buratinas wrote: > However, even if I disable access to the kernel internals and filesystem, one problem is left unsolved: can untrusted program access any other X server resource except its own window? Suppose I am running something infected in the background and entering something confidential in a gnome application, can the virus take a screenshot? To be sure you can use Wine's virtual desktop. But even without it - windows programs limited in what they can access on X server. Wine doesn't map every X window into something win programs would understand. However some things, like DDraw do have access to the entire screen (that's the way it works). So if you don't want win program seeing something confidential on the screen - don't put it there in the first place.