Bitcoin Forum
November 10, 2024, 12:31:06 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Should I be installing system updates on my hot wallet Ubuntu computer?  (Read 1111 times)
Simcom (OP)
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


View Profile
July 19, 2014, 02:40:39 AM
 #1

What do you guys think is the best for security, installing updates or not updating.  I'm talking about system updates, not armory updates.  I am running Ubuntu 14.04.
Simcom (OP)
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


View Profile
July 19, 2014, 04:21:34 AM
 #2

I think using a hot wallet is insecure (unless we are talking about pocket change here).

Might as well keep the OS up to date.

Sorry I was talking about my watch-only wallet, the cold wallet is on a perma offline computer.  So you think keeping the OS up to date is better then? I was worried maybe I could pick up some sort of vulnerability by updating lots of things.
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
July 21, 2014, 05:28:58 AM
 #3

Sorry I was talking about my watch-only wallet, the cold wallet is on a perma offline computer.

Ahh, I see. Very good.

So you think keeping the OS up to date is better then? I was worried maybe I could pick up some sort of vulnerability by updating lots of things.

I would (and do) keep my OS updated. Some of the updates fix vulnerabilities.

We've tried to make it so that if the online computer is totally under the control of an attacker, there's still minimal risk to the offline computer.  You obviously want the online computer to be free of malware, and so you should take preventative measures, but it's still the offline computer that matters.  And the attack surface is pretty slim.

People have asked if the offline computer should be updated with OS updates, etc.  My attitude on this is:  if you are going to keep the offline computer updated, you are introducing far more risk than you are reducing:  you will be regularly transferring data from your potentially-compromised online system, and executing it with root privileges on your offline computer (to install the updates).  This seems to introduce a recurring (weekly?) channel for remote, root execution by the online computer to the offline computer.  Even without a fancy USB virus, this could be exploited with someone pushing a coin-stealing chunk of code into a system library/service update silently.  It doesn't have to persist for long to compromise a lot of people who are diligent about updating their offline computer.  

Personally, I'd feel safer using a version of Linux/Ubuntu that has been around for a while (perhaps before Bitcoin was worth $billions), and has a well-known verifiable CD/DVD hash.  I believe the attack vector of such an OS--even if there are known vulnerabilities--is far smaller than having users regularly execute code transferred from their online computer with root privileges.

Also, updates can also introduce vulnerabilities.  It might be the case that vulnerabilities are reduced on average, but if you are updating software with all sorts of new features, you might actually be adding more vulnerabilities than you are fixing.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!