup folder, or wherever else? > I think the counterpoint raised by James > Hawkins would be adequately addressed by adding a winecfg option as > follows: Sounds like it's just asking if it should ask. I'm not really sure what you could do as a user that a program couldn't just override and do itself. Besides, users might not know whether what's being installed into an auto-start key/folder is necessary, deny it for "safety concerns", and have a broken installation.
I think the bigger security issue to be made is that until wine default behavior is not to set up the user's home directory in a writeable way as the Z: drive there is really no way to store any settings in any user-writable file without having malware being able to change if it wanted to and was written specifically for wine (please correct me if I am wrong). So I believe that, given this state, securing Wine from malware written for Windows (which most is) and not specifically for Wine is the best we can do.
Misha