So, you followed all the tutorials and now your wallet.db is safely encrypted in a Truecrypt volume.
But once a day you start the Bitcoin client to keep track of transactions and catch up with the blockchain.
While you're doing this your Truecrypt volume is mounted and the wallet.dat decrypted and accessible by all malicious applications on your computer.
To conquer the most simple attack to your wallet, the complete search for any wallets on all mounted partitions, you can make use of user rights management on Windows.
Here's how:
Note: The Truecrypt volume has to be NTFS formated in order to work with this tutorial.1.) Start
lusrmgr.msc.
- Create a new user
- Choose a password you can remember
- Remove all group memberships of this user
2.) Navigate to your Bitcoin client datadir (e.g. your mounted Truecrypt volume)
- Open up the properties of the directory and locate the security tab
- Navigate through the advanced options and deactivate the inheritance of security parameters
- Now you can edit which users are able to access the directory. Grant full access to your new user and block everyone else's.
- If everything worked as intended you will now see a lock on the directory icon the explorer. Try to open it, you should see an error message.
3.) Configure your Bitcoin client to start as the new user.
- Either: Shift+Right-click on bitcoin.exe and choose to run as a different user. Fill out username and password.
- Or: Write a short batch-script to start it (I assume most people already do that anyway)
start runas /noprofile /env /user:yournewuser "bitcoin.exe -datadir=%cd%\data"
Adjust the bold text to your environment.
4.) Everything should work now.
- Feel free to post your problems or suggestions.
