Bitcoin Forum

What if the latest bitcoin-qt is packed with a wallet-stealing trojan...

and when our anti-virus software asks us, "should Bitcoin.exe be trusted", we click Yes out of habit?

just remember EVERYONE is out to get your bitcoins, even the ones who supplied you with the initial software...

Why would a thief utterly destroy confidence in the currency/commodity/accounting-system/whatever-you-wanna-call-it he's stealing?

Actually.... It would be pretty interesting to see the results of that scenario playing out. Would the inherent value of Bitcoin be able to overcome the "taint" of having devs distribute thieving software? I very much doubt over 5% of Satoshi Client users analyzed its source code, or even compiled the program themselves -- they rely on faith in the devs.

Oh, a small step beyond.... What if everyone's lying to me and I don't exist in the reality I perceive, but everyone else (in the "real" real world) is actually watching how I act in this environment?  ::)  :P

You can verify the checksum for the Bitcoin.org client binary that you download as described here:
 - http://bitcointalk.org/index.php?topic=69355.msg813205#msg813205

There are many eyes on these releases.  Even so, if you don't trust the Bitcoin.org binary, you can always build from the github source yourself.

If you don't trust the Bitcoin.org source, you can always use another client (e.g., MultiBit, Electrum, Armory).

Also, it is not usually the case where an update needs to be performed right away -- especially if you aren't mining.  If you are concerned, there's no need to be the first to do an upgrade.

0.5.3.1 was signed (https://github.com/bitcoin/gitian.sigs/tree/master/0.5.3.1-win32) by at least four of the top Bitcoin developers. It'd be very difficult for an attacker to get these signatures on a trojan.

build.it.from.source