frankiebits (OP)
|
|
March 28, 2011, 01:21:59 PM |
|
This is the most popular Malware Removal software. This is very bad for Bitcoins image.
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1020
|
|
March 28, 2011, 01:25:37 PM |
|
That's some piece of shit software right there.
Anybody got their email address so we can fix this shit?
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1020
|
|
March 28, 2011, 01:30:29 PM |
|
If the former I would suggest that it is bad for reputation of that 'malwarebytes' developers and well may be a good reason for a libel lawsuit if someone can be bothered.
Who's the damaged parties? Perhaps we could make a fool out of them by complaining to certain news publication after not communicating/fixing whatever is going on.
|
|
|
|
|
MacRohard
|
|
March 28, 2011, 02:09:43 PM |
|
Heh. The support guy is telling off the CEO for answering a question?
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
March 28, 2011, 03:05:43 PM |
|
They probably treat everything that listens on a socket and not in a whitelist as a trojan. I'd say this outfit can be simply ignored.
One of the most used anti-viruses giving a false-positive for the BitCoin client can be ignored Perspective from a new user: they visit this site called Bitcoin.org that makes their browser warn them that this site shouldn't be trusted (because we still can't get a proper SSL even though it's been brought up repeatedly for months)... and then they download an executable which their antivirus says is a virus... and we expect their natural conclusion should be, "Oh, this is no problem. I'll send my money to MtGox shortly".
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
Jered Kenna (TradeHill)
|
|
March 28, 2011, 03:08:21 PM |
|
They probably treat everything that listens on a socket and not in a whitelist as a trojan. I'd say this outfit can be simply ignored.
One of the most used anti-viruses giving a false-positive for the BitCoin client can be ignored Perspective from a new user: they visit this site called Bitcoin.org that makes their browser warn them that this site shouldn't be trusted (because we still can't get a proper SSL even though it's been brought up repeatedly for months)... and then they download an executable which their antivirus says is a virus... and we expect their natural conclusion should be, "Oh, this is no problem. I'll send my money to MtGox shortly". I agree, what's the hold up on the SSL? And no facebook Vlad? I wish I had never made one, it's evil.
|
moneyandtech.com @moneyandtech @jeredkenna
|
|
|
Jered Kenna (TradeHill)
|
|
March 28, 2011, 03:25:49 PM |
|
Well.., to be honest, one of my websites, for a few month now, has fb account with 4k facebook recommendations. Otherwise no, no twitters, no facebooks, dinosaur it is.
This is pretty much how I feel about facebook http://www.theonion.com/video/cias-facebook-program-dramatically-cut-agencys-cos,19753/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+OnionNewsNetwork+%28Onion+News+Network%29&utm_content=Google+InternationalWatch that if you haven't seen it Vlad. Sorry to get off topic here...
|
moneyandtech.com @moneyandtech @jeredkenna
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
March 28, 2011, 03:45:29 PM |
|
Need to do a few things:
1) File an FP report with MalwareBytes including the log file we have
2) Ensure Windows binaries are always signed. Not just the download but all EXEs and DLLs involved.
Judging from the screenshot, MalwareBytes is using heuristics to try and spot malware. Most likely the combination of a hard-coded IRC server and HTTP related strings trigger it, as legitimate IRC software will (a) have a known signature reputation and (b) probably not be downloading things via HTTP.
It is indeed very unfortunate. I'm not sure what the Windows build process currently looks like, but I think Gavin has set up a VM somewhere for it. Hopefully he knows how to include certificates into the compiled binaries.
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1434
|
|
March 28, 2011, 04:01:47 PM |
|
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
March 28, 2011, 04:05:27 PM |
|
Malwarebytes isn't listed here, should we be looking for another name?
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
eideteker
Newbie
Offline
Activity: 13
Merit: 0
|
|
March 28, 2011, 05:21:23 PM |
|
Just ran Malwarebytes, bitcoin did not show up as a threat.
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1020
|
|
March 28, 2011, 05:23:49 PM |
|
I don't have winblow, so I can't test.
|
|
|
|
spenvo
|
|
March 28, 2011, 07:43:42 PM |
|
I'm with everyone else: I laughed out loud when I was that our SSL certificate was not signed by a CA.
Can we not get 120 bucks together? Or at the very least have an address to donate/fund the SSL cert?
|
|
|
|
Atlas
Guest
|
|
March 28, 2011, 07:46:56 PM |
|
Is an SSL certificate really worth signing? The fact that such a thing needs to be paid for is even more laughable.
|
|
|
|
river
Guest
|
|
March 28, 2011, 08:23:00 PM |
|
why don't they just get one of the cheap $9 dollar (Fiat) garbage ones .. just to shut up the browser and people from complaining. Simple.
|
|
|
|
nster
|
|
March 28, 2011, 08:28:15 PM |
|
Is an SSL certificate really worth signing? The fact that such a thing needs to be paid for is even more laughable.
this is a 5 MILLION $ economy, if we are stupid enough to not pay 120$ to potential do A LOT of good to bitcoins, well....
|
167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Please be kind if I helped
|
|
|
Atlas
Guest
|
|
March 28, 2011, 08:30:39 PM |
|
Is an SSL certificate really worth signing? The fact that such a thing needs to be paid for is even more laughable.
this is a 5 MILLION $ economy, if we are stupid enough to not pay 120$ to potential do A LOT of good to bitcoins, well.... A lot of good? What? To soothe the ones who don't want to go through the trouble of adding a self-signed certificate? Heh.
|
|
|
|
Cusipzzz
|
|
March 28, 2011, 08:32:06 PM |
|
Is an SSL certificate really worth signing? The fact that such a thing needs to be paid for is even more laughable.
this is a 5 MILLION $ economy, if we are stupid enough to not pay 120$ to potential do A LOT of good to bitcoins, well.... A lot of good? What? To soothe the ones who don't want to go through the trouble of adding a self-signed certificate? Heh. yes. make it regular-joe friendly.
|
|
|
|
Atlas
Guest
|
|
March 28, 2011, 08:33:27 PM |
|
Is an SSL certificate really worth signing? The fact that such a thing needs to be paid for is even more laughable.
this is a 5 MILLION $ economy, if we are stupid enough to not pay 120$ to potential do A LOT of good to bitcoins, well.... A lot of good? What? To soothe the ones who don't want to go through the trouble of adding a self-signed certificate? Heh. yes. make it regular-joe friendly. The average person probably doesn't care too much for HTTPS. It's doubtful they even know what it is.
|
|
|
|
|