Bitcoin Forum
December 09, 2016, 11:34:02 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [SECURITY] Feature request for Windows clients  (Read 927 times)
mouse
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 27, 2011, 06:28:56 AM
 #1

Hi,

A few assumptions I'd like to make:
1. most developers do not use windows, by default.
2. in the future, most new user will be using windows.
3. a large number of those users will have vulnerable machines (OS not patched with latest fixes).

Given this I'd like to propose a new feature that should be relatively easy to develop yet provide massive bang for buck in user security and positive Bitcoin press. However I'm no Win OS developer so for all I know it's impossible. Maybe via the WUApi.dll?

Whenever bitcoin is run on a windows machine that is not up to date the client shows a prominent warning icon that their wallet security is as stake.
This can link to a simple guide explaining how to turn on windows update.

If I had a lot of BTC, which I sadly don't, I would bounty this.

Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction.
1481326442
Hero Member
*
Offline Offline

Posts: 1481326442

View Profile Personal Message (Offline)

Ignore
1481326442
Reply with quote  #2

1481326442
Report to moderator
1481326442
Hero Member
*
Offline Offline

Posts: 1481326442

View Profile Personal Message (Offline)

Ignore
1481326442
Reply with quote  #2

1481326442
Report to moderator
1481326442
Hero Member
*
Offline Offline

Posts: 1481326442

View Profile Personal Message (Offline)

Ignore
1481326442
Reply with quote  #2

1481326442
Report to moderator
"You Asked For Change, We Gave You Coins" -- casascius
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 27, 2011, 06:44:11 AM
 #2

It's a nice idea.

The problem, of course, is in the implementation. It's actually quite difficult to determine - for real - if updates are available for a Windows box. Many viruses and trojans pull tricks to prevent the Windows update service from working properly, so one might determine that there are no updates when there really are. Of course some of them are none too subtle about it, so a lot of these situations would be detectable.

I'm not sure it's such a good idea to weigh down the official Bitcoin client with what would essentially be a large chunk of anti-malware code.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
zellfaze
Full Member
***
Offline Offline

Activity: 142


Security Enthusiast


View Profile WWW
June 27, 2011, 01:26:59 PM
 #3

Quote
It's actually quite difficult to determine - for real - if updates are available for a Windows box. Many viruses and trojans pull tricks to prevent the Windows update service from working properly, so one might determine that there are no updates when there really are.

We can at least try to ask Windows Security Centre whether or not they have anti-virus, updates, etc.  Even if it doesn't provide the correct answer (i.e. it lies because they already have a virus) wouldn't that be better than nothing?

I think we can query Windows Security Centre for Updates, Firewall, and Anti-virus, although I could be wrong as I know very little on the subject.

Quote
I'm not sure it's such a good idea to weigh down the official Bitcoin client with what would essentially be a large chunk of anti-malware code.

Would make a good fork though.  Alt-client: "Secure bitcoin"

A+, CCENT, CCNA
Security Enthusiast
PHP Coder

Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 27, 2011, 05:11:01 PM
 #4

Nah, that would be "SuperBitcoinAntiMalware2013". Grin

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
June 29, 2011, 03:10:24 PM
 #5

The problem, of course, is in the implementation. It's actually quite difficult to determine - for real - if updates are available for a Windows box. Many viruses and trojans pull tricks to prevent the Windows update service from working properly, so one might determine that there are no updates when there really are. Of course some of them are none too subtle about it, so a lot of these situations would be detectable.
I think the goal is more to warn a person that their box is vulnerable, not that it's compromised already.

Quote
I'm not sure it's such a good idea to weigh down the official Bitcoin client with what would essentially be a large chunk of anti-malware code.
I wonder if somebody already has a library to do exactly this. If it was already build and maintained, that might make the decision easier. Trying to have the client maintainers also maintain a list of vulnerabilities to probe seems to be a bit crazy.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!