casascius (OP)
Mike Caldwell
VIP
Legendary
 Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
 |
April 29, 2011, 12:29:22 AM
Last edit: April 29, 2011, 05:28:23 PM by casascius |
|
I just upgraded to Bitcoin.exe 0.3.21 which I downloaded directly from SourceForge.
F-Secure popped up and told me this program is "harmful" (red color and bold is how popup was displayed), asked me if I really wanted to run the program, also offered to send a sample of the program for analysis.
It did not suggest the program was a "virus" or any similar notation. Nothing shows in the "Virus and spyware history" screen of F-Secure's UI.
I allowed the program to run. The MD5 hash of my Bitcoin.exe is ff24783f67e7827546b8c5d8a1961398
It occurred to me that someone may be mining with a botnet, and in the process of doing so, sending the entire Bitcoin client to victims (though not sure why doing this would be desirable to the botnet operator, unless perhaps it's going out with a pre-seeded wallet file with keys known to the bot herder). But if this is the case, it would make sense why it might be getting flagged by antivirus if it is appearing as unwanted "crap" on people's computers.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
|
|
|
|
|
|
The block chain is the main innovation of Bitcoin. It is the
first distributed timestamping system.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5180
Merit: 12884
|
|
April 29, 2011, 12:44:04 AM |
|
It's probably just a false positive. The bitcoin.exe I downloaded had the same MD5, so it probably wasn't intercepted at your end, at least.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
April 29, 2011, 12:52:21 AM |
|
I agree, false positive. But the concern would be the possibility that Bitcoin.exe is being spread via botnets to people who don't want it (ostensibly for the purpose of stealing some CPU mining time). That'll make it "false positive" on virtually every antivirus platform out there after not too long, if it becomes known as something that "appears" on infected computers.
Maybe we should have a separate build of "Bitcoin, Botnet Edition" with the UI removed so those who want to go infect computers with it won't get the normal client tagged on AV vendors' lists of unwanted software. (tongue in cheek suggestion)
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1128
|
|
April 29, 2011, 09:31:58 AM |
|
The problems with AV false positives are probably due to a mix of: - Not signing the binaries. This is now standard practice in the Windows world.
- So every binary has a new, unknown reputation (just like viruses).
- The fact that it contains code to connect to IRC is a big red flag. Many bots have worked that way in the past and legitimate programs rarely if ever do it.
The solution is for Gavin to sign the binaries with a key he controls, so that cert can establish a good reputation. Then these alerts will start going away. Moving away from IRC based peer discovery would help too - it's not a very scalable mechanism anyway. Fortunately Jeff has done some good work on DNS based discovery, it's just not quite ready to replace IRC yet. |
|
|
|
|
HostFat
Staff
Legendary
Offline
Activity: 4214
Merit: 1203
I support freedom of choice
|
|
April 29, 2011, 09:40:05 AM |
|
Fortunately Jeff has done some good work on DNS based discovery, it's just not quite ready to replace IRC yet.
Can you give me a link to some documentations? How does this way to find peers works? |
|
|
|
LZ
Legendary
Offline
Activity: 1722
Merit: 1072
P2P Cryptocurrency
|
|
April 29, 2011, 09:57:54 AM |
|
Does not it just connect to bitseed.xf2.org and bitseed.bitcoin.org.uk?
|
My OpenPGP fingerprint: 5099EB8C0F2E68C63B4ECBB9A9D0993E04143362
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1128
|
|
April 29, 2011, 12:03:47 PM |
|
Yes, but I want to integrate it as the default mechanism in BitCoinJ. I think at our current rate of progress by the end of the summer there'll be at least one and maybe two Android clients, and my plan is that they'll be using DNS rather than IRC. So don't give up on it :-)
|
|
|
|
|
|
just_someguy
|
|
April 29, 2011, 02:24:21 PM |
|
Vladimir,
I'm the guy who submitted the recent peer discovery stuff to bitcoinj and I plan on doing some work on dns discovery this weekend. ([mike] pointed me in the right direction.) It will most likely end up in bitcoinj pretty soon.
|
|
|
|
|
|
Matt Corallo
|
|
April 29, 2011, 04:59:50 PM |
|
For reference, virus total output: Complete scanning result of "bitcoin.exe", processed in VirusTotal at 04/29/2011 18:58:40 (CET).
[ file data ]
* name..: bitcoin.exe
* size..: 7490048
* md5...: ff24783f67e7827546b8c5d8a1961398
* sha1..: bb7d7410ce62c10609b648fd6841b1a535da8866
* peid..: -
[ scan result ]
AhnLab-V3 2011.04.29.01/20110429 found nothing
AntiVir 7.11.7.87/20110429 found nothing
Antiy-AVL 2.0.3.7/20110429 found nothing
Avast 4.8.1351.0/20110429 found nothing
Avast5 5.0.677.0/20110429 found nothing
AVG 10.0.0.1190/20110429 found nothing
BitDefender 7.2/20110429 found nothing
CAT-QuickHeal 11.00/20110429 found nothing
ClamAV 0.97.0.0/20110429 found nothing
Commtouch 5.3.2.6/20110429 found nothing
Comodo 8520/20110429 found nothing
DrWeb 5.0.2.03300/20110429 found nothing
Emsisoft 5.1.0.5/20110429 found nothing
eSafe 7.0.17.0/20110428 found nothing
eTrust-Vet 36.1.8298/20110429 found nothing
F-Prot 4.6.2.117/20110429 found nothing
F-Secure 9.0.16440.0/20110429 found nothing
Fortinet 4.2.257.0/20110429 found nothing
GData 22/20110429 found nothing
Ikarus T3.1.1.103.0/20110429 found nothing
Jiangmin 13.0.900/20110429 found nothing
K7AntiVirus 9.98.4519/20110429 found nothing
Kaspersky 9.0.0.837/20110429 found nothing
McAfee 5.400.0.1158/20110429 found nothing
McAfee-GW-Edition 2010.1D/20110429 found nothing
Microsoft 1.6802/20110429 found nothing
NOD32 6081/20110429 found nothing
Norman 6.07.07/20110429 found nothing
Panda 10.0.3.5/20110429 found nothing
PCTools 7.0.3.5/20110429 found nothing
Prevx 3.0/20110429 found nothing
Rising 23.55.04.03/20110429 found nothing
Sophos 4.64.0/20110429 found nothing
SUPERAntiSpyware 4.40.0.1006/20110429 found nothing
Symantec 20101.3.2.89/20110429 found nothing
TheHacker 6.7.0.1.184/20110429 found nothing
TrendMicro 9.200.0.1012/20110429 found nothing
TrendMicro-HouseCall 9.200.0.1012/20110429 found nothing
VBA32 3.12.16.0/20110429 found nothing
VIPRE 9154/20110429 found nothing
ViRobot 2011.4.29.4437/20110429 found nothing
VirusBuster 13.6.327.1/20110429 found nothing
[ notes ]
F-Secure DeepGuard: Suspicious:W32/Malware!Gemini http://www.f-secure.com/v-descs/suspicious_w32_malware!gemini.shtml
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
|
|
|
|
|
just_someguy
|
|
April 29, 2011, 07:08:52 PM |
|
Are there dns servers for testnet or just the production network?
|
|
|
|
|
|
