Can viruses steal people's bitcoin purses? What can be done for protection?

[manixrock]

With worms and viruses having access to millions of computers (botnets) and stealing private information so easily, it's not hard to envisions adding a setting to those bots to steal someone's bitcoins. Unlike stealing credit card information, this gives an immediate and anonymous reward with zero extra effort.

Is there anything in place to try to prevent such theft? Providing an option for username/password encryption would be a good start, but if people (especially people inexperienced with computers) are going to use bitcoins with large sums of money, they should have a way to protect it.

Another issue is one of backup. If a hard drive fails and there is no backup of the bitcoins purse you loose it all. There should be a way to back up the latest version of the purse file in another place (either on another computer or on the internet), and that one needs to be at least as secure as the one you're using.

Finally there's the issue of mobility. If you use bitcoins on a non-mobile platform, there should be an easy way to access the funds from other places. People who aren't very good with computers will find it hard to move the bitcoins program along with the purse to another device.

These three issues seem to need a good balance of ease of usability and security. Banks can achieve a good level of security because everyone using their services is identifiable. How can we achieve high security in an anonymous environment?

[1714032579]

1714032579

[1714032579]

1714032579

[fabianhjr]

As of security if you don't want to get infected don't install or download shit.

As of the hardrive failure use a RAID 1 or 5 and do remote backups to a box you have in a vacation house or with a trusted party.(With your wallet encrypted over there + stego)

As of the mobility part there is a bounty for an Android app. Maybe that is what you are searching.

Basically there are ways to prevent this scenarios(theft || loses) from happening and once they happen you are pretty much srewed.

[davux]

I totally agree that the keypairs should be stored or exportable/importable as files that one can carry around, backup etc., pretty much like GPG and SSH keys. They would then need to be passphrase-protected, too.

[Mike Hearn]

I'm not sure I agree that "banks achieve a high level of security", there is an endless stream of horror stories of people getting their online banking sessions stolen by Zeus and having tens of thousands of dollars drained out of it. Some banks do security right and others don't.

For BitCoin, I think the right approach here is mobile apps that automatically make encrypted backups (which is why I'm working on one). Mobile OS' aren't 100% bulletproof but they're a lot harder to infect than Windows/MacOSX/Linux, so that's a good place to start.

If you want something more like what regular banks provide, you could host your wallet at a remote "BitCoin Bank" like mybitcoin, and use a 2-factor calculator to sign transactions. This is how my bank (UBS) handles it and it works pretty well, at a cost of convenience.

[brocktice]

For backups, I recommend just scripting a dump of the wallet backup from bitcoin, encrypting it to yourself with GPG, and putting it anywhere. I like Dropbox or JungleDisk, but whatever floats your boat.

I'm less clear about the best way to protect one's wallet in case of compromise. I think distributing one's wallet contents around a few machines might help reduce risk, but I don't want thousands of bitcoins to be susceptible to compromise of my computer, even if I try very hard to keep things secure.

[Nefario]

Once your system is compromised (you have a virus/trojan) then you have lost. Even with encryption, at some point you must enter a password to access your bitcoins, and once you do the virus/trojan will have your password, with which it can use to decrypt your wallet.

Don't get infected, don't become compromised. Use an Apple computer with OSX or Linux, these are the safest options. Staying with windows will become very risky in the future.

[brocktice]

Once your system is compromised (you have a virus/trojan) then you have lost. Even with encryption, at some point you must enter a password to access your bitcoins, and once you do the virus/trojan will have your password, with which it can use to decrypt your wallet.

Don't get infected, don't become compromised. Use an Apple computer with OSX or Linux, these are the safest options. Staying with windows will become very risky in the future.

Well, I use Linux for everything, but I'm sure if the financial motives are high enough, someone will find a way to sneak something on to Linux boxes.  I try to be secure, but there's only so much I can do. I might consider keeping my wallet in a maximally-isolated and locked-down machine.

