Risks/Disadvantages associated with Wine
Solution 1:
Wine is just a compatibility layer, programs run in it have the same privileges as the logged in user.
From their FAQ:
7.5. How good is Wine at sandboxing Windows apps?
Wine does not sandbox in any way at all. When run under Wine, a Windows app can do anything your user can. Wine does not (and cannot) stop a Windows app directly making native syscalls, messing with your files, altering your startup scripts, or doing other nasty things.
Also read 7.4, especially:
- Never run executables from sites you don't trust. Infections have already happened.
Wine has to possibility to share your documents (or even your home directory or /) with the application. Even if programs are not malicious, it could still put junk on your system, like desktop.ini (controls the view of folders in Explorer).
Solution 2:
Viruses that are run in wine will generally stay within the C drive which wine creates, however, they can still cause harm to your system through startup entries and other method used by malware. However, they generally will not affect specifically Linux portions of your computer. This does not mean that it is impossible. A virus can be made specifically for wine to infect unprotected Linux binaries or attempt to escalate privileges on your system.
Solution 3:
While looking for security implications running Wine I encountered following analysis. I believe, it will serve all users interested in this topic.
Analysis from 2018 (emphasis by me):
| Malware family | File system | Registry | Processes | Network | Services success | Overall success |
|---|---|---|---|---|---|---|
| Narilam | True | True | True | N/A | N/A | True |
| Hikit | False | False | False | False | False | False |
| Stabuniq | N/A | N/A | False | False | False | False |
| Drixed | False | False | False | False | False | False |
| Batch Wiper | False | True | False | N/A | N/A | Partially |
| Dialer | False | False | True | N/A | N/A | False |
| MyDoom | False | False | True | False | False | False |
| Minamps | True | False | True | True | False | Partially |
| PlugX, Korplug | False | False | True | False | N/A | False |
| Wykcores | True | True | True | True | True | True |
| Didrex | False | False | False | False | False | False |
| Dozmot | False | N/A | False | N/A | N/A | False |
| Potao | False | N/A | True | N/A | N/A | False |
| Gamarue | False | True | False | False | N/A | Partially |
| TDL/Alureon | False | N/A | False | False | N/A | False |
| SC-KeyLog | True | True | True | True | N/A | True |
| Wirenet | True | N/A | True | True | N/A | True |
| CoreBot | False | False | False | False | N/A | False |
| Kawpfuni | True | False | True | N/A | N/A | Partially |
| Skypii | False | N/A | False | N/A | N/A | False |
| 4DW4R3 | True | N/A | True | False | N/A | Partially |
| LokiBot | False | False | False | N/A | N/A | False |
| Nitol | True | True | True | True | True | True |
| Nivdort | False | False | False | False | False | False |
| Unknown1 | False | False | True | N/A | N/A | False |
| Unknown2 | False | False | False | N/A | N/A | False |
| Unknown3 | False | False | False | False | N/A | False |
| Unknown4 | True | False | False | False | N/A | Partially |
| Unknown5 | False | False | False | False | False | False |
CONCLUSIONS
The research conducted in this study produced a series of results that can be used to develop an understanding of the behavior of Windows malware running in Linux via Wine. Results indicate that Windows malware is able to run successfully in a Linux environment through Wine. The success rates of Windows malware running in a Linux environment does appear to be relatively low. The fact that some samples of malware did run successfully illustrates that using the compatibility layer software Wine in a Linux environment does present a security risk to Linux systems, which would otherwise be secure against Windows malware. No relationships could be established between any types of malware or behavior of malware and the malware running successfully in the Linux environment; relationships between the services started in Windows and Network started in Windows independent variables may be investigated via future research and an increased sample size.
The findings suggest that samples which use particular API calls are less likely to run successfully. The OpenServiceA and OpenServiceW functions were never called in Zero Wine suggesting that using these calls can cause compatibility issues with Wine. Another possible reason for this could be that the services being opened are not available through Wine.
Source: https://link.springer.com/article/10.1007/s11416-018-0319-9