Pages:
Author

Topic: Bitcoin 0.5.1 wowwzzers (Read 2467 times)

hero member
Activity: 770
Merit: 502
January 18, 2012, 02:28:59 AM
#22
There were no wallets stolen or anything bad. The jokers used a flaw in an old version of the bulletin board software to put a javascript on the site that displayed a bunch of cosby animations and graphics, nothing else.

I read a few threads, people stated had their wallet was stolen when this event happened. I could be wrong.
legendary
Activity: 1512
Merit: 1036
January 18, 2012, 02:03:56 AM
#21
So even with the latest hit on bitcointalk.org wallet stealing incident "bill cosby", my defense+ would have not stopped my wallet getting taken?

Win7 64bit.

There were no wallets stolen or anything bad. The jokers used a flaw in an old version of the bulletin board software to put a javascript on the site that displayed a bunch of cosby animations and graphics, nothing else.
full member
Activity: 210
Merit: 100
January 17, 2012, 09:10:16 PM
#20
I have no information on that particular piece of malware, hence can't give you an authoritative answer, sorry.

My critique isn't Defense-specific, it's the relative ease with which this class of countermeasures fall against well written code, leaving the user with a false sense of security when push comes to shove.

Still, a non-technical user must have something to rely on and some security is better than none. A generic piece of code just doing a quick API call for the wallet.dat WILL be stopped.
Better to have those barbed-wire obstacles than leaving your front door wide open.
Another analogy I'd use is, having a piece of security software running is like wearing a kevlar vest: it will stop a common handgun bullet, just don't expect it to stop a rifle round all by itself.


Ah, Windows 7.
If you tell me you haven't turned UAC off, do read the UAC messages when they pop up, have a legit copy of the OS and diligently apply the updates when they crop up, I'll say those are some solid foundations for a secure machine.

You did encrypt your wallet using the bitcoin client's Settings -> Encrypt Wallet command, right? That's an easy trick which raises the bar significantly against an attacker.
Just select a decent passphrase and don't ever forget it.
hero member
Activity: 770
Merit: 502
January 17, 2012, 08:33:23 PM
#19
So even with the latest hit on bitcointalk.org wallet stealing incident "bill cosby", my defense+ would have not stopped my wallet getting taken?

Win7 64bit.
full member
Activity: 210
Merit: 100
January 17, 2012, 07:13:24 PM
#18
"If anything wanted to access your wallet?" You are wrong on sooo many levels dude. Let me try to point a few out:

(1) If malware is already active in your system it can shoot Defense+ in the head and still do its dirty work.
     You are aware that with enough privileges (and any malware will gain the privileges it needs, rest assured) it can suspend/terminate other programs, right?
     You do know that any malware author can trivially purchase ready-made modules for detecting and subverting virtually any security program, don't you?
(2) Defense+ will protest you at API-call level of access (the malware asks Windows to open your wallet for reading) or at best at filesystem level.
     Any sophisticated malware author will scrub the file by reading the hard drive on a sector-by-sector basis. The file is never accessed.
     The malware just reads the hard drive's sector 512998random. How does it know which sectors to read? Naturally, by parsing the MFT of the filesystem.
(3) If you elect to keep your machine malware-clean (really amounts to "don't do stupid things with your machine") you don't need the ineffective (see point 2) "fascist" approach.
(4) If you really want to be safe (even against an attacker with physical access to the machine) your best bet is going with cryptography, not with barbed-wire obstacles (what Defense+'s approach amounts to).

Summing it all up, you seem to be going through an awful lot of hoops to protect yourself against poorly written malware. Not the most prudent of approaches, and by a long shot.
Still, some protection is better than none if you feel that's what you need.
May I ask you which version of Windows you are running BTW?
hero member
Activity: 770
Merit: 502
January 17, 2012, 06:14:52 PM
#17
Screenshots of 0.5.2:

Thanks for the ss & info about the 0.5.2 , I've now been using 0.5.2rc1.

The sad truth is, that a significