Bitcoin Forum

What is the chance on a Windows 10 system, Microsoft get access to my Bitcoin priv. keys if I don't adopt any special security arrangements ?

Bill Gates is definitely going to steal our bitcoins and dump them because Bitcoin is pure evil... How about no?

I have been using Windows 10 for a long time and nothing bad happened so far. There are many guides which show how to disable telemetry but it has nothing to do with the security of your coins. If you are really paranoic then consider buying a hardware wallet or switch to other operating system which is based on Linux and is open-source.

I think they wont and there is no chance that they can retrieve your private key from your PC.
You should be aware of any viruses and malware because they can steal your keys if your PC is infected that is why we need 3rd party software to protect our PC to any malicious files and viruses.

If they do that no one will use and buy this kind of OS instead people will switch to Linux or Mac OS for better security.

???

Slimmer than getting infected by some crypto-stealing malware or falling for some phishing site.

If you're worried about the safety of your coins, do yourself a favour and either get yourself a hardware wallet or set up a dedicated offline device for cold storage. You'll sleep better.

Considering that Microsoft hasn't emptied our bank accounts, credit cards, paypal in the past I would say you dont need to worry about that  ;)

the problem with windows operating systems is not the Microsoft itself. they are not making money by stealing your money. the problem is with the weaknesses that it has and worst of all with the backdoors that they have intentionally placed in this closed source operating system. many of them are unknown and when they are found they are exploited by hackers and lead to your loss.

Linux is a good solution as it is being suggested but you still should only think about cold storage if you want true security.

You can also produce a cold storage with any OS, as long as it is not connected to the internet.

Exactly. Microsoft aren't going to phish your private keys. They have a marketcap of $750 billion. They would lose far, far more money if it was discovered they were doing this than they would gain from stealing a handful of bitcoin.

Having said that, although they almost certainly won't steal your private keys, usernames, password, etc. you should be very concerned that Windows 10 very much could steal all these things, if they wanted. It collects all of your data, including everything from your name, relationships, contacts, hobbies, etc, to your browsing history, keystrokes, microphone and webcam input, and online purchases. By using Windows 10, Microsoft also have the right to share any of this data with any third party, without your consent. They have a complete profile of you and everything you do. So although Windows 10 might be relatively safe, it is a privacy nightmare.

I have used Windows since 80s ... I know it has security flaws, but ofc it's not a scam, it will never still your money.

It has also privacy problems, like Google...

I know Linux is far safer and better for developers, but it has compatibility limitations and it is, imo, not so convenient to use (in terms of interface). For average user it windows 10 is ok.

If you want only to use the computer for cryptocurrency, ofc Linux is better.

I believe everyone should start checking Bitkey Linux, https://bitkey.io/

It's a good concept, but it needs an update, and some publicity. It also might debatably be as good as hardware wallets.

Windows not being a scam is kinda stretching it  ;D
it won't steal your money , will just make you overpay for their license, nothing else
and yes, Microsoft has better things to do than trying to steal your coins
for example, fixing the numerous never ending stream of bugs their products are
if you do not wanna use windows because you are afraid they would steal your data, there are many Linux based OS out there
also plenty of tinfoil to make hats from

It is true that the license is very expensive but it does come with certain advantages. I have used both pirated and genuine Windows OS's in the past and a genuine OS is much safer, I have never experienced the blue screen of death or freezing that used to happen when I used a pirated OS. A genuine OS + good AntiVirus software is the minimum we should invest in especially if dealing with exchanges, keys, wallets etc. 

https://www.qubes-os.org/

Qubes OS is a security-oriented operating system (OS). The OS is the software that runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software (FOSS). This means that everyone is free to use, copy, and change the software in any way. It also means that the source code is openly available so others can contribute to and audit it.

** Well worth a look at if your wanting to take OS security and privacy seriously.

I have been testing this for a few months now and it seems like a very nice solution for multiple wallet installs if you are unsure of the authors code the vm's in this cannot interact thus allowing for a more secure enviro to work in or store coins.

What's the point of trusting your bitcoins inside a closed source environment? If you have private keys inside an operating system in which you have no idea what's going on at any rate, it's like keeping a chest full of gold inside shark infested waters. The chest can protect the gold, but for how long?

Much better to move your gold chest into clean waters (that is, an offline linux laptop, with wifi cards removed, and any other stuff that could connect to the outside world). Install a full client there, then install the same full client in an online computer and learn how to move the raw tx from the offline laptop into the online laptop to broadcast it and you are safe.

Good suggestion. I believe Peter Todd is a Qubes user, and swears by it. Although, it will require you to install it in a high-end computer.

Mint is a cool Linux distro to be starting your acquaintance with Linux based OS es
nowadays, Linux is not like it used to be where you had to compile core and make sure your hardware
was on the list of supported by OS, which was quite a short list :)
so people chose Windows systems because of their plug-and-pray , sorry, plug and play
things changed, a lot and Linux is much friendlier nowadays 
and what is more important, safer and cheaper than Windows

I have it installed on a few Lenovo Thinkpad's 8GB ram and SSD runs perfect thought I would have to say at setup don't select the auto setup or you will end up with about 10 pre-set VM's as a default.  The other advantage of this OS is the fact it runs direct via Whonix gateways and is extremely secure way to operate.

Never knew Peter was a user of Qubes interesting,

Microsoft cannot affoard to get this blame. No one will use windows if they ever steal our money. Nothing to worry about.

The chance is 100%. As long as this system comes with a default keylogger, your personal data is insecure.
It must not be Microsoft who uses your data. Wouldn't make sense. But what about their armada of external consultants, or any other person, who could look into the data, when data is transferred over wires, or remote support, or, or, or ...

The whole thing about bitcoin is "BE YOUR OWN BANK". Would you trust a bank without any fences? If yes, go and use Windows, but don't wine around for lost or stolen bitcoins. Forums are full of this...

Summary: one cannot accuse Microsoft to actually steal "your" data, but the numerous occasions of data theft and lost privacy makes Windows a product, that cannot be recommended "out of the box" in security relevant environments. You need to invest many many hours, to get it to a level, where it can be considered "secure enough". You can save these many many hours by using a  BSD/UNIX based OS, paranoia is your/the limit :-).

I agree with everything else you say, but you are mistaken here. The number of hours you spend tweaking Windows 10 is irrelevant - it is tracking you, regardless of what you do. You can make it better, certainly, but I would never consider it "secure enough" to be using for anything truly sensitive.

Even if you turn off all tracking and telemetry features (https://thehackernews.com/2016/02/microsoft-windows10-privacy.html), Windows 10 still tries to phone home a staggering 5,500 times in 8 hours. The additional use of third party tools designed to stop this did help a bit, but these researchers still reported 2758 connections in 30 hours.

Other researchers have similarly found that even when you disable (https://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/) Windows 10 features like Cortana, it is still logging your activity and sending it to Microsoft.

Imagine this situation from the perspective of software companies making products for Windows, using Windows 10 development machines (or non-software companies competing with Microsoft or with someone MS sells your data to). Microsoft just pushed up their running costs a great deal, as those competing companies must now protect their data from Microsoft and the other companies Microsoft sells user data to. Would it be cheaper to ditch Windows completely? Maybe this wouldn't always be viable, but the incentive to support Windows as a platform is reduced now that Microsoft are behaving like this.

The chance that they can? Probably pretty good, considering that they typically get a heads-up (as is responsible) on newly discovered security vulnerabilities that could access everything on your computer.  Security researchers typically give confidential notification of their discoveries to the software vendor, remaining quiet about it for a period of time so that the vendor (Microsoft) can patch it, hopefully before the flaw is exploited in the wild.

The chance that they will? In my view, extremely unlikely, even if you are a major BTC whale.  Any such breach would almost certainly not be a company effort, but the action of a person or persons within their security teams having "gone rogue".  A business like Microsoft will have in place elaborate measures to prevent access to the full breadth of information necessary (some through vuln knowledge, some through their telemetry, etc.) in order to effectively mount an operation to steal private keys.

However, and this is key: There's a chance I'm wrong about any/all of this.  It is possible that there's a super secret team within Microsoft devoted to theft of keys, with full access to remote right into every Windows PC on the planet.  Or even worse, perhaps an algo built into their disk cleanup maintenance that runs when idle and scans your computer for wallets/keys, uploading its finds.  It is pretty clear that Windows 10 spys quite a bit, even if you take considerable steps to disable/defeat the telemetry.  The amount of tracking they've built into Windows should be something that everyone is concerned about, in particular if you create or store anything of value (confidential business documents, closed-source software, art/music/creative content that you sell for money, etc.) on your PC (and most people do in some form, on some PCs).  Consider the hacks of TV and film content that leaked and cost those studios millions of dollars.  Consider inside corporate information that could be worth lots of money to those seeking to frontrun a trade, or classified information that could be stolen from one government and sold to an adversarial government.  Given that, consider implementing the measures necessary for you to both feel safe as well those that actually make your data safer (the two are not always the same).

The way I see it, any key protection measures boil down to a tradeoff between convenience and safety, which is pretty much the same as physical money.  You could lock all of your money inside of 10 nested vaults, but then it wouldn't be very spendable.  You could carry all of your money in your wallet, but then it wouldn't be so safe if something happened to you.  In many places, you could keep wads of physical cash inside of a drawer in your unlocked house and it'd not be stolen, most of the time.  No one would try to enter your house, most of the time.  One day, however, someone may come to your door that has no problem with entering an unlocked house and taking a look around for some easy loot.  So, we generally lock our doors because it's easy and it increases the protection of what's on the other side of the lock (even nominally given the flimsy quality of many door locks).

I recommend keeping spending money in an easier to access place (but still with some protection, of course), and any savings or large amounts in more elaborate storage.  Crypto Twitter seems to be enamored with https://keys.casa/ (https://keys.casa/), including several people I'd weight very highly in having a high amount of security expertise.  They sell hardware wallets, have a multisig wallet protection service, and are also selling a pretty cool Raspberry Pi-based mini BTC/Lightning node.  You might want to check them out.

Personally, I don't hold much cryptocurrency, but here's what I do.  I use Qubes OS (https://www.qubes-os.org/) (a "reasonably secure" flavor of Linux) on an air-gapped (offline) laptop that stores all of my private keys and is protected under physical lock and key.  On the laptop, the keys are stored inside of encrypted files protected by long, manually entered diceware passphrases with pretty high entropy.  I'm sure my system has many flaws, but it works for me.  If I held substantial sums, I'd certainly spend some time looking into how to improve on it.

Best regards,
Ben

Then since you have windows, you have to also install a good enough antivirus/malware protection system, which will also "call home" and also have access to everything on your computer.
Normally nothing happens. Normally all are well intended and will not try to steal. But you never know really.

That's why for big funds it's recommended to use air-gapped cold storage or at least hardware wallets.

I don't think you need to over-complicate things with obscure distributions.

If you are a windows user and windows is all you ever knew, then simply just get Ubuntu, and you will be ok, as long as you get the setup done in an offline computer there is nothing to fear within reasonable terms. Just don't use USB pendrives to transfer data, you can buy a QR reader ideally to pass raw tx to the online node.

If your laptop is old you can try Xubuntu or even Lubuntu, but Xubuntu is a good middle term between simplicity and features. Lubuntu is insanely minimalist and can run in super old PCs but looks ancient.

The reason I was asking this question - After buying a brand new laptop "Lenovo Ideapad 330" I was downloading only the Blockchain and no other program.
The Laptop was updating in one month more than 5 times and after disable updates in "services.msr" it was still updating and download massiv data.
This was making me distrustful whats going on here and maybe you got the same problem.

I'm not saying it's impossible, because theoretically unless you block out all outgoing/incoming requests to windows servers, which can include updates, telemetry data, and all sorts of data you agree to submit by default, then Windows can have access to your data.

This is even possible for linux/ubuntu because software and package updates are enabled by defaukt, but since its an open source OS, updates are coming from a public repo, its hard to wear a tinfoil hat that big and believe that all Arch devs are out there to take your bitcoins ;D

But even for Windows, dont you think its a bit too far? If you were to mistrust big corporations, the damage they can do to you if they go "rogue" is laughably dangerous. Do you use Gmail? What if Google filtered all emails related to blockchain, web wallets, and private keys? You trust google? So what about your ISP? Maybe they could intentionally modify your traffic to screw with your payments... You can clearly see I can go all day with this, from your laptop down down to your smart toaster connected to the internet, if you were to distrust everything around you, youd never sleep.

But maybe it can help you to think of how relevant of a target you are. Do you really think Windows or any other entity that you unwillingly have to trust, care about targetting you specifically? You know there are probably hundreds or thousands of people richer than you that use that operating system, chances are very unlikely that youd be targetted unless a massive breach happens within these corporations.

On another note, just make sure your windows is legit. Ive seen with my own eyes pirated windows copies that run a miner process upon installation.

 You're right about this concern, I was accustomed to using windows7 until I got a malware that stole my bitcois during a withdrawal that I made in 2016 that changed my address to the attacker's address, so I switched to linux and since then I had no more of this problem but we never know when we are infected so we should think about the possibility of being infected, so I took advantage of buying a hardware wallet nano S, I suggest you or to generate a paperwallet downloading a TailsOS and run it offline, download the bitaddress.org or iancoleman page if you want to generate an HD wallet, download it directly from github for you to check the sha256 signature to see if you downloaded the genuine file.

After you have done this save the TailsOS ISO on a pen drive (2gb minimum) and zip the bitaddress zip (or the iancoleman_bip39 zip) and generate your paperwallet or hd wallet (if you want to add a bip39 protection to encrypt your recovery phrase would look even better, but if you have no idea what that is, search first.)

