Bitcoin client on Windows - best practices?

[geek-trader]

My buddy is just now getting into Bitcoin.  Unfortunately, he is a Windows user.  I don't use Windows at all, and I don't have access to a Windows machine, so I can't really try stuff out in advance for him.

Is there a thread or an article about "best practices" for securely using the bitcoin client on Windows that I can point him to?  Is it as easy as putting the wallet.dat on an encrypted USB stick and making sure your anti-virus is up to date?

He's not a super computer user, but he's reasonably savvy.  He can follow instructions without messing them up.

"Don't use Windows" is an answer I already tried with him. 

Thanks!

[1715301868]

1715301868

[1715301868]

1715301868

[1715301868]

1715301868

[1715301868]

1715301868

[1715301868]

1715301868

[1715301868]

1715301868

[Gabi]

But are you savvy? By reading this thread i suppose not, cause windows is safe as any other system if properly used. This "omg windows is unsafe" thing is false

[natman3400]

But are you savvy? By reading this thread i suppose not, cause windows is safe as any other system if properly used. This "omg windows is unsafe" thing is false

Not really. Windows requires greater security practices to be safe. In theory it's just as safe as anything else. But let us not forget Linus's law. Microsoft has even gone and let some flaws in windows that can be exploited get published well before they fixed them.

My buddy is just now getting into Bitcoin.  Unfortunately, he is a Windows user.  I don't use Windows at all, and I don't have access to a Windows machine, so I can't really try stuff out in advance for him.

Is there a thread or an article about "best practices" for securely using the bitcoin client on Windows that I can point him to?  Is it as easy as putting the wallet.dat on an encrypted USB stick and making sure your anti-virus is up to date?

He's not a super computer user, but he's reasonably savvy.  He can follow instructions without messing them up.

"Don't use Windows" is an answer I already tried with him. 

Thanks!

Thats one way to do it, another way would be to just make a ubuntu live usb and put bitcoin on it (with the bitcoin wallet in something like a truecrypt container, so you can still boot to ubuntu), and then use this to store bitcoins, and then put a separate truecrypt volume on the drive for the wallet he uses in windows.

[geek-trader]

I gave up on Windows years ago.  I hear it's gotten better, but I have not used it since XP, so I don't know that first hand.  I do know that every single user that had his wallet.dat / BTC stolen was using Windows.

I'm asking because I know Linux and I know how to secure Linux, I know OSX and I know how to secure OSX, but I do not know Windows or how to secure Windows.

If you're so sure that Windows is secure, then tell me how to tell my buddy to secure his wallet.dat on Windows.  Or point me to a forum thread or article discussing such.

I used the forum search, but it kinda sucks.

[geek-trader]

Thats one way to do it, another way would be to just make a ubuntu live usb and put bitcoin on it (with the bitcoin wallet in something like a truecrypt container, so you can still boot to ubuntu), and then use this to store bitcoins, and then put a separate truecrypt volume on the drive for the wallet he uses in windows.

This is basically what I have done for myself.  A "secure" wallet that is on a live Ubuntu CD, and my everyday wallet on my Mac, on an encrypted volume.  Hell, I can even set up a secure wallet for him.  This is a step int he right direction.

I need to get a Windows box to mess with.

[natman3400]

I gave up on Windows years ago.  I hear it's gotten better, but I have not used it since XP, so I don't know that first hand.  I do know that every single user that had his wallet.dat / BTC stolen was using Windows.

I'm asking because I know Linux and I know how to secure Linux, I know OSX and I know how to secure OSX, but I do not know Windows or how to secure Windows.

If you're so sure that Windows is secure, then tell me how to tell my buddy to secure his wallet.dat on Windows.  Or point me to a forum thread or article discussing such.

I used the forum search, but it kinda sucks.

This. When I worked in the department of the university i work at that did the PCI DSS a while back, our number one rule was if you used windows, it had to be the special one JUST for POS. For people making the move to PCI DSS compliance that were already using windows, we had to go through and swap everything that we could with some type of UNIX (which got odd looks from the computer illiterates at the POS, less so when we had the money to put in a mac server). God, we actually had this one incident were there was a keylogger on the servers used at the pharmacy. How do you get a keylogger on a computer thats running in headless mode? Only with windows. So many horror stories can be told about windows.

Personally I keep my secure wallet on an encrypted volume on my BSD drive. Why do I have a BSD drive? Because the only people that use BSD in any form are usually OS X users, and I'm 100% sure that Mac Binaries aren't compatible with the BSD distro I have, so there would be little interest in making malicious software for it. And it doesn't even have a GUI, I just use bitcoind. Id like to see someone get a virus on there in the two wget's I did and the blockchain i have downloaded.

