Bitcoin Forum
December 08, 2016, 02:39:03 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: A Better Security Implementation Technique Than Encryption?  (Read 1174 times)
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280


View Profile
June 29, 2011, 09:55:56 AM
 #1

If this is true...

Encryption is not some magic dust you sprinkle on an application and it magically becomes secure. If you can come up with a wallet encryption scheme that has more upsides than downsides, there's a good chance it will be implemented.

IMO, that's just inviting disaster. The client should only be running on machines that are inherently secure. Doing this will encourage people to run the client on insecure machines, which will compromise their wallets even if they are encrypted. Strong passwords will be forgotten, leading to lost BitCoins. Weak passwords will be brute forced, accomplishing nothing.

Emphasis mine.

Then why do we not simply force the use of the windows security center into all windows builds of bitcoin by default (or enforce the windows security center to be running unless the user is "advanced" and clicks otherwise)...

The windows security center for those are are not aware is a notification nag system on windows that constantly nags the user to download the latest virus scanner, make sure their firewall is up, to enable the virus scanner and all updates, etc...

If every "basic" windows user was forced to do this by default, I think we could cut down on 90% of the possible thefts by trojan at least - all without much work on our part.

Linux systems would be considered safe for now from trojans and would not require the default security settings.
1481207943
Hero Member
*
Offline Offline

Posts: 1481207943

View Profile Personal Message (Offline)

Ignore
1481207943
Reply with quote  #2

1481207943
Report to moderator
1481207943
Hero Member
*
Offline Offline

Posts: 1481207943

View Profile Personal Message (Offline)

Ignore
1481207943
Reply with quote  #2

1481207943
Report to moderator
1481207943
Hero Member
*
Offline Offline

Posts: 1481207943

View Profile Personal Message (Offline)

Ignore
1481207943
Reply with quote  #2

1481207943
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481207943
Hero Member
*
Offline Offline

Posts: 1481207943

View Profile Personal Message (Offline)

Ignore
1481207943
Reply with quote  #2

1481207943
Report to moderator
1481207943
Hero Member
*
Offline Offline

Posts: 1481207943

View Profile Personal Message (Offline)

Ignore
1481207943
Reply with quote  #2

1481207943
Report to moderator
mouse
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 29, 2011, 01:30:14 PM
 #2

seems related to my post earlier
http://forum.bitcoin.org/index.php?topic=23085.0


Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
June 29, 2011, 01:36:10 PM
 #3

it's called trusted computing. http://en.wikipedia.org/wiki/Trusted_Computing

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
June 29, 2011, 03:07:48 PM
 #4

Then why do we not simply force the use of the windows security center into all windows builds of bitcoin by default (or enforce the windows security center to be running unless the user is "advanced" and clicks otherwise)...

The windows security center for those are are not aware is a notification nag system on windows that constantly nags the user to download the latest virus scanner, make sure their firewall is up, to enable the virus scanner and all updates, etc...

If every "basic" windows user was forced to do this by default, I think we could cut down on 90% of the possible thefts by trojan at least - all without much work on our part.
My sense is that most users who are compromised by malware and viruses are actually running the Windows security center. However, I'm not strongly opposed to the idea of the client warning users if their system seems insecure. (Though this could clearly get ridiculous. I don't see any point in having a huge table of specific issues we check for. Oh, you don't have this patch. Your version of this DLL is too old. And so on.)

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280


View Profile
July 03, 2011, 09:48:28 AM
 #5

Then why do we not simply force the use of the windows security center into all windows builds of bitcoin by default (or enforce the windows security center to be running unless the user is "advanced" and clicks otherwise)...

The windows security center for those are are not aware is a notification nag system on windows that constantly nags the user to download the latest virus scanner, make sure their firewall is up, to enable the virus scanner and all updates, etc...

If every "basic" windows user was forced to do this by default, I think we could cut down on 90% of the possible thefts by trojan at least - all without much work on our part.
My sense is that most users who are compromised by malware and viruses are actually running the Windows security center. However, I'm not strongly opposed to the idea of the client warning users if their system seems insecure. (Though this could clearly get ridiculous. I don't see any point in having a huge table of specific issues we check for. Oh, you don't have this patch. Your version of this DLL is too old. And so on.)

It wouldn't be too ridiculous to ensure that they have any of the top 10 used virus scanners in place (you could update that list every month or so to stay current) and are updated to the latest version of windows updates.

If they choose to disregard the warning, who cares? At least they were warned... that way nobody can make another huge case about "Wah, wah, wah my $1M+ bitcoins were stolen right from under my nose while I was on the computer... WHA HAPPENED?!"
X68N
Hero Member
*****
Offline Offline

Activity: 546


View Profile
July 03, 2011, 10:09:58 AM
 #6

Even when you are Windows up-to-date and have the latest Virusscanner+Updates
It gives you absoluteley NO WARANTY that you are safe!
I got 2 times infected and my Scanner was bypassed (Avira Antivirus, Windowsfirewall) i switched to AVG now.
(as a user with over 15 years expierience, finally i know that i was infected so there was no damage only time consuming reinstalling.
I have an seperate PC just for Internet without sensitive Files).

Also most users surf with admin-rights so a Virusscanner is an easy opponent for the most
worms/trojans...

Also the problem of new trojans, which use securityholes where actually
no fix exists and no Antivirussignatures are aviable.
Read the Wikipedia article about Stuxnet trojan, how powerfull trojans are today and will be in the future...

Also the Google Image search is a big Trojanthrower, they "need" javascript on, but exact that is why
the trojans come to the users. I dont use it anymore. (you get a virus by watching normal pics, no porn or similar is needed xD)

- - So this is not a solution. The Security Center is not able to secure the Bitcoind Money- -

i link to my thread where i discuss a real Solution for this:
http://forum.bitcoin.org/index.php?topic=23476.0

Coinbase - All your money are belong to us  Cheesy -> http://de.wikipedia.org/wiki/All_your_base_are_belong_to_us
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!