Asking for a friend

  • lurkerlady [she/her]@hexbear.netEnglish
    13·
    21 days ago

    Its absurdly safe, they are basically their own containers (can’t read outside of the container, sandboxed) and if you have bottles installed as a flatpak that is also a container. Linux also doesnt give easy root access to programs, so they can’t do much damage. Most malware targets Windows, MacOS, and server side Linux. Due to how containerized most linux distros are, they avoid targeting linux desktop users.

    • ∞ 🏳️‍⚧️Edie [it/its, she/her, fae/faer, love/loves, ze/hir, des/pair, none/use name, undecided]@hexbear.netEnglish
      18·
      21 days ago

      Wine does not sandbox in any way at all. When run under Wine, a Windows app can do anything your user can. Wine does not (and cannot) stop a Windows app directly making native syscalls, messing with your files, altering your startup scripts, or doing other nasty things.
      You need to use AppArmor, SELinux or some type of virtual machine if you want to properly sandbox Windows apps.
      Note that the winetricks sandbox verb merely removes the desktop integration and Z: drive symlinks and is not a true sandbox. It protects against errors rather than malice. It’s useful for, e.g., keeping games from saving their settings in random subdirectories of your home directory.

    • dannoffs [he/him]@hexbear.netEnglish
      8·
      21 days ago

      Due to how containerized most linux distros are, they avoid targeting linux desktop users.

      What? Most desktop linux installs only have a few programs in containers. I think the only “containerized” thing I have on my system is the steam flatpak. It is growing in desktop use but containerization is much more of a server side thing.