My uneducated guess is that it would run inside the prefix but would have troubles with basic Windows dependencies not availiable/running, prefix’s folder structure being cut down to the most basic components and barebones, and that nothing actually runs like in Windows but is rather translated from Linux commands to Windows one and back? Meaning there’s no processes or services like in a VM, no way to run cmd or powershell scripts, nothing to steal without leaving containment? Am I wrong somewhere?
I recall there was a wave of dread about Proton leaving host system easily accessible and not implementing any security measures as they are out of scope, but if we assume it’s a virus targeting Windows, I’m half sure it would have troubles doing anything the usual way.
The malware won’t be able to do as much as it could on windows, but it can still access all of the files your user account has access to. It can steal, encrypt or delete all of your files. It can also access your microphone if you have one connected.
You can run Wine as a different user or run it with firejail to limit what it has access to.
Is it applicable to Proton in some way? I’m guilty of using less popular and thus less veried cracked software with it so I’d like some level of protection. Can I separately write it in some config file?
And you can make a separate non-root desktop profile to run it in so even if it somehow escapes containment it can’t run sudo commands or steal your main login’s data.
My uneducated guess is that it would run inside the prefix but would have troubles with basic Windows dependencies not availiable/running, prefix’s folder structure being cut down to the most basic components and barebones, and that nothing actually runs like in Windows but is rather translated from Linux commands to Windows one and back? Meaning there’s no processes or services like in a VM, no way to run cmd or powershell scripts, nothing to steal without leaving containment? Am I wrong somewhere?
I recall there was a wave of dread about Proton leaving host system easily accessible and not implementing any security measures as they are out of scope, but if we assume it’s a virus targeting Windows, I’m half sure it would have troubles doing anything the usual way.
The malware won’t be able to do as much as it could on windows, but it can still access all of the files your user account has access to. It can steal, encrypt or delete all of your files. It can also access your microphone if you have one connected.
You can run Wine as a different user or run it with firejail to limit what it has access to.
Is it applicable to Proton in some way? I’m guilty of using less popular and thus less veried cracked software with it so I’d like some level of protection. Can I separately write it in some config file?
Proton is just Wine with some modifications. You can use the same sandboxing methods you would use with Wine.
Firejail runs apps in a sandbox.
And you can make a separate non-root desktop profile to run it in so even if it somehow escapes containment it can’t run sudo commands or steal your main login’s data.