[jgarzik]

First step:  the devs should enable the db4 database feature that AES-encrypts the wallet.dat database on disk.  The wallet should never be stored unencrypted by default, IMO.

[Gavin Andresen]

"Just turn on Berkeley db encryption and you're done" -- ummm:

First, unless I'm reading the bdb docs wrong, you specify a password at database creation time.  And then can't change it.

So, at the very least, somebody would have to write code that (safely) rewrote wallet.dat when you set or unset or changed the password.

Second, encrypting everything in wallet.dat means you'd have to enter your wallet password as soon as you started bitcoin (because user preference are stored in there right now), when ideally you should only enter the password as you're sending coins.

And third, there are all sorts of usability issues with passwords.  Users forget their passwords.  They mis-type them.  I wouldn't be terribly surprised if doing the simple thing and just encrypting the whole wallet with one password resulted in more lost bitcoins due to forgotten passwords than wallets stolen by trojans.

I think creating a safe, useful wallet protection feature isn't easy, and there a lot of wrong ways to do it.

[davux]

encrypting everything in wallet.dat means you'd have to enter your wallet password as soon as you started bitcoin (because user preference are stored in there right now),

Are there plans to change this? bitcoin.conf or any other file would sound like a better place than the very wallet for storing user preferences.

[ByteCoin]

There is no effective solution to this problem until the wallet handling code can be completely separated from the networking client. See http://bitcointalk.org/index.php?topic=1691.msg20718#msg20718
Attempting to improve security by having a password on the client is no improvement as noted by Nefario and has significant problems as noted by gavinandresen.

ByteCoin

[brocktice]

IMO there is a market for a very secure bitcoin bank. Not sure how that would best be done, nor how people could know to trust it, but I would certainly be interested. Bonus points for being in a jurisdiction that's likely to give any government that comes calling the finger.

No, mybitcoin and mtgox are not suitable.

[bitcoinex]

Platinum threads of the bitcoin.org

[jgarzik]

Sure there are all sorts of problems with passwords and passphrases; those are at least a well known and defined solution space.

But most modern crypto software has the ability to ensure your private keys remain in an encrypted store on the filesystem.  Good software has that encryption enabled by default.

[Local]

IMO there is a market for a very secure bitcoin bank. Not sure how that would best be done, nor how people could know to trust it, but I would certainly be interested. Bonus points for being in a jurisdiction that's likely to give any government that comes calling the finger.

No, mybitcoin and mtgox are not suitable.

Double bonus points from me not existing legally and existing physically in two unrelated jurisdictions so called.

[asdf]

A cheap solution could be to store your "savings" in an offline "vault" and keep smaller amounts in your online client for day to day spending. this limits your risk.

[doublec]

Don't get infected, don't become compromised. Use an Apple computer with OSX or Linux, these are the safest options. Staying with windows will become very risky in the future.

Linux servers get compromised all the time thanks to badly written web applications (just to pick one common vector). If I was a malware author the first servers I'd be targeting would be those offering bitcoin services so I could get access to the wallet.

[Hal]

If the private keys in the wallet were encrypted, then the virus couldn't get them until you entered your password to make a payment. This might give you a chance to discover and eliminate the virus before it can do harm.

[ShadowOfHarbringer]

If you're using Linux for bitcoin & only install software from signed repositories & keep system up to date, then probability of infection is almost unexistant.

You should be more worried if You're using Windows however.

[jgarzik]

If you're using Linux for bitcoin & only install software from signed repositories & keep system up to date, then probability of infection is almost unexistant.

You should be more worried if You're using Windows however.

Sadly Linux installs with outdated patches tend to get penetrated quite often.  Hosting software, in particular, is often copied into a webspace by an "install script" and just left to rot, unpatched.

The rate of infection on Windows is very high, much higher than Linux, but I'd argue that is due as much to raw numbers -- the largest attack audience with a single binary -- as shoddy engineering, today.

And I say this as a die-hard Linux hacker, who was proudly Microsoft-free for over ten years (sadly this is no longer the case, with the Xbox and wife's laptop).