do the microsoft dll's act as spyware?

Questions about Wine on Linux
Post Reply
baltimore
Newbie
Newbie
Posts: 3
Joined: Fri Aug 30, 2019 4:20 am

do the microsoft dll's act as spyware?

Post by baltimore » Fri Aug 30, 2019 5:45 am

When I create an empty project visual studio in windows and run it, my firewall warns me that my program wants to connect to the internet to send telemetry to microsoft. Given that this happens with a project that doesn't contain any code written by me (just an empty frame without additional controls), I'm assuming the spying functionality is stored in the DLL's that are part of every visual studio project.
Wine requires microsoft DLL's to run.
I did find articles discussing the dangers of running Wine in relation to an increased risk of malware infections.
I did not find any articles discussing the dangers of opening your linux machine up to microsoft spying through the DLL's that are required for Wine.
Is anyone aware of this happening (microsoft using their DLL's to fingerprint machines and snoop around through Wine)? Is this even possible?
Thank you.

Cybermax
Level 4
Level 4
Posts: 179
Joined: Fri Dec 01, 2017 5:26 pm

Re: do the microsoft dll's act as spyware?

Post by Cybermax » Sat Aug 31, 2019 4:04 pm

baltimore wrote:Wine requires microsoft DLL's to run.
Not sure what you mean by that? If you mean that eg. your project needs microsoft dll's added with dll-overrides (and/or using winetricks to add stuff like .net or whatever), then yes, probably you COULD risk the microsoft compiled dll's having additional code doing stuff like that if wine have the functions for it.

If however you are able to run your project without any additional dll-overrides or other added ways to get it to run, then no, wine compiled dll's (dll.so's) does NOT contain any "spyware" sending telemetry data to M$.. Atleast not natively in the code afaik.

The programs running under wine is ofc doing what it is programmed to do, so if you run a program that is meant to upload whatever the wineprefix has read access to, up to some random server on the interweb, it will. By default wine WILL have access to ~/Documents and stuff like that (you can check your WINEPREFIX/drive_c/users/yourusername/ eg. ~/.wine/drive_c/baltimore/My Documents). Wine will have access to other system folders through WINEPREFIX/dosdevices, typically z: is mapped to your / folder. This means that wine DOES have access to the same stuff your user have access to, and one of the reasons wine NEVER should be run as root!

You can delete this mapping manually if you are not sure you should trust the program you are running, and you can change the default mappings by running "winecfg" on your prefix and change it at the "Desktop Integration" tab.

User avatar
DarkShadow44
Level 7
Level 7
Posts: 878
Joined: Tue Nov 22, 2016 5:39 pm

Re: do the microsoft dll's act as spyware?

Post by DarkShadow44 » Sun Sep 01, 2019 5:06 am

Cybermax wrote:If however you are able to run your project without any additional dll-overrides or other added ways to get it to run, then no, wine compiled dll's (dll.so's) does NOT contain any "spyware" sending telemetry data to M$.. Atleast not natively in the code afaik.
Also keep in mind that you don't know what the compiler inserts. If one was to be really wary of MS, don't compile with VisualStudio. Or use wine with a proper sandbox. Cut out all internet, problem solved.

baltimore
Newbie
Newbie
Posts: 3
Joined: Fri Aug 30, 2019 4:20 am

Re: do the microsoft dll's act as spyware?

Post by baltimore » Mon Sep 09, 2019 10:40 am

Thank you for the replies. I apologize for not replying sooner, I was busy moving house.
Cybermax wrote:
baltimore wrote:Wine requires microsoft DLL's to run.
Not sure what you mean by that?
Yeah, I didn't express myself clearly :(

Applications in Wine may require extra dll's. For instance, in order to install ToDoList, I have to install comctl32, mfc42 and vcrun6 in winetricks.

Applications that I write in visual studio (in windows) do try to spy for M$. Maybe this is because of spying code that was added by the compiler in visual studio. Or maybe M$ added spyware to their dll's so that any application that uses these dll's will try to contact M$, whether the application was compiled in visual studio or not. If the latter is true, M$ might be spying on my linux machine, not through ToDoList, but through comctl32, mfc42 or vcrun6, or through the .NET code that seems to be part of Wine (there is a Microsoft.NET directory in ~/.wine/drive_c/windows/). I'm not a technical guy, so I don't know if that is even possible, but your answer suggests that it is.

DarkShadow44 wrote:
Sun Sep 01, 2019 5:06 am
Or use wine with a proper sandbox. Cut out all internet, problem solved.
I believe that many privacy/security issues would be solved if it were possible to deny individual programs internet access. In windows this is easily done with a firewall like ZoneAlarm, but I don't know of an equivalent in Linux. Most information I found actually said that it is not possible in Linux. How would one sandbox an application or deny it internet access?

Thanks

User avatar
DarkShadow44
Level 7
Level 7
Posts: 878
Joined: Tue Nov 22, 2016 5:39 pm

Re: do the microsoft dll's act as spyware?

