On Sun, Mar 16, 2008 at 1:29 AM, Dmitry Timoshkov dmitry@codeweavers.com wrote:

There is nothing special about Wine that doesn't apply to common unix/linux/windows security practices.

No but people come to Linux hearing that its more secure than Windows for various reasons. While this may or may not be true, if we are so compatible that we can run virii and spyware, then we need to document it as TheBlunderbuss said otherwise there will be many people disappointed by unrealistic expectations.

On Sun, Mar 16, 2008 at 3:52 AM, Dmitry Timoshkov dmitry@codeweavers.com wrote:

Again, I don't see how Wine developers could help with that, we are developers, not a health care department.

And this is why there is a disconnect from developers to users. If you don't document what are and are not valid assumptions and behaviors, how the hell do you expect the user to figure it out? One reason there is not a ton of spyware/virii for Linux and friends is most packages come in source and binary form where there is the chance of peer review (and the fact the market share is so small its not worth targeting) but users don't know that. They think Wine+Linux will just magically solve the problem due to the apparent "betterness" of Linux. If we don't properly address that, then users will be disappointed because the real value comes from the free as in freedom part of the software not the assumed enhanced security.

Dmitry Timoshkov [mailto:dmitry@codeweavers.com] wrote:

...

This level of security info is something everyone should have easy access to and know before starting Wine. Of course, wherever I'm not accurate, feel free to fill in!

There is nothing special about Wine that doesn't apply to common unix/linux/windows security practices.

This is correct but with Wine 1.0 approaching you are now targetting an audience that knows often nothing about Unix/Linux other than it's mythological lack of sensitivity to viri. That this lack is more a question of a lack of a common and standardizid target due to it's lower market penetration in end user systems and many flavors and user specific setups is beyond them. Wine now offers almost the same attack target as does Windows due to its already good and still improving compatibility with it.

So although you obviously don't like it, maybe because you do not want to shy away new potential users, a warning somewhere with a description is definitly not the wrong thing to do. But I do feel the original poster used still a to much unix language for the upcoming average Wine users.

There definitely still exists that picture that Linux is much more secure no matter how bad you treat it and that is simply not true and an upcoming user should be educated about that. It should be made clear in my opinion that Wine is not meant and can't be used to run Windows applications whithout observing exactly the same care and security as you would need on Windows.

You won't be able to avoid the bad publicity about people messing up their system under Wine but at least you can say that this was known and documented and Wine isn't a magical bulletproof security solution that allows users to download every single Warez application that is out there without risking more or less the same problems as you would get under Windows. And once Wine has gotten the wide spread use we would all like to see, the next step to Wine aware viri and such is not that big, believe me.

Rolf Kalbermatter