#BitcoinIsSafe & #WasabiIsSafe | false positives campaigns

[hugeblack]

I saw this tag spread on Twitter so I liked to share it here.
Many of Wasabi's wallet users have reported that computer security algorithms for Avira, Bitdefender, and Kaspersky confuse Bitcoin full nodes with unwanted mining software (that runs in the background and steals processing power) hence Wasabi and Bitcoin core is known as "system infections."
Consequently, this campaign began to encourage members to report anti-virus software to regard BitcoinCore and Wasabi as "false positives."


Read more ----> https://bitcoinmagazine.com/articles/wasabi-wallet-launches-bitcoinissafe-campaign-to-counter-erroneous-antivirus-detections
Report using ---> https://docs.wasabiwallet.io/building-wasabi/FalsePositive.html#email-template

[pooya87]

i don't want to be a wet blanket but this doesn't seem like a useful move to me. people shouldn't rely on their anti viruses in first place. as they have false positives, they also have the opposite (not recognize malicious software). example is all the fake Electrums that have been stealing users money over the past year.

a much better campaign would have been to encourage users to verify not trust. whether their anti virus tells them something they've downloaded is a malware or not they should not trust that thing until they verify it. AV is there as a suggestion, that is why they all have an option to whitelist files.

both bitcoin core and wassabi wallet have PGP signatures that could be verified for those who download the binaries and want to trust the developers + others who have verified the binaries' hashes. and they both support deterministic builds which means anybody can compile the code and verify if the hash of their build matches the hash of what the team released. and being open source means the source has been looked at and the more popular the project the less the chance of having anything malicious inside.

[hugeblack]

both bitcoin core and wassabi wallet have PGP signatures that could be verified for those who download the binaries and want to trust the developers + others who have verified the binaries' hashes.

Your words are true, but the reality is different.
I think it depends on who receives such news.
If you are a beginner, it is difficult for you to choose who you trust and therefore the default trust in antivirus programs as a first step for these beginners, "it is easier to setup and check."
Getting a negative feedback from these applications is a negative indicator for anyone who wants to use Bitcoin.

[Pmalek]

example is all the fake Electrums that have been stealing users money over the past year.

My guess would be that the same Anti Virus vectors that flag the official Electrum software as malicious would also flag the fake versions.
My systems have never flagged Electrum as a malware and I wonder what would happen if I downloaded one of the fake wallets.

It is not really a malicious software when you think about it. it is used to send Bitcoin transactions just like the original Electrum releases. The only malicious part of it is the clipboard hijacker. I don't know if some of the fake Electrum wallets also come with additional malware like password stealers, keyloggers etc.

[o_e_l_e_o]

If you are a beginner, it is difficult for you to choose who you trust and therefore the default trust in antivirus programs

I agree with you, but perhaps we need to educate newbies a little bit about this. People think antivirus programs are completely trustworthy, based on nothing. If you believe your anti-virus or you believe your bitcoin wallet is down to trust. Both are being developed by people you (presumably) don't know personally, and don't know if you can trust. The former is likely closed source; the latter should be open source, and in the case of Bitcoin Core, Electrum, or any of the other major wallets, will have had its code widely reviewed. Even if you don't or can't review the code yourself, I'd be picking the latter.

The only malicious part of it is the clipboard hijacker.

The fake 4.0.0 Electrum wasn't a clipboard hijacker. Instead, as soon as you opened it, it would attempt to sweep your wallet to the attacker's address. Anyone who used Electrum stand-alone (as in, not paired with a hardware wallet) had all their coins lost instantly. They didn't need to copy and paste anything for this to happen.

[mk4]

i don't want to be a wet blanket but this doesn't seem like a useful move to me. people shouldn't rely on their anti viruses in first place. as they have false positives, they also have the opposite (not recognize malicious software). example is all the fake Electrums that have been stealing users money over the past year.

a much better campaign would have been to encourage users to verify not trust. whether their anti virus tells them something they've downloaded is a malware or not they should not trust that thing until they verify it. AV is there as a suggestion, that is why they all have an option to whitelist files.

both bitcoin core and wassabi wallet have PGP signatures that could be verified for those who download the binaries and want to trust the developers + others who have verified the binaries' hashes. and they both support deterministic builds which means anybody can compile the code and verify if the hash of their build matches the hash of what the team released. and being open source means the source has been looked at and the more popular the project the less the chance of having anything malicious inside.

I'm for users verifying what they download and install on their computer, but I can guarantee it's going to be a difficult move to convince everyone, especially the older crowd, and the less tech-savvy crowd. You're probably underestimating how much people don't even know how to navigate computers that much, but instead rely too much on their iPhones. Having an antivirus put's their minds at peace I guess, even though I personally don't use antiviruses either. I'd say giving publicity to these false positives for both of these wallets is a decent temporary solution.

[Wind_FURY]

i don't want to be a wet blanket but this doesn't seem like a useful move to me. people shouldn't rely on their anti viruses in first place. as they have false positives, they also have the opposite (not recognize malicious software). example is all the fake Electrums that have been stealing users money over the past year.

But the movement is not only for experienced users like you. It's for the newbies, which the false-positives might discourage/scare from running harmless open source software "because their anti-virus said so". It's a hindrance.

[pooya87]

i don't want to be a wet blanket but this doesn't seem like a useful move to me. people shouldn't rely on their anti viruses in first place. as they have false positives, they also have the opposite (not recognize malicious software). example is all the fake Electrums that have been stealing users money over the past year.

But the movement is not only for experienced users like you. It's for the newbies, which the false-positives might discourage/scare from running harmless open source software "because their anti-virus said so". It's a hindrance.

i get that and hugeblack already pointed this out too.
all i was saying is that we should be trying to educate "newbies" correctly so instead of saying "lets fix the false positive of AVs and continue trusting them" say "don't trust anything, verify everything". i've already included an example of how trusting an AV could cut both ways.