Editing Wine (software) (section)

===Security===
Because of Wine's ability to run Windows binary code, concerns have been raised over native Windows viruses and malware affecting Unix-like operating systems<ref>{{cite newsgroup
 |url          = http://archive09.linux.com/feature/42031
 |title        = Running Windows viruses with Wine
 |author       = Matt Moen
 |date         = 26 January 2005
 |access-date  = 23 October 2009
 |archive-date = 7 January 2013
 |archive-url  = https://web.archive.org/web/20130107055305/http://archive09.linux.com/feature/42031
 |url-status   = dead
}}</ref> as Wine can run limited  malware made for Windows. A 2018 security analysis found that 5 out of 30 malware samples were able to successfully run through Wine, a relatively low rate that nevertheless posed a security risk.<ref>{{Cite journal|last1=Duncan|first1=Rory|last2=Schreuders|first2=Z. Cliffe|date=1 March 2019|title=Security implications of running windows software on a Linux system using Wine: a malware analysis study|journal=Journal of Computer Virology and Hacking Techniques|language=en|volume=15|issue=1|pages=39–60|doi=10.1007/s11416-018-0319-9|issn=2263-8733|doi-access=free}}</ref> For this reason the developers of Wine recommend never running it as the [[superuser]].<ref>{{cite web
 | url          = https://wiki.winehq.org/FAQ?action=recall&rev=312#head-96bebfa287b4288974de0df23351f278b0d41014
 | title        = Should I run Wine as root?
 | work         = Wine Wiki FAQ
 | publisher    = Official Wine Wiki
 | date         = 7 August 2009
 | access-date   = 24 August 2009
 | archive-url  = https://web.archive.org/web/20110621230323/http://wiki.winehq.org/FAQ?action=recall&rev=312#head-96bebfa287b4288974de0df23351f278b0d41014#head-96bebfa287b4288974de0df23351f278b0d41014
 | archive-date = 21 June 2011
 | url-status   = dead}}</ref> Malware research software such as [[ZeroWine]]<ref>{{cite web
 | url   = http://zerowine.sourceforge.net/
 | title   = ZeroWine project home page
 | access-date   = 11 December 2011
 | archive-date   = 5 November 2011
 | archive-url   = https://web.archive.org/web/20111105094451/http://zerowine.sourceforge.net/
 | url-status   = live
 }}</ref> runs Wine on Linux in a [[virtual machine]], to keep the malware completely isolated from the host system. An alternative to improve the security without the performance cost of using a virtual machine, is to run Wine in an [[LXC]] container, as [[Anbox]] software is doing by default with [[Android (operating system)|Android]].

Another security concern is when the implemented specifications are ill-designed and allow for security compromise. Because Wine implements these specifications, it will likely also implement any security vulnerabilities they contain. One instance of this problem was the 2006 [[Windows Metafile vulnerability]], which saw Wine implementing the vulnerable SETABORTPROC escape.<ref>{{cite web | title=Linux/BSD still exposed to WMF exploit through WINE! | website=[[ZDNet]] | url=http://www.zdnet.com/blog/ou/linuxbsd-still-exposed-to-wmf-exploit-through-wine/146 | date=5 January 2006 | access-date=16 October 2011 | archive-date=11 August 2011 | archive-url=https://web.archive.org/web/20110811000606/http://www.zdnet.com/blog/ou/linuxbsd-still-exposed-to-wmf-exploit-through-wine/146 | url-status=live }}</ref><ref>{{cite web |title=CVE-2006-0106 - gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI - CVE-Search |url=http://cve.circl.lu/cve/CVE-2006-0106 |access-date=9 July 2019 |archive-date=9 July 2019 |archive-url=https://web.archive.org/web/20190709002903/http://cve.circl.lu/cve/CVE-2006-0106 |url-status=live }}</ref>