Do not forget to print the generated key or write down the recovery phrase. If you have a pc that you do not use anymore then you can consider downloading an offline wallet like electrum and generating the keys on it or the more option.

Windows 7 is an old operation system which shouldn't be used anymore. It lacks security updates and support, so you will likely have security problems.

Windows 10 is much better than 7. Ofc Linux is even safer for security, but you don't need to use it to avoid problems like you had. Windows 10 is pretty safe if you have some good habits online.

Windows 7 is old, obviously, but is actually still supported and will continue to receive security updates for another year - until January 14th 2020: https://www.microsoft.com/en-us/windowsforbusiness/end-of-windows-7-support

Having said that, I can see why people don't want to move from Windows 7 to 10. As we've seen in this thread, Windows 10 is an absolute privacy nightmare. Even if you are completely unfamiliar with linux, you have a year to learn before Windows 7 is no longer updated. That would be a better option than upgrading to Windows 10, in my opinion.

Are you sure that Windows 7 is responsible for malware that stole your BTC? Maybe the same thing would have happened even if you used another operating system. It is important to make critical and security updates for any OS, but without some good antivirus+firewall+antimalware software your OS is like house where all doors are open, and thieves come in whenever they want, and take whatever they want. You were simply a victim of Clipboard Hijacker Malware (https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/) (this is just newer version).


I agree that nothing is wrong with Windows 7, it is still very good OS and I have never problems with my coins even I store them in desktop wallet for years. Also in that time I did not experience any bigger problem with virus/malware infection, but this is because main problem is not only in OS, but in how people handle their device/OS.

It depends.  If you are running some pirated version of Windows it might come with a keylogger.

If you must use Windows you should take some extra security steps.

When you get a new dedicated PC for your cryptos.  The first thing you should do is buy a genuine version of OS, format your disks and install OS yourself.

Then buy and install VMWare and install the OS you prefer.  Be careful only to use the original iso files from trusted sources, like Microsoft.

Only run bitcoin core wallet in VMWare and keep blockchain and wallet on the USB media accessible only from the VMWare.

Never use this VMWare OS image for anything else.  If you do, start the process again, and move your coins to a new clean, encrypted wallet.

Only use wallet online when sending coins from a clean environment.  Otherwise, use dummy wallets to update the blockchain.

Create a separate VMWare OS image to access online crypto accounts.

Short version:

If you paid (close to) $100 for the legit OS and don't have any viruses that can access your PC, then no, Microsoft won't steal your Bitcoins.

I mean, yes, you could do all those things for increased security. But it would be safer, easier and cheaper to just use any old laptop/PC you have lying around, remove the WiFi card, format it, install an open source OS of your choice and run it as an airgapped wallet. Or if you want a really easy option, just buy a hardware wallet.

No


Microsoft won't steal your money, but if someone Microsoft is friendly with wants to steal your Bitcoins, Microsoft will almost certainly give them your keys.

You would be told that the money wasn't rightfully yours of course, but successful thieves always have a good psychological angle as well as brutality

That is what I use.  The idea behind VMWare is that it can detect keyloggers if configured properly.
If you get a keylogger in spite of all the precautions you will at least know and can abort and re-format, reinstall etc.

I would not put my coins in any wallet other than bitcoin core encrypted wallet.  Backed up in multiple physical locations, on various types of media.

I agree with others, a hardened version of Linux with your own version of bitcoind/cli or qt compiled from sources (on a dev machine) is the way to go.

Yes, Microsoft have many employees. I'm sure they have many security measures in place so most employees won't have the access. However, many companies tend to give more access to those with more responsibility. All you need is one of these employees with the required access to go rogue.

No, I mean Microsoft can give your data to a different organisation. As long as someone powerful enough comes up with a good enough excuse, Microsoft will happily give some other organisation your keys

All of these things are extreme edge cases imo. I doubt OP is someone shady enough, or has high enough status to become paranoid of such things. I myself would only start caring about these things if my fiat worth was in the 7 digits and above.

I'm sure there are hundreds if not thousands of people with 6-digit worth of money on their computers, so unless one of them has done some explicitly shady stuff, and actually feel targeted then it's a very long shot for either a 3rd party or for Microsoft themselves to try and pull a fast one on them.

Who said anything about being shady, paranoid or high status?

If someone thinks Windows users owe them money, and Microsoft accepts that, then there's nothing those Windows users could do to stop Microsoft handing the keys over. Except ditching Windows for all crypto stuff (or using a secure hardware wallet)

It's not happened yet, but Microsoft started as a fraud (the original Microsoft products was someone else's work), and has been consistently unscrupulous ever since. You'd be unwise to trust Microsoft with your Bitcoin keys.