I already have heared about Bottles sandboxing capabilities, but, how this differs from standard Flatpak sandboxing system? Is really secure execute any Windows Software using Bottles? (yes, every machine have his vulnerabilities blah blah)
I already have heared about Bottles sandboxing capabilities, but, how this differs from standard Flatpak sandboxing system? Is really secure execute any Windows Software using Bottles? (yes, every machine have his vulnerabilities blah blah)
No, not at all. Bottles just helps you setting up different environments for running programs with Wine. They are not sandboxed in any way. The only thing they do is tell Wine “use this folder as the Windows-C-Drive”. And by default the whole root system is exposed as Z to the Wine environment (with the usual Linux permissions). And even if the root drive were not exposed there are not any mechanisms in Wine to prevent a malware from gaining access.
So… That means the current only way to keep the main system is through Virtual Machines?
Honestly, I wouldn’t even trust them. If the malware’s goal is to get into your local network it will have achieved that on a virtual machine. And as far as I know there have also been ways to break out of a virtual machine. Probably fixed by now, but who knows what else lurks there.
Just don’t run software you don’t trust.
I don’t trust in any Windows Application at all, but I think this doesn’t mean I need to live under a rock. This is the reason because I open this Post. So thank you for you help and your time :) You are very cool.
I think is a good option play videogames in a Virtual Machine when is possible. But I just want to feel “more secure” when I need to play in my host machine, for example, using sandboxing.
There’s a difference between telemetry/tracking which can at least be limited using an isolated VM, and malware which will attempt to take over your computer/network, so it really depends on why you don’t trust the program.
Imo, if you just want to run a program that’s made for windows (and you trust that it isn’t malware), then a VM or potentially even wine by itself would be sufficient. If you want to run something you think might be malware, don’t. No amount of virtual isolation will guarantee protection from malware.