Ok, recognizing that Wine is running in order to execute a different code is not welcome. But still there are features that Wine does not implement or does not want to implement. In that case the only workaround is to execute a different code based on the OS. If there is a vulnerability then it is not avoided through obscurity (i.e. by not providing an official API or method to recognize Wine). A virus writer that want's to target Wine/Linux will find several methods and try them all inside his code. Actually a default Wine installation creates the Z: symlink, so a part of the methods above described I just have to run "Z:/bin/uname -a" to get the exact linux version. Or I may try to read the contents of the file "Z:/etc/system-release". And through Z: I can run *any* linux program too. Andrea
