wine users - Jan 2012 - Help with Wine and running exe w/ possible malware?

An exe file that I want to run on linux made for windows comes up as a Trojan on
VirusTotal - how would I run it without it affecting my system?

Is there any way that I can run this program on my Linux system without possibly
getting a virus?

Other people have told me that it would affect your wine prefix located normally
inside ~/.wine and that any program running inside a wine prefix has only access
to the virtual bottle in that .wine prefix folder in your home and nothing else.
They are close inside that bottle.

Is this true? how would I create a secure environment to run this program?

For those wondering - this program is a program for development with my Nintendo
Wii.

Hi!
  
> An exe file that I want to run on linux made for windows comes up as a
Trojan on VirusTotal - how would I run it without it affecting my system?
> 
> Is there any way that I can run this program on my Linux system without
possibly getting a virus?
Yes.
> 
> Other people have told me that it would affect your wine prefix located
normally inside ~/.wine and that any program running inside a wine prefix has
only access to the virtual bottle in that .wine prefix folder in your home and
nothing else. They are close inside that bottle.
> 
> Is this true? how would I create a secure environment to run this program?
1) Create a new WINEPREFIX. 
   - Make a directory 
   - do "export WINEPREFIX=/path/to/that/directory" (absolute path
must be used)
   - run winecfg - your new wineprefix will be populated with files needed by
wine
2) Browse to dosdevices subdirectory in your new wineprefix and remove possible
links to the filesystem root or your Linux home directory (obviously Z: drive)
3) Copy the program you want to run to the drive_c subdirectory of your new
wineprefix
4) cd to drive_c
5) Run the program by wine.

Of course you must do this sequentially BY THE SAME SHELL, because the export
command is valid only for the session, where it was entered.
> 
> For those wondering - this program is a program for development with my
Nintendo Wii.
> 
Regards, Pavel

> Other people have told me that it would affect your wine prefix located
> normally inside ~/.wine and that any program running inside a wine prefix
has
> only access to the virtual bottle in that .wine prefix folder in your home
> and nothing else. They are close inside that bottle.
> Is this true?
	No. Everything you run in Wine will have as much rights as your user. You 
can minimize probability of getting infected by removing z:, but this does not 
guarantee safety: anything you run in Wine still will be able to read or harm 
your files outside of drive_c (if your user is allowed to read/write to them). 
Wine is not a "sandbox" or isolated virtual machine.
> how would I create a secure environment to run this program?
	Create another user. Make sure this user does not have any write 
permissions outside home directory and cannot read any of your private files 
and folders. Run anything you want in Wine as this user. Never use files from 
this user as any other user without checking files for possible
"infection"
first. But this is not 100% secure, especially if you do not have specific 
experience to setup everything as necessary for maximum security. You can get 
better safety by using chroot for this user. But even then there is possibility 
for some security hole(s), especially if you setup something improperly (for 
example, if you share your files in local network without password protection 
even this limited user will have permission to read or, if you allowed this, to 
write to your files).

	Or, use VirtualBox http://virtualbox.org and create isolated virtual 
machine. Again, you have to assume every file in it as infected, and again this 
may be not 100% secure if you make a mistake in configuration.

	Also, you need to remember that any virus-protection software can be wrong. 
For example, such a software can tell you that there is virus or trojan when 
there is none or vice versa (this is why you need to assume for maximum safety 
that everything that can be infected is infected after running untrusted 
application or allowing untrusted user to access some writable files).

	Of course, in most cases just removing z: is enough, but if you do this and 
run untrusted programs like that you have to accept possibility of losing some 
or all your important files and/or get corrupted backups because some 
virus/trojan ruined your file(s) silently and you did not notice before doing a 
backup.

Pavel Troller wrote:
> 1) Create a new WINEPREFIX. 
> - Make a directory 
> - do "export WINEPREFIX=/path/to/that/directory" (absolute path
must be used)
And you'll end up with BROKEN wineprefix. DO NOT and I repeat DO NOT create
this directory yourself! Wine have to do it.

As to OP's original question (second from the bottom question):
http://wiki.winehq.org/FAQ#head-f566a12c806a1eacaeefb7cb6419a513a773c571

Pavel Troller wrote:
> So, please, could you inform us, in which case winecfg will break the
wineprefix, when it is just freshly created ?
winecfg isn't involved in creating wineprefix. Lots of other programs are.
If you really want details - search wine-devel and/or bugzilla.

Don't have a link(s) handy to point you to AJ's response along the lines
that "Wine uses a fact of directory not existing to initiate extra steps
required to create valid wineprefix. This is by design and there is no reason to
change it. Otherwise Wine would penalize all programs with long startup times
required for extra needless checks."

Even it would seem that most things are done, some steps were skipped and your
prefix will be broken.

vitamin wrote:
> Don't have a link(s) handy to point you to AJ's response
Here it is: http://bugs.winehq.org/show_bug.cgi?id=29661