Help with Wine and running exe w/ possible malware?

[AlexOnVinyl]

An exe file that I want to run on linux made for windows comes up as a Trojan on VirusTotal - how would I run it without it affecting my system?

Is there any way that I can run this program on my Linux system without possibly getting a virus?

Other people have told me that it would affect your wine prefix located normally inside ~/.wine and that any program running inside a wine prefix has only access to the virtual bottle in that .wine prefix folder in your home and nothing else. They are close inside that bottle.

Is this true? how would I create a secure environment to run this program?

For those wondering - this program is a program for development with my Nintendo Wii.

[Pavel Troller]

Hi!

An exe file that I want to run on linux made for windows comes up as a Trojan on VirusTotal - how would I run it without it affecting my system?

Is there any way that I can run this program on my Linux system without possibly getting a virus?

Yes.

Other people have told me that it would affect your wine prefix located normally inside ~/.wine and that any program running inside a wine prefix has only access to the virtual bottle in that .wine prefix folder in your home and nothing else. They are close inside that bottle.

Is this true? how would I create a secure environment to run this program?

1) Create a new WINEPREFIX.
- Make a directory
- do "export WINEPREFIX=/path/to/that/directory" (absolute path must be used)
- run winecfg - your new wineprefix will be populated with files needed by wine
2) Browse to dosdevices subdirectory in your new wineprefix and remove possible links to the filesystem root or your Linux home directory (obviously Z: drive)
3) Copy the program you want to run to the drive_c subdirectory of your new wineprefix
4) cd to drive_c
5) Run the program by wine.

Of course you must do this sequentially BY THE SAME SHELL, because the export command is valid only for the session, where it was entered.

For those wondering - this program is a program for development with my Nintendo Wii.

Regards, Pavel

[L. Rahyen]

Other people have told me that it would affect your wine prefix located
normally inside ~/.wine and that any program running inside a wine prefix has
only access to the virtual bottle in that .wine prefix folder in your home
and nothing else. They are close inside that bottle.
Is this true?

No. Everything you run in Wine will have as much rights as your user. You
can minimize probability of getting infected by removing z:, but this does not
guarantee safety: anything you run in Wine still will be able to read or harm
your files outside of drive_c (if your user is allowed to read/write to them).
Wine is not a "sandbox" or isolated virtual machine.

how would I create a secure environment to run this program?

Create another user. Make sure this user does not have any write
permissions outside home directory and cannot read any of your private files
and folders. Run anything you want in Wine as this user. Never use files from
this user as any other user without checking files for possible "infection"
first. But this is not 100% secure, especially if you do not have specific
experience to setup everything as necessary for maximum security. You can get
better safety by using chroot for this user. But even then there is possibility
for some security hole(s), especially if you setup something improperly (for
example, if you share your files in local network without password protection
even this limited user will have permission to read or, if you allowed this, to
write to your files).

Or, use VirtualBox http://virtualbox.org and create isolated virtual
machine. Again, you have to assume every file in it as infected, and again this
may be not 100% secure if you make a mistake in configuration.

Also, you need to remember that any virus-protection software can be wrong.
For example, such a software can tell you that there is virus or trojan when
there is none or vice versa (this is why you need to assume for maximum safety
that everything that can be infected is infected after running untrusted
application or allowing untrusted user to access some writable files).

Of course, in most cases just removing z: is enough, but if you do this and
run untrusted programs like that you have to accept possibility of losing some
or all your important files and/or get corrupted backups because some
virus/trojan ruined your file(s) silently and you did not notice before doing a
backup.

[vitamin]

1) Create a new WINEPREFIX.
- Make a directory
- do "export WINEPREFIX=/path/to/that/directory" (absolute path must be used)

And you'll end up with BROKEN wineprefix. DO NOT and I repeat DO NOT create this directory yourself! Wine have to do it.

As to OP's original question (second from the bottom question): http://wiki.winehq.org/FAQ#head-f566a12 ... 13a773c571

[Pavel Troller]

Hi Vitamin,

Pavel Troller wrote:

1) Create a new WINEPREFIX.
- Make a directory
- do "export WINEPREFIX=/path/to/that/directory" (absolute path must be used)

And you'll end up with BROKEN wineprefix. DO NOT and I repeat DO NOT create this directory yourself! Wine have to do it.

I know that you're real expert, but please could you be more comprehensive, when issuing such strong statements ?
AFAIK, this is not true, at least not generally - see my next experiment:

patrol@arcus:~$ mkdir wp1
patrol@arcus:~$ export WINEPREFIX=/home/patrol/wp1
patrol@arcus:~$ winecfg # Gecko not installed and "Ok" just pressed in the GUI
patrol@arcus:~$ export WINEPREFIX=/home/patrol/wp2
patrol@arcus:~$ winecfg # The same as before
patrol@arcus:~$ ls -laR wp1 >wp1.out
patrol@arcus:~$ ls -laR wp2 >wp2.out
patrol@arcus:~$ sed s/wp2/wp1/g wp2.out >wp2.out.new
patrol@arcus:~$ diff -u wp1.out wp2.out.new
patrol@arcus:~$

As you can see, the directories are not differing in their contents - of course I didn't make md5sums of all the files, but I don't believe that winecfg will create DIFFERENT FILES (but with the same length) depending on the fact the wineprefix directory exists before winecfg is called or not.
So, please, could you inform us, in which case winecfg will break the wineprefix, when it is just freshly created ? I'm very curious about it.

With regards, Pavel

As to OP's original question (second from the bottom question): http://wiki.winehq.org/FAQ#head-f566a12 ... 13a773c571

[vitamin]

So, please, could you inform us, in which case winecfg will break the wineprefix, when it is just freshly created ?

winecfg isn't involved in creating wineprefix. Lots of other programs are. If you really want details - search wine-devel and/or bugzilla.

Don't have a link(s) handy to point you to AJ's response along the lines that "Wine uses a fact of directory not existing to initiate extra steps required to create valid wineprefix. This is by design and there is no reason to change it. Otherwise Wine would penalize all programs with long startup times required for extra needless checks."

Even it would seem that most things are done, some steps were skipped and your prefix will be broken.

[Pavel Troller]

Hi Vitaliy,
OK, thank you for the explanation.
With regards, Pavel

Pavel Troller wrote:

So, please, could you inform us, in which case winecfg will break the wineprefix, when it is just freshly created ?

winecfg isn't involved in creating wineprefix. Lots of other programs are. If you really want details - search wine-devel and/or bugzilla.

Don't have a link(s) handy to point you to AJ's response along the lines that "Wine uses a fact of directory not existing to initiate extra steps required to create valid wineprefix. This is by design and there is no reason to change it. Otherwise Wine would penalize all programs with long startup times required for extra needless checks."

Even it would seem that most things are done, some steps were skipped and your prefix will be broken.

[vitamin]

Don't have a link(s) handy to point you to AJ's response

Here it is: http://bugs.winehq.org/show_bug.cgi?id=29661