Bitcoin Forum

https://i.imgur.com/ddQzj.jpg


This is the most popular Malware Removal software. This is very bad for Bitcoins image.

That's some piece of shit software right there.

Anybody got their email address so we can fix this shit?

Who's the damaged parties? Perhaps we could make a fool out of them by complaining to certain news publication after not communicating/fixing whatever is going on.

They have a false positive reporting procedure.

http://forums.malwarebytes.org/index.php?showtopic=3228

Heh. The support guy is telling off the CEO for answering a question?

Perspective from a new user: they visit this site called Bitcoin.org that makes their browser warn them that this site shouldn't be trusted (because we still can't get a proper SSL even though it's been brought up repeatedly for months)... and then they download an executable which their antivirus says is a virus...

and we expect their natural conclusion should be, "Oh, this is no problem.  I'll send my money to MtGox shortly".

I agree, what's the hold up on the SSL?

And no facebook Vlad? I wish I had never made one, it's evil.

This is pretty much how I feel about facebook http://www.theonion.com/video/cias-facebook-program-dramatically-cut-agencys-cos,19753/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+OnionNewsNetwork+%28Onion+News+Network%29&utm_content=Google+International (http://www.theonion.com/video/cias-facebook-program-dramatically-cut-agencys-cos,19753/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+OnionNewsNetwork+%28Onion+News+Network%29&utm_content=Google+International)

Watch that if you haven't seen it Vlad.

Sorry to get off topic here...

Need to do a few things:

1) File an FP report with MalwareBytes including the log file we have

2) Ensure Windows binaries are always signed. Not just the download but all EXEs and DLLs involved.

Judging from the screenshot, MalwareBytes is using heuristics to try and spot malware. Most likely the combination of a hard-coded IRC server and HTTP related strings trigger it, as legitimate IRC software will (a) have a known signature reputation and (b) probably not be downloading things via HTTP.

It is indeed very unfortunate. I'm not sure what the Windows build process currently looks like, but I think Gavin has set up a VM somewhere for it. Hopefully he knows how to include certificates into the compiled binaries.

bitcoin executable is clean:
http://www.virustotal.com/file-scan/report.html?id=813a970b749b7a01692597774d077d89ba6e6735d62eceebe53dda479c5f2b0e-1301327690

0/42

i think your .exe got tampered with, or it got infected by a virus.

Malwarebytes isn't listed here, should we be looking for another name?

Just ran Malwarebytes, bitcoin did not show up as a threat.

I don't have winblow, so I can't test.

I'm with everyone else: I laughed out loud when I was that our SSL certificate was not signed by a CA.

Can we not get 120 bucks together?  Or at the very least have an address to donate/fund the SSL cert?

 

Is an SSL certificate really worth signing? The fact that such a thing needs to be paid for is even more laughable.

why don't they just get one of the cheap $9 dollar (Fiat) garbage ones .. just to shut up the browser and people from complaining.  Simple.

this is a 5 MILLION $ economy, if we are stupid enough to not pay 120$ to potential do A LOT of good to bitcoins, well....

A lot of good? What? To soothe the ones who don't want to go through the trouble of adding a self-signed certificate? Heh.

yes. make it regular-joe friendly.

The average person probably doesn't care too much for HTTPS. It's doubtful they even know what it is.

more bitcoin users and miners in the long run = +++++++++++++++++++++++ in my books, specially at the low cost of a SSL cert

in the long run, it will turn away many potential miners and bitcoin traders, and we will lose much more than what the SSL cert is worth. DO NOT OVERESTIMATE THE PEOPLE OF THE INTERWEBZ




Do you not get that people sometimes get a big red DONT TRUST THIS SITE from their browsers? they trust their browsers, not some random site they probably went to see if they could make $$ with their GPU (which sounds a bit doubtful to the normal person)

HTTPS isn't the default. No one should be ending up there unless they already know what they're doing.

Well, the slower the Bitcoin economy grows, the better. I still need time to purchase more Bitcoins.

NOD32 detects new heur_pe in Bitcoin (https://www.bitcoin.org/smf/index.php?topic=53.0)

Anybody can check this issue for new bitcoin versions?

And about SSL (http://www.techwatch.co.uk/2011/03/23/comodo-blames-ssl-theft-on-iran/) :)

@Theymos - You're right, bitcoin.org does not point to https by default.

When I first learned about Bitcoin a couple of months ago, it was pointing to https for some reason and Chrome had it's warning/block all up in my face.  That was my first impression of Bitcoin  :-\

I agree 100% about not underestimating the average person's lack of computer knowledge and ability to freak out if their browser says it's bad. We see a lot of this as simple but even the least knowledgeable person on these forums is way above average.
Think about the type of people who use their CD tray for a cup holder when you're trying to decide if they'll get scared not if they know how SSL works.

If no one should be ending up there, how come everybody knows this is a problem?

I have been griping about this for MONTHS.  I have already pledged BTC for the purchase of the certificate.  The "people should just trust the self-signed certificate" and "CA's are just fronts for the FBI and give your private key to the feds" myths have been debunked repeatedly.  When oh when can we just get this fixed?

I'll pitch in some money to get our certificate signed. It really doesn't look good if every browser that stumbles across our https address flashes warnings at the user.


Where'd you get the $120 figure? I just did a quick check and saw that VeriSign's cheapest option is $399 a year.

spento said that but wtv, 400$ isn't much in a 5M$ economy that is growing

I mean, about a dollar a day XD

@ryepdx - The $120 figure came as I remembered having to purchase one on the cheap about a year ago.

Heh, so Godaddy's (I know shoot me now) SSLs start at $49 - $99 - https://www.godaddy.com/ssl/ssl-certificates.aspx

And trust me Vlad, back when I was working with OpenBSD - I too signed my own SSLs because who wants to pay...  So long as the average user never gets directed to https and hit with that warning, I guess it's OK. ?  :-\

If $49 can take care of it then why not?

If bitcoin.org gets a lot more hits then I'm going to assume you'll get a lot going to HTTPS of course if it gets to the point it's really a concern $49 will be less significant than now.

Who owns / runs the bitcoin.org website anyway? Would they be hiding for some reason?

Sirius runs the website.

... and we're looking for volunteers.  See http://bitcointalk.org/index.php?topic=5052.0

Quick "why no proper SSL cert" :   because it never made it near the top of anybody's TODO list.  The task is:
 + Figure out where the bitcoin.org domain is registered and make sure the MX records/etc are pointing somewhere so verification emails from the certificate authority don't get lost.
 + buy the cert and jump through the 'verify you are who you say you are' hoops.
 + replace the self-signed cert on the web server

Sirius pays for hosting and all that? Should we donate some for the SSL cert or is the money not really an issue?

I've seen multiple people link to the HTTPS versions, so whenever I happen to click on that I get the Firefox warning. 

That's a question I've been asking. Who pays for this site?
There are no ads, no donation link, nothing. Somebody's contributing out of his own pocket...

I'm afraid that eventually someone will write a bitcoin virus.  It basically infects your computer, runs bitcoin miner, and sends any proceeds to the virus creator.  I don't want to give anyone ideas, though :(, but at least it would strengthen the network :).

Unless it could run a GPU miner it wouldn't be worth the effort :) And the people who have really good GPUs usually know what they're doing with their computers I think? Wouldn't they notice the extra heat and noise?

Hard to say.  There are a lot of ignorant consumers out there who have no idea what's inside their computer.  A lot of people have really fancy cpus and graphics cards, but are totally unaware of it and then only use their computer to browse the internet...

Some people think they have to best gaming computer in the world because they paid 3500$ for it. turns out it has a 5750 and a 980X :p