I already have heared about Bottles sandboxing capabilities, but, how this differs from standard Flatpak sandboxing system? Is really secure execute any Windows Software using Bottles? (yes, every machine have his vulnerabilities blah blah)

  • Björn Tantau
    link
    fedilink
    201 year ago

    No, not at all. Bottles just helps you setting up different environments for running programs with Wine. They are not sandboxed in any way. The only thing they do is tell Wine “use this folder as the Windows-C-Drive”. And by default the whole root system is exposed as Z to the Wine environment (with the usual Linux permissions). And even if the root drive were not exposed there are not any mechanisms in Wine to prevent a malware from gaining access.

      • Björn Tantau
        link
        fedilink
        51 year ago

        Honestly, I wouldn’t even trust them. If the malware’s goal is to get into your local network it will have achieved that on a virtual machine. And as far as I know there have also been ways to break out of a virtual machine. Probably fixed by now, but who knows what else lurks there.

        Just don’t run software you don’t trust.

        • I don’t trust in any Windows Application at all, but I think this doesn’t mean I need to live under a rock. This is the reason because I open this Post. So thank you for you help and your time :) You are very cool.

          I think is a good option play videogames in a Virtual Machine when is possible. But I just want to feel “more secure” when I need to play in my host machine, for example, using sandboxing.

          • @Zangoose
            link
            English
            21 year ago

            There’s a difference between telemetry/tracking which can at least be limited using an isolated VM, and malware which will attempt to take over your computer/network, so it really depends on why you don’t trust the program.

            Imo, if you just want to run a program that’s made for windows (and you trust that it isn’t malware), then a VM or potentially even wine by itself would be sufficient. If you want to run something you think might be malware, don’t. No amount of virtual isolation will guarantee protection from malware.