[Serith]

My buddy is just now getting into Bitcoin.  Unfortunately, he is a Windows user.  I don't use Windows at all, and I don't have access to a Windows machine, so I can't really try stuff out in advance for him.

Is there a thread or an article about "best practices" for securely using the bitcoin client on Windows that I can point him to?  Is it as easy as putting the wallet.dat on an encrypted USB stick and making sure your anti-virus is up to date?

He's not a super computer user, but he's reasonably savvy.  He can follow instructions without messing them up.

"Don't use Windows" is an answer I already tried with him. 

Thanks!

TrueCrypt has a feature to create Hidden Operating System http://www.truecrypt.org/docs/?s=hidden-operating-system . If i understand it right, it allows to boot either normal or encrypted Windows environment , your friend could make the setup and use encrypted Windows for bitcoin only. I think that's as far as security can go with windows, make sure he or she is not browsing porno sites though.

[natman3400]

My buddy is just now getting into Bitcoin.  Unfortunately, he is a Windows user.  I don't use Windows at all, and I don't have access to a Windows machine, so I can't really try stuff out in advance for him.

Is there a thread or an article about "best practices" for securely using the bitcoin client on Windows that I can point him to?  Is it as easy as putting the wallet.dat on an encrypted USB stick and making sure your anti-virus is up to date?

He's not a super computer user, but he's reasonably savvy.  He can follow instructions without messing them up.

"Don't use Windows" is an answer I already tried with him. 

Thanks!

TrueCrypt has a feature to create Hidden Operating System http://www.truecrypt.org/docs/?s=hidden-operating-system . If i understand it right, it allows to boot either normal or encrypted Windows environment , your friend could make the setup and use encrypted Windows for bitcoin only. I think that's as far as security can go with windows, make sure he or she is not browsing porno sites though.

My sisters father-in-law actually got in ALOT of trouble because one of his employees was doing that on the company computer at the front desk. There were so many viruses on the thing, but lucky for him, the client data was stored in a custom format none of th viruses seemed to notice.

That truecrypt hidden os thing seems good, just as long as the only thing he does on the internet is go straight to bitcoin.org to get the client on that install.

[bittab]

http://bittab.io

the best ticker for Windows ever since.. until today

[BrewMaster]

well it depends on how much bitcoin your friend owns and also it depends on how much he values his security!

for example if he owns a large sum of bitcoin then it justifies buying a hardware wallet and be safe instead of having a false sense of security by storing his wallet file on a USB and loading it into a possibly already infected windows machine!

or if he values his security but  doesn't want to buy/trust a hardware wallet he can learn how to use Linux. he doesn't have to become a super expert in it to be able to use it. there are some pretty basic stuff that he needs to do and they are all easy.

[bob123]

But are you savvy? By reading this thread i suppose not, cause windows is safe as any other system if properly used. This "omg windows is unsafe" thing is false

Not really, no.

More than 90% of all malware is written for windows.
So statistically, 9 out of 10 times you get malware on your linux, it won't do shit. Alone this makes linux/mac more safe to use with crypto than windows.

But even if you ignor this fact, the fact that you have hundreds of services running on windows compared to about 5 or 10 in linux should make it obvious how big the difference in attack surfaces between windows and linux is.
Not to mention that linux is mostly open source and way better inspected than closed source windows with daily vulnerabilities being discovered..


@OP
It mostly depends on the amount he want to store.
Generally, an USB stick with an encrypted version of the wallet file is not the ideal solution since each time you want to access the wallet it has to be decrypted (which opens up attack vectors).

If he is going to store a reasonable amount, tell him to get a hardware wallet.
Or, if he isn't going to touch the coins for quite a long time, let him create a paper wallet (properly offline).

But if the amount is relatively small, a proper (password protected) wallet should be fine.
If he doesn't have the intention to support the network, electrum (https://electrum.org/#home) should be suitable for him.
He even has the option to use electrum with 2fa (does cost a fee per transaction!). In this case the funds still stay under full control of your friend, but they can not be stolen since the PC does only hold 1 out of 3 keys. Another key is hold by TrustedCoins (the 2fa provider), and the 3rd key can be retrieved from the seed he has to back up.

[micle222]

Before I apologize for the lack of understanding of the strands of explanation.

But maybe I can advise you if you install other applications that are connected to cryptocurrency assets such as Bitcoin and Altcoins, then don't just install.
Moreover, I have read that there is anti-virus, anti-virus can be an application that is inserted by hackers to steal your Bitcoin, so be careful.