Post by DarkShadow44 » Tue Sep 10, 2019 2:02 pm

baltimore wrote:
Mon Sep 09, 2019 10:40 am
I believe that many privacy/security issues would be solved if it were possible to deny individual programs internet access. In windows this is easily done with a firewall like ZoneAlarm, but I don't know of an equivalent in Linux. Most information I found actually said that it is not possible in Linux. How would one sandbox an application or deny it internet access?
I have two options for you:

Code: Select all

unshare -n -r ping winehq.org
firejail --net=none ping winehq.org
Also, there's linux firewalls, e.g.: https://wiki.archlinux.org/index.php/Un ... d_Firewall

baltimore
Newbie
Newbie
Posts: 3
Joined: Fri Aug 30, 2019 4:20 am

Re: do the microsoft dll's act as spyware?

Post by baltimore » Fri Sep 13, 2019 2:43 am

DarkShadow44 wrote:
Tue Sep 10, 2019 2:02 pm
I have two options for you:

Code: Select all

unshare -n -r ping winehq.org
firejail --net=none ping winehq.org
Also, there's linux firewalls, e.g.: https://wiki.archlinux.org/index.php/Un ... d_Firewall
Thanks, I'll check it out!

lahmbi5678
Level 7
Level 7
Posts: 823
Joined: Thu Aug 27, 2009 6:23 am

Re: do the microsoft dll's act as spyware?

Post by lahmbi5678 » Fri Sep 13, 2019 10:48 am

https://www.infoq.com/news/2016/06/visu ... telemetry/

Are you talking about this telemetry automatcially inserted by VS2015?

Obviously MS will add more and more telemetry in the future, not only in Windows, Edge, Cortana, Office, etc, but also in its compilers and C# runtimes. Stay with older MS compilers or use non-MS compilers.

Fwiu companies like facebook internally calculate the value of the average user (its data) with something like 5$ per user and month. MS users probably are twice as much worth, just my estimate, as the latest versions of Office and Edge virtually report every key stroke to MS servers, that would be quite a bargain, if in the future you could buy this data for a few $/user/month, maybe superficially anonymized, but not really private. The more data will be collected, the more value the user collective will represent. It's a huge new gold rush. Secret services, administrations, police forces, insurance companies, advertisers from all over the world can't wait to get hold of your data.

Cybermax
Level 4
Level 4
Posts: 179
Joined: Fri Dec 01, 2017 5:26 pm

Re: do the microsoft dll's act as spyware?

Post by Cybermax » Sat Sep 14, 2019 11:44 am

Interesting.
In the meantime, users who have a copy of VS2015 Update 2 and wish to turn off the telemetry functionality currently being compiled into their code should add “notelemetry.obj” to their linker command line. (This fix was confirmed by Carroll.)
Not sure if that is "fixed" in VS-2017, but my bet would be.. uhm.. nope :)

Merlot618
Level 2
Level 2
Posts: 10
Joined: Sat Aug 10, 2019 2:08 pm

Re: do the microsoft dll's act as spyware?

Post by Merlot618 » Sat Sep 14, 2019 3:44 pm

Im glad this issue was brought up, I myself wonder about that as well. Would Wine allow these programs to run in the background even if not using those programs in your session?

User avatar
DarkShadow44
Level 7
Level 7
Posts: 878
Joined: Tue Nov 22, 2016 5:39 pm

Re: do the microsoft dll's act as spyware?

Post by DarkShadow44 » Sun Sep 15, 2019 5:42 am

Wine just provides a windows-like environment. If programs would run in the background on windows, so will they on Wine.

Cybermax
Level 4
Level 4
Posts: 179
Joined: Fri Dec 01, 2017 5:26 pm

Re: do the microsoft dll's act as spyware?

Post by Cybermax » Sun Sep 15, 2019 9:51 am

Merlot618 wrote:
Sat Sep 14, 2019 3:44 pm
Im glad this issue was brought up, I myself wonder about that as well. Would Wine allow these programs to run in the background even if not using those programs in your session?
Sure. One example that i know of that kinda do something like that is World of Warcraft. Blizzard has a thing called "Agent.exe" that sits in the background collects info about the game if you need an update and such things. It has no window or anything, but runs totally in the background. If you want to play WoW, you cant block Agent.exe... And since its a 3rd party thing, you do not really control or know what it does.

I am sure there are LOADS of examples like this, and as long as there is no actual issue running under wine (a bug), it will happily run and do its thing. On Windows you can block a certain .exe file from reaching the interwebs, but i do not think you can do it that easily in Linux, as you would probably need to block "wine", and thus preventing anything from working. You can ofc block certain ports and whatnot, but that might not be so easy to figure out. Eg. If Agent.exe connects to a webservice through https port 443 and transfers some data, blocking port 443 via a firewall would render stuff.. uhm.. unpleasant.

I would assume if some small app you compile with Microsoft VS2017 puts some telemetry functions into the app, you cannot easily block this function without either (possibly) blocking wine, or blocking a system-wide port(s).

Post Reply