On 2/11/07, Misha Koshelev mk144210@bcm.tmc.edu wrote:
Ok, thanks to everybody's responses on the wine-devel list. Here is my new version of this patch. It starts the items in the StartUp folder like Windows does (again, if anybody who knows about IShellFolder will look over my code that would be great :) I tested it and it works for the Vector NTI installer, but I would really like to have an expert's opinion on whether it is missing osmething). There were a lot of comments on wine-devel about malware using this system to start itself so here is what I added:
- When wineboot finds a file that it wants to start in the StartUp
folder, it asks the user whether he wants to run the program. His options are: Always, Yes, No (default), and Never.
- If he selects Yes the program is run, if he select No it is not.
- If he selects Always or Never, I create a registry key in:
HKEY_CURRENT_USER\Software\Wine\StartupItems with the full pathname of the program and the value "always" or "never." When wineboot sees this program in the StartUp folder it checks this key, and if it is set it performs the appropriate action.
To me it seems like this would be enough to prevent malware from using this system because the user could just click no or never. Also, someone pointed out that wineboot already runs quite a lot of other RUN registry keys that can be used for malware, and currently there is no system for these keys like the one I made for startup. Any comments will be appreciated. Thanks.
These anti-malware changes are unnecessary. We implement Wine to be bug-for-bug compatible with Windows. Windows doesn't ask this question, and Wine shouldn't either. It's not our policy to not implement portions of Windows that make it easier for malware to run.
Well, that is what I thought too, I sent out another patch that does not have these anti-security measures, but there were a lot of responses about them being necessary and someone marked the bug report as WILLNOTFIX. Anyhow, both patches have been sent to wine-patches and also are available in the bug report #7384, so I think Alexandre can choose one or the other. Anyone have any comments about the IShellFolder code or jus want to check it over and give me a yay or nay? It works for me, but I just wanted to check with an expert.
Misha
-----Original Message----- From: James Hawkins [mailto:truiken@gmail.com] Sent: Sun 2/11/2007 4:09 PM To: wine-devel@winehq.org Cc: Koshelev, Misha Vladislavo Subject: Re: wineboot: Start items in StartUp folder on boot, includes security measures.
On 2/11/07, Misha Koshelev mk144210@bcm.tmc.edu wrote:
Ok, thanks to everybody's responses on the wine-devel list. Here is my new version of this patch. It starts the items in the StartUp folder like Windows does (again, if anybody who knows about IShellFolder will look over my code that would be great :) I tested it and it works for the Vector NTI installer, but I would really like to have an expert's opinion on whether it is missing osmething). There were a lot of comments on wine-devel about malware using this system to start itself so here is what I added:
- When wineboot finds a file that it wants to start in the StartUp
folder, it asks the user whether he wants to run the program. His options are: Always, Yes, No (default), and Never.
- If he selects Yes the program is run, if he select No it is not.
- If he selects Always or Never, I create a registry key in:
HKEY_CURRENT_USER\Software\Wine\StartupItems with the full pathname of the program and the value "always" or "never." When wineboot sees this program in the StartUp folder it checks this key, and if it is set it performs the appropriate action.
To me it seems like this would be enough to prevent malware from using this system because the user could just click no or never. Also, someone pointed out that wineboot already runs quite a lot of other RUN registry keys that can be used for malware, and currently there is no system for these keys like the one I made for startup. Any comments will be appreciated. Thanks.
These anti-malware changes are unnecessary. We implement Wine to be bug-for-bug compatible with Windows. Windows doesn't ask this question, and Wine shouldn't either. It's not our policy to not implement portions of Windows that make it easier for malware to run.
James Hawkins wrote:
On 2/11/07, Misha Koshelev mk144210@bcm.tmc.edu wrote:
Ok, thanks to everybody's responses on the wine-devel list. Here is my new version of this patch. It starts the items in the StartUp folder like Windows does (again, if anybody who knows about IShellFolder will look over my code that would be great :) I tested it and it works for the Vector NTI installer, but I would really like to have an expert's opinion on whether it is missing osmething). There were a lot of comments on wine-devel about malware using this system to start itself so here is what I added:
To me it seems like this would be enough to prevent malware from using this system because the user could just click no or never. Also, someone pointed out that wineboot already runs quite a lot of other RUN registry keys that can be used for malware, and currently there is no system for these keys like the one I made for startup. Any comments will be appreciated. Thanks.
These anti-malware changes are unnecessary. We implement Wine to be bug-for-bug compatible with Windows. Windows doesn't ask this
Then you will have to implement all the required functionality to allow anti-malware programs to function properly. Until then, Wine have to have some solutions to prevent nasty things to run on Wine. The excuse "bug-for-bug" will not cut it here! If you want that - you should not have ever switched to Linux in the first place.
Vitaliy.