Arch Linux

Zibi1981

Member

From: Poland

Registered: 2008-01-31

Posts: 670

Does WINE come with trojans?

Today I have performed a system-wide full SDD scan using Bitdefener under Windows 11, and as my Arch (dual-boot) sits on an partition, to which I have access on Windows, the antivirus engine was able to scan it to.

Bitdefender recognised 6 hazardous files

https://i.ibb.co/LSNnfQZ/wirusy.png

Should I be worrying much? It is not the first time that my antivirus software  points to malware in WINE.

moderator edit -- replaced oversized image with link.
Pasting pictures and code

Last edited by 2ManyDogs (2023-09-15 22:13:00)

---

"... being a Linux user is sort of like living in a house inhabited by a large family of carpenters and architects. Every morning when you wake up, the house is a little different. Maybe there is a new turret, or some walls have moved. Or perhaps someone has temporarily removed the floor under your bed."

MSI Raider GE78HX 13VI-032PL

seth

Member

Registered: 2012-09-03

Posts: 54,565

Re: Does WINE come with trojans?

https://forum.winehq.org/viewtopic.php?t=33444
https://github.com/orgs/Homebrew/discussions/3255
https://bbs.archlinux.org/viewtopic.php?id=257880
https://forum.manjaro.org/t/wine-stagin … 51-0/74525
https://steamcommunity.com/app/221410/d … 854546152/
…
https://www.google.com/search?wine%20ma … 0positives
https://en.wikipedia.org/wiki/Snake_oil

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

loqs

Member

Registered: 2014-03-06

Posts: 17,765

Re: Does WINE come with trojans?

https://bugs.archlinux.org/task/77420
https://bugs.archlinux.org/task/71561
https://bugs.archlinux.org/task/69371
https://bugs.archlinux.org/task/67474

Zibi1981

Member

From: Poland

Registered: 2008-01-31

Posts: 670

Re: Does WINE come with trojans?

So if this is a widely known problem, why does even very highly rated antivirus software flag these files as Trojans? Shouldn't they know by now? Should I tell Bitdefender that Wine files are safe? I am not a cybersecurity expert.

---

"... being a Linux user is sort of like living in a house inhabited by a large family of carpenters and architects. Every morning when you wake up, the house is a little different. Maybe there is a new turret, or some walls have moved. Or perhaps someone has temporarily removed the floor under your bed."

MSI Raider GE78HX 13VI-032PL

seth

Member

Registered: 2012-09-03

Posts: 54,565

Re: Does WINE come with trojans?

Yes "should" …

highly rated antivirus software

is still

https://en.wikipedia.org/wiki/Snake_oil

wine gets caught in some generic "some malware uses this format/packing so maybe it's a virus and warning the users makes them think I actually do something usefule to protect them by warning them after the fact like you can put on a condom after your GF is pregnant and that will somehow help you with the entire baby situation" scenario, whitelisting wine binaries by name would allow actual malware providers to feign as wine, whitelisting by hash might suffer from too many builds slushing around and ultimately I guess the snake-oil salesmens just don't care because wine is useless on their core market (windows) anyway.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Lone_Wolf

Forum Moderator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 12,394

Re: Does WINE come with trojans?

very highly rated antivirus software

A high rating doesn't prevent them from implementing bad decisions.

Around 2005 I was working as 2nd/3rd line supporttech for a daughter company of a big corporation. The daughter specialized in R&D for designing & producing special hardware.

Several of the engineers required pre-alpha development versions of certain software to do their job . Out of 400 employees less then 6 were allowed to access the systems with that software. Even IT had only access to the bare minimum of software/system that was mandated by corporate rules.

At one point the engineers came to us reporting the special software was blocked completely by the mandatory antivirus and they were unable to do their job.
I got the task to figure out what was wrong.

Eventually the cause was found : the company that developed the software had issues with their 3rd party certificate provider.
They had set up their own root CA and were in the process of getting it officially registered.

The software our engineers received was signed with the new root CA and blocked by the antivirus because it was 'an unknown trust'
Systems of those engineers got a temporary exception to allow installing & using untrusted software.

About a year later the new root CA was officially registered, accepted by the antivirus product  and the exception was revoked.
Guess how long it took before other software used by the engineers triggered the antivirus and the exception was re-instated ?

Sidenote : the engineers often had to communicate with the developers and give them remote access to troubleshoot so isolating the machines was not possible.

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building to complicated ?
Try clean chroot manager by graysky