One of the comments: "truly this is the year of the Linux desktop"

And I still can't get Starcraft HD to work...

Blizzard and Adobe, the guardians of Windows.

Many blizzard games work almost perfectly under wine including warcraft 3, starcraft and world of warcraft. Last time I tried starcraft anthology (digital download) I did not have any problems.

Eh? I'm under the strong impression that Adobe works nicer on Mac than Windows.

>I haven't noticed much of a difference. Even if there is, there's the matter of the Mac price tag. and the utter agony of using a Mac if you're used to Windows.

>If you lack the budget for a Mac but you want to do graphic design, Windows is the logical choice.

That comment got flagged (wasn't mine), and this one probably will be too. Holy fuck the apple worship on this site is strong sometimes.

I haven't noticed much of a difference. Even if there is, there's the matter of the Mac price tag.

and the utter agony of using a Mac if you're used to Windows.

If you lack the budget for a Mac but you want to do graphic design, Windows is the logical choice.

Fair enough but the parent comment claimed that Adobe (and Blizzard) were keeping Windows alive. How can that be if it runs better or at least just as good on Mac?

So you tried the same joke on both Hn and Reddit. Interesting

Wine has long been sufficiently compatible with Windows to run malware. I added a bit about this to the Wine FAQ in 2009 I think ;-) IIRC the ZeroWine malware analyser would run malware in Wine in Debian in a QEMU virtual machine.

The question here is not whether it runs, but whether it can infect.

No, the more pressing question is whether it can run, specifically whether it can run without intervention, and I'm willing to bet a lot of money/bitcoins that it can't, purely because it couldn't gain access to the machine unless those ports were open.

A good reminder to run wine as a different user...

I use a separate user session with a separate X server to run games, which is about 100% of my use of Wine. Granted, that's not out of paranoia, but because video mode switching makes my windows resize and go all over the place and sometimes the window manager crashes, so simply running a barebones OpenBox session specifically for games results in less pain than letting them run on my main desktop.

…and disable the Z: drive (which maps to linux / by default).

Run wine inside an emulator... oh wait

(W)ine (I)s (N)ot an (E)mulator

We need to go docker -_-

Inside of a VM, of course. Can't have enough protection!

Then you remember that the VMware hypervisor was broken recently...

that's fine, run the hypervisor inside virtualbox. For extra marks have it communicate to the host via smoke signals.

That is pretty scary. Anyone know if there is any info on if it will only encrypt the c_drive folder that wine makes or the entire fs?

Isn't the entier fs exposed as Z: or so in wine? I know there's some way to get to the user's home directory which is probably good enough to cause essentially the same amount of pain.

> entier fs exposed as Z: or so in wine

By default only. You can easily disable that. It always made me worried that anything in wine got access to my system, even though I normally wanted something closer to an isolated instance, so I always disabled that.

There may also be links to your home directory as "Desktop", "My Documents", etc. See winecfg for these. And note that your registry files may refer to Z: (mostly for fonts, it seems), or even directly to files outside your Wine directory.

If the software is Wine-aware, it doesn't matter. The \\unix\ filesystem namespace allows programs running under Wine to access the host filesystem whether it's mapped as a drive or not. And, of course, since Wine Is Not an Emulator, it could also use POSIX APIs or Linux kernel syscalls directly if it wanted to.

Have there been reports of Wine-aware malware already? (If not, the next generation probably will, though.)

Wine is not an isolation layer. You can disable the Z: drive but the applications running in Wine still have about the same access a normal application has.

yea it seems Z: is mapped to the root fs, so if wine has the right permissions it could cause some damage.

Most interesting. However, you have to butcher your system a bit in order to make that happen... That doesn't say there aren't setups like that, but they are really one out of million.

How is that so? I believe Wine processes have r/w access to the user's home directory.

And most of your valuable stuff will be in your user dir if you're on a personal computer.

On that note, is is possible to sandbox wine so that it can only access the c_drive folder, not the whole host fs?

Yep. Try apparmor or similar.

So I could run this in Wine on top of windows subsystem for linux and screw up my host windows?

Is there any way to isolate wine and limit write permisions to user files? I only found this https://askubuntu.com/questions/327223/how-to-isolate-wine#3...

I would try firejail

    https://firejail.wordpress.com/

Same way you isolate any program on Linux. SELinux, AppArmor, or running as a dedicated user.

[edit] I suppose there are containers nowadays too.

containers still need apparmor/selinux to be secure; a container is just a packaging method without those.

I'd like to give it a try later today with Wine under Linux VM. Anyone know the download link for wannacry?

I'll update the findings here :)

thanks for the link, will check

Someone already has few findings: https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b...

WCry set up an example how to let users screw up themselves easily.

I uninstalled wine a few weeks ago :)

No, you don't need to exploit the bug to run the software; this involves running it manually.

wannacry isn't limited to windows xp

if you know of a wcry windows xp infection let us know please.