Ubuntu – Do Wine Viruses only work while Wine is running


I heard Linux can get viruses through Wine,and I was curious if the viruses work only while Wine is running.

In other words, could I stop a virus from doing it's thing by just quitting Wine?

Best Answer

  • Do Wine Viruses only work while Wine is running?

    Yes, if it is a trojan, rootkit, worm program specifically designed to infect Windows machine.

    (Viruses through wine has already happened.)

    could I stop a virus from doing it's thing by just quitting Wine?

    Yes, and no.


    If It's a Windows virus, kill the Windows Environment(wine), and it won't have a leg to stand on. The Virus is still installed, but its not doing any harm. If you remove wine - to the best of my knowledge - it just removes its binaries. Reinstalling wine later, will show that the applications are still installed.

    Removing the ~/.wine folder completely, however, will give some sense of safety. Mind you that if it did not copy it self somewhere else then the ~/.wine folder. In which case, you have a Windows binary somewhere, that possibly can cause harm to your system.


    If the virus is targeting Linux with Wine environment. Although the chance for you specifically to catch this rare virus is pretty slim, I would still urge you to read an article by the Wine community on how to Secure wine.

    How rare the virus may be, its still advised to secure Wine as much as possible. Especially if your on a business side of things.

    My preferred graphical front-end for Wine is PlayOnLinux, with that you have more control over your Wine environment, and there is a separate environment per application. So, if you happened to get infected by using Safari, use the Configuration options to examine and/or restore, or just delete the entire Safari Volume.

    PlayOnLinux - Configuration Excerpt image from here: PlayOnLinux Explained: Wine Configuration | GamersOnLinux


    It's a small chance, but, even after securing wine, you still might get infected by a virus or even viruses specifically designed to hack/infect Linux through wine. Just for security reasons, I have installed Malwarebytes, and SuperAntiSpyware. Also note that the custom explorer.exe - or other wine software - created by the wine team, might be considered as malicious by the aforementioned security software.

    IMHO: PlayOnLinux is a safer alternative, because you have more control over wine, with the Configuration tools. Whilst installing only wine, installs a Windows environment in your Linux system without any way of monitoring it.

    PlayOnLinux doesn't need wine pre-installed. It creates a Wine Prefix(a separate working environment) with wine. Then it will install the software in the separate Wine Prefix. Meaning, the software cannot access other environments. Thus making it harder to infect other parts of Windows software installed in a different Wine Prefix.

    Further reading:

  • Related Question