How to secure Ubuntu from malware/keylogger running on wine

I have Four questions..

A malware might do many things like modifying/encrypting files, taking screenshot, using webcam and microphone, keylogging etc.

1. The default configuration of mapping Z: to / can permit a malware to modify any file that the user has access to, including doing anything in the home folder. So, I think I can avoid that risk by using a separate non root user account for wine.I will log into the 2nd user every time I run a windows program, So that my data in the 1st user's home directory is safe. Am I right by doing this? Is there any other means of infection?

2. If a keylogger run inside wine as another non-root user, can that keylogger monitor the keys pressed by the other users? Similarly, can the above mentioned setup protect me from malware taking screenshots or using webcam/microphone?

3. Will that second non-root user have access to my Firefox profile data in first account? If yes, how can I prevent a wine program from accessing my Firefox profile data?

4. Do I really need to use playonlinux? Is just wine enough?


Solution 1:

  1. The default configuration of mapping Z: to / can permit a malware to modify any file that the user has access to, including doing anything in the home folder. So, I think I can avoid that risk by using a separate non root user account for wine. Am I right by doing this? Is there any other means of infection?

No to the 1st part. If you want it out of your /home/ you need to compile wine yourself and use ./configure prefix=path_to_install_directory && make . If you use another user you can not play from your own user unless you change permissions (so basically you are killing the reason why you wanted the different user).

Yes to the 2nd part: any method to infect a Windows system also applies to Wine. Though 1 remark: not a lot of virus writers care about wine so they do not tend to add support for wine in the virus. It will/can infect anything windows related inside wine as the files are windows files.

  1. If a keylogger run inside wine as another non-root user, can that keylogger monitor the keys pressed by the other users? Similarly, can the above mentioned setup protect me from malware taking screenshots or using webcam/microphone?

A keylogger adds itself to the system (for instance by adding a udev rule) where pressing keys are caught and redirected. Pressing keys is regardless of who is typing where. A keylogger inside wine is difficult to install though. A keylogger inside the users /home/ pretty easy (there is even one in the repositories so just 1 apt install away).

  1. Will that second non-root user have access to my Firefox profile data? If yes, how can I prevent a wine program from accessing my Firefox profile data?

Generally anyone that can get into the wine directory can get into its own /home/$USER/. But are there wine programs to access your linux firefox profile?

  1. Do I really need to use playonlinux? Is just wine enough?

No. See it like this: wine is for the experiences user. POL is a set of scripts created by those experienced users to make it easier on the new users of wine.

I would stay away from wine. To me trying to plug security related issues with wine is futile. Impossible to win unless you can change core functionality of wine. Use virtualization: it is sandboxed, does not mess with your /home/ and a better overall experience. Backups are easy and no messing with core functionality of a broken down operating system.

Solution 2:

Wine is not sandboxing software. It's a compatibility layer between Windows system calls and Linux system calls. It is not meant to protect your system against malware.

The simple advise is that you don't run untrusted or known bad software on a computer containing valuable data.