I only run one piece of software under wine but this app is still a great risk.
The intentions and opportunity of software developers not using open source
should not be underestimated.
when i run
env WINEPREFIX="/ubuntu/PC1/.wine" wine
C:\\windows\\system32\\taskmgr.exe
I am reminded again of all the security problems with windows.
I was thinking that it ought to be easier to secure wine since it is a cut down
version.
Areas I can would guess that COULD be addressed are :
1) Have a custom pluginplay - ie pluginplay with a wrapper so that everytime it
is called a msgbox pops up ( I worry that these pluginplay packets get through
the router and expose the OS to remote devices).
2) A way to lock down "services" - so that there are no new ones past
a certain point. And/or new services are on 'alert'.
3) Have a windows registry lock - or organise a bat to always restore a trusted
registry file every startup.
4) Have greater control over svchost.exe. Same wrapper idea, or alerts or ??????
maybe byte size checking to prevent replacements.
5) Allow a way to have wine block port80 - in a scenario where the software you
do run can get by with port 443 only.
i.e. small open source firewall that is rootkit proof.
Or a firewall that filters both the app and port.
6) rootkit detector - linux built but wine targeted
7) virus detection - again linux built but wine targeted
8) a surefire way and FAQ's on running vulnerability scans - BackTrack,
Knoppix STD,
etc .http://wirelessdefence.org/Contents/WirelessDistros.htm
http://www.darknet.org.uk/2006/03/10-best-security-live-cd-distros-pen-test-forensics-recovery/
http://www.serverwatch.com/server-trends/10-secure-linux-distributions-you-need-know-about.html
9) windows registry improvements
e.g.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StorageDevicePolicies\WriteProtect
Granted it is likely that Microsoft ensured that these security risks could not
be completely erased. And engineered in vulnerabilities to suit their interests.
So the idea of wrapper dll's may not be feasible, but I'm hoping that
vulnerabilities can be identified so that some albeit slow progress can be made.