For the millionth time, wine is still a path for viruses. This virus can still run if you have wine and it can still do damage. Wine is not a sandbox.
this post was submitted on 13 Feb 2026
668 points (98.5% liked)
linuxmemes
30007 readers
1492 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
- Don't come looking for advice, this is not the right community.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
- This is primarily an English-speaking community. π¬π§π¦πΊπΊπΈ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. Β
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
Giving the little buddy a chance
It's just good sportsmanship
Unfortunately, it's only a matter of time until native Linux malware becomes more rampant
It already is pretty rampant, however most Linux admins have minimal if any detection strategy.
Additionally, while thereβs plenty of binaries about like VoidLink, almost all campaigns against Linux hosts target SSH, or RCE vulnerabilities, and deliver shell scripts that orchestrate the attack.
Why compile a binary when the shell has everything you need? The threat models are pretty different between Windows and the *nix world.
When you look at botnet composition, theyβre usually made up of outdated Linux hosts with SSH open with password-based authentication.
Seriously people, switch to key-based auth and disable password auth entirely.
Yeah, got me into Linux hardening.
Could you elaborate a bit on that? Like what would you suggest apart from the obvious things like updating, not downloading weird stuff and limit open ports to the minimum and stuff like that?
Well, whenever you talk about Linux, you gotta get real hard.
I use starch, btw.
Basically that. Using software with firejail and apparmor. Making a security audit with lynis. Getting more knowledgeable about open ports and what software is able to do.
I also would like to know
I forgot but do browsers download binaries as executable?
One of the big issues with windows is the fact that it uses file extensions for determining file type, so EXEs can just be instantly run after downloading, which led to MSFT making the "Mark Of Th Web" attribute, which moved hackers into finding every type of bypass for MOTW.
I think straight bin downloads require you to chmod +x first, but you could also probably bypass it with any archive format like .tar.gz or opting for a .deb or .rpm.
The upside is that you really shouldn't be downloading raw bins outside of the package manager, but there are a bunch of tools that only ship as appimages, so you're kinda screwed if you download and execute from an untrusted source.
The weak link on Linux is the number of tools that trained the users to curl ... | bash
Sometimes! I've definitely had some executable files that have downloaded with the x bit flagged.
Isn't it already the case to steal from companies? I don't know if things like Shai Hulud 2.0 qualifies as malware. Companies are much more lucrative targets so I am not sure personal Linux is changing much.
Reminder, that once a vulnerability is found, it disappears, FOREVERRRRRR
You don't get that with windows.
That is indeed one of the unfortunate but inevitable results of the OS becoming more popular.
Open an issue in wine, tell them that not supporting malware robs you of the true native windows experience.
These Indian scammers keep calling me telling me I have a virus and I need to go to start menu.
I donβt even have a start menu. π€·
Isn't there a video on YouTube of a person trolling a scammer like this? The guy skinned Linux to look like Windows and then gave a phone scammer remote access to their PC and watched him get more and more frustrated and confused by why it wasn't working properly
Thatβs awesome. Do you have a link?
Pretty sure it was either kitboga or there are several people who did this. You should find it easily on YouTube
I don't know, but I need to see that.
Fucking with scammers and spammers is a wonderful past time!
You need Wine for that
/s
Jokes aside, the fact that Wine defaults to mounting your entire drive to the fake Windows environment is a major security issue. This whole project is a major engineering feat but the user experience is so bad it can have disastrous consequences.
wine also lets windows executables call any syscall of the host, a malware could attempt to detect wine and just call posix syscalls even if you dont mount your drive to the virtual windows enviroment, this also means that flatpak or bubblewrap doesnt do as much as you would hope for
You can install Wine as flatpak. That should solve some of the issue.
Wow. You found a way to make wine's issues worse by adding the supply-chain risk on top.
I will definitely open all .exe with such a cool icon.
tries to install with wine anyway
while running wine with sudo
Omg, it's 2026, just use wine to run it, I'm sure it's seamless by now.
When the hacker tries to run an npm package to backdoor my linux, but it gives 23 errors.
I think 50% of the posts on here are this meme.
Skill issue.