The Wine issue occurs when folks try to bolt newer software onto an older release. It works in Windows. It works with Snaps. It doesn’t with Debs because of dependency version choices that Wine upstream makes (not the Ubuntu developers). Folks are erroneously assuming upstream documentation for bleeding-edge Wine will work on older (LTS) releases of Ubuntu.
It might be as simple as a volunteer at Wine updating their documentation to point folks to better answers for their release of Ubuntu, and a volunteer at Ubuntu updating the how-to-install-wine wiki page.
Hacked together a script to easily set up an environment for gamers coming to Ubuntu from Windows, based on everyone’s feedback above (since Ubuntu isn’t usually considered gamer-friendly by many misleading articles and so many gamers jump directly to Arch-based distros only to find that tools like apt, mentioned in beginner tutorials aren’t used in Arch). Let me know if you find any issues with the script. Here’s the gist: https://gist.github.com/RudraSwat/47f83d585b24defedfb8c9fb673a5564
Canonical should start to consider the security implications when everybody has Wine/Proton installed on their desktop computers, which potentially makes it very easy to create malware that can target both Linux and Windows desktops at the same time.
WannaCry did actually start encrypting the user’s file when executed on a Linux computer with Wine, but it failed to do it’s other business tho.
ClamAV is the only open source antivirus for Linux and it’s not really designed for desktop computers and does not have modern detection technologies found in other desktop antivirus software.
One more thing I noticed recently that could use improvement. I had my lock screen set to 5 mins and when there is a long cut-scene in game, it still gets locked while game is running full screen. That was a bit odd that it treated it as inactivity but I was surprised when I could just log back in and the game continued, no crash or anything. I just set it to longer time for now.
This is exactly one of the reasons why snap packages exist … there are plenty of wine based games in the snap store already … a snap can bundle the correct wine/proton version independent from what the OS is it runs on.
Snaps use per-application-home directories so if some ransomware would try to encrypt home it would default to only encrypt your game data of this particular game (this indeed only works if you as the user did not connect (or did disconnect) the snap “home” interface)
… and due to the nature of snaps it would also only be able encrypt the data of the currently running revision (snaps allow you to “snap revert” to the former version with a single command, the encrypted data would just be wiped and you’d play the old revision)
… the proper solution to protect against ransom or malware is simply to use more snaps and have more game suppliers use the snap ecosystem …
snaps do that by default, apparmor restricts all access outside of the pre-defined snap areas by default … the various interfaces then allow single pieces of apparmor access depending on the specific interface …
There is another small issue with GPUs on linux
There is no universal way of checking GPU and vRAM usage.
Most of available system monitors don’t show this metric. gnome system monitor issue ,libgtop MR
I switched recently. as long as you are willing to do a bit of tinkering it’s a pretty viable option. I still keep windows installed though for those few games that don’t work. but that’s usually because of the anti-cheat the game uses and not the game itself. but the valve is in talks with those anti-cheat companies to get it working on Linux as well.
This is not a rant against Snaps, I think they are cool for what they are and also let me take this opportunity to thank you for engaging with the community and every current and past Canonical employee for everything you guys have done - you guys rock!
But the current game catalog on Snapcraft Store is mainly just unpopular 2d indie games - I don’t think that people currently see this, as being a source for games, so it won’t do anything to improve the current situation now or in the near future.
As long as this it not how a 100% of the software is packaged and installed on Ubuntu and the system is not locked down, so this is the only way for the user to add/execute software on an Ubuntu system (at least by default or opt-in very early in deployment) and also in general a lot of desktop applications would not be very useful, if users could not access their own files, so in a lot of cases (maybe not related to gaming) such policies would not make any sense.
And what about keylogging, I guess it’s very hard to prevent logging keystrokes, because most software needs user input at some point and if the game has a VoIP system to talk to other gamers, the snap might also allow access to the user’s microphone, so it can be recorded too - so a lot can still be done from with in a protected space.
Anyway overall it will not really do anything useful to protect users from malicious attacks, because the malware can still be executed on an Ubuntu computer, maybe just not as a within a Snap then.
Also malware could just bundle Wine (that’s how the Teamviewer for Linux works), so the user doesn’t have to have Wine installed - as long as the malware can get it self executed (some how) it has a very good chance of actually to a lot of damage to the user.
Yes it would be nice if (commercial) games were distributed as Snaps, but only from a convenience standpoint, but that’s not really something I see is going to happen either, in the near future anyway .
Right now, anybody could probably easily start distributing malware to a lot of Ubuntu users, using phishing campaigns, fake websites, fake packages, fake scripts.
The only thing that is “protecting” Linux desktop users in general, is just the low number of Linux desktop users, so it’s currently not really viable for malware developers to target Linux desktops at the moment, but that’s not a very good security strategy.
I fear that the new Steam Deck device will be a mecca for malicious software, because it offers no protection at all, but it is a full desktop computer, and if it succeeds (which I hope) it will bring hundreds of thousands, if not millions of new completely insecure Linux desktop devices online in the coming years - this will be a threat to every other Linux desktop user as well, including Ubuntu users.
The gaming community can be very toxic and there is also a lot of suspicious user activity, so I would not be surprised if we see links to malicious software, spreading via chat messages to Steam Deck users, on platforms like Steam, Discord etc, that promises to boost performance or unlocking in-game stuff.
I’m very concerned right now about the current situation, so Canonical - we need a modern antivirus solution for Linux desktops right now!
Defending against a malware attack is difficult.
It mainly comes down to applying updates fast and filtering out weird e mails and their executable attachments. Static signatures miss new stuff and running everything through a suite consisting of sandbox and static analysis like Cape, peekabooav and oletools slows you down. Might be worth it at company level though.
You also need to trust your sources.
So if we get applications for gamers into Ubuntu official repositories the need to add arbitrary ppas from the Internet or run scripts and installers from github or some forum is greatly reduced.
Same is true if we make it easy to get and install the favourite games with a nice gui.
Next layer is minimal access. Root permission for the user is not the default in Linux. Less options to shoot yourself in the foot.
The Ubuntu Software experience is pretty bad, it is not really related to gaming but it affects gamers as many of them will use it to install programs like Steam or Lutris or Wine. And well, imagine if the Steam store behave like the Snap Store does, it wouldn’t be acceptable.
Also, an user shouldn’t be expected to add additional PPAs to get a Wine that lets them run Windows applications without using the CLI, it should come in the main repositories.
Other than that, there would need to be some way for users to get the latest kernel on Ubuntu easily, as there have been recent moves that improve the state of gaming on Linux.
