|
Title: A Better Security Implementation Technique Than Encryption? Post by: gigabytecoin on June 29, 2011, 09:55:56 AM If this is true...
Encryption is not some magic dust you sprinkle on an application and it magically becomes secure. If you can come up with a wallet encryption scheme that has more upsides than downsides, there's a good chance it will be implemented. IMO, that's just inviting disaster. The client should only be running on machines that are inherently secure. Doing this will encourage people to run the client on insecure machines, which will compromise their wallets even if they are encrypted. Strong passwords will be forgotten, leading to lost BitCoins. Weak passwords will be brute forced, accomplishing nothing. Emphasis mine. Then why do we not simply force the use of the windows security center into all windows builds of bitcoin by default (or enforce the windows security center to be running unless the user is "advanced" and clicks otherwise)... The windows security center for those are are not aware is a notification nag system on windows that constantly nags the user to download the latest virus scanner, make sure their firewall is up, to enable the virus scanner and all updates, etc... If every "basic" windows user was forced to do this by default, I think we could cut down on 90% of the possible thefts by trojan at least - all without much work on our part. Linux systems would be considered safe for now from trojans and would not require the default security settings. Title: Re: A Better Security Implementation Technique Than Encryption? Post by: mouse on June 29, 2011, 01:30:14 PM seems related to my post earlier
http://forum.bitcoin.org/index.php?topic=23085.0 Title: Re: A Better Security Implementation Technique Than Encryption? Post by: grue on June 29, 2011, 01:36:10 PM it's called trusted computing. http://en.wikipedia.org/wiki/Trusted_Computing
Title: Re: A Better Security Implementation Technique Than Encryption? Post by: JoelKatz on June 29, 2011, 03:07:48 PM Then why do we not simply force the use of the windows security center into all windows builds of bitcoin by default (or enforce the windows security center to be running unless the user is "advanced" and clicks otherwise)... My sense is that most users who are compromised by malware and viruses are actually running the Windows security center. However, I'm not strongly opposed to the idea of the client warning users if their system seems insecure. (Though this could clearly get ridiculous. I don't see any point in having a huge table of specific issues we check for. Oh, you don't have this patch. Your version of this DLL is too old. And so on.)The windows security center for those are are not aware is a notification nag system on windows that constantly nags the user to download the latest virus scanner, make sure their firewall is up, to enable the virus scanner and all updates, etc... If every "basic" windows user was forced to do this by default, I think we could cut down on 90% of the possible thefts by trojan at least - all without much work on our part. Title: Re: A Better Security Implementation Technique Than Encryption? Post by: gigabytecoin on July 03, 2011, 09:48:28 AM Then why do we not simply force the use of the windows security center into all windows builds of bitcoin by default (or enforce the windows security center to be running unless the user is "advanced" and clicks otherwise)... My sense is that most users who are compromised by malware and viruses are actually running the Windows security center. However, I'm not strongly opposed to the idea of the client warning users if their system seems insecure. (Though this could clearly get ridiculous. I don't see any point in having a huge table of specific issues we check for. Oh, you don't have this patch. Your version of this DLL is too old. And so on.)The windows security center for those are are not aware is a notification nag system on windows that constantly nags the user to download the latest virus scanner, make sure their firewall is up, to enable the virus scanner and all updates, etc... If every "basic" windows user was forced to do this by default, I think we could cut down on 90% of the possible thefts by trojan at least - all without much work on our part. It wouldn't be too ridiculous to ensure that they have any of the top 10 used virus scanners in place (you could update that list every month or so to stay current) and are updated to the latest version of windows updates. If they choose to disregard the warning, who cares? At least they were warned... that way nobody can make another huge case about "Wah, wah, wah my $1M+ bitcoins were stolen right from under my nose while I was on the computer... WHA HAPPENED?!" Title: Re: A Better Security Implementation Technique Than Encryption? Post by: X68N on July 03, 2011, 10:09:58 AM Even when you are Windows up-to-date and have the latest Virusscanner+Updates
It gives you absoluteley NO WARANTY that you are safe! I got 2 times infected and my Scanner was bypassed (Avira Antivirus, Windowsfirewall) i switched to AVG now. (as a user with over 15 years expierience, finally i know that i was infected so there was no damage only time consuming reinstalling. I have an seperate PC just for Internet without sensitive Files). Also most users surf with admin-rights so a Virusscanner is an easy opponent for the most worms/trojans... Also the problem of new trojans, which use securityholes where actually no fix exists and no Antivirussignatures are aviable. Read the Wikipedia article about Stuxnet trojan, how powerfull trojans are today and will be in the future... Also the Google Image search is a big Trojanthrower, they "need" javascript on, but exact that is why the trojans come to the users. I dont use it anymore. (you get a virus by watching normal pics, no porn or similar is needed xD) - - So this is not a solution. The Security Center is not able to secure the Bitcoind Money- - i link to my thread where i discuss a real Solution for this: http://forum.bitcoin.org/index.php?topic=23476.0 |