Protecting your wallet. Put it in a hidden pocket.. (read on)

[Morthawt]

If someone wants to steal your wallet they can because everyone's wallet is stored in the same place and has to be accessible to be used by the bitcoin program. So the solution is to either restrict access to the wallet or move the wallet.

To restrict the wallet run your bitcoin from a different useraccount in windows and make the folder where the wallet resides only accessible to THAT user the program is running on and its ownership reflects the same. This means file permissions and ownership changes.. Then go into your "Local Security Policy" in windows and set it so that only that username where your bitcoin runs from has access to take ownership over files. Then also in local security policy, you need to set it so that UAC requires authentication, this means not just a "press yes if you want to do this" this means "type your password to continue". Once you have done this malware cannot just change things on your system to easily access the wallet.


Another method is to move the wallet. You can use a program called Cameyo to make a portable version of bitcoin and then the wallet can be isolated in its own folder because the changes to the system it makes are "sandboxed" meaning they do not actually go into the system but rather in a dedicated folder that emulates the file system to the program, so the program (bitcoin) thinks its wallet is in the normal place but really that is cameyo telling bitcoin "Hey, this folder is your appdata" and then it just works. The only way a malware/hacker could steal your wallet with this method is to scan the entire system looking for wallet.dat which is possible.. but more work.

Another method is to run a virtual machine in your computer via VMWare, Virtual PC, Parallels, Virtualbox etc. This would completely isolate your bitcoin from your physical system by keeping ALL files hidden inside a virtual computer. Your wallet could only be stolen if the hacker gets access to your pc either physically or remotely and manually uses your computer mouse and keyboard to go into that virtual environment and copy to flash drive or upload to email your wallet from inside that environment.

Just a thought.

[bcearl]

VMs don't mean to protect your guest from the host, only the other way around.

[FreeJAC]

Let's say your wallet does get taken by malware but you have a backup copy. Could you recover and make the stolen one invalid somehow? What happens if there are two of the same wallets on the network? I would think both would become useless.

[vrotaru]

Let's say your wallet does get taken by malware but you have a backup copy. Could you recover and make the stolen one invalid somehow? What happens if there are two of the same wallets on the network? I would think both would become useless.

Send everything as soon as you got a chance to a safe account.

[bcearl]

Let's say your wallet does get taken by malware but you have a backup copy. Could you recover and make the stolen one invalid somehow? What happens if there are two of the same wallets on the network? I would think both would become useless.

If the attacker has spend your bitcoins, your backup is worthless.

Backup protects against failing disks and such, not against attackers.

[caveden]

Let's say your wallet does get taken by malware but you have a backup copy. Could you recover and make the stolen one invalid somehow? What happens if there are two of the same wallets on the network? I would think both would become useless.

Send everything as soon as you got a chance to a safe account.

And by safe account understand "an addresses generated in another wallet file". That's because if you just ask from a new address from the backup, it will get from the pool of addresses that was already there, so the thief will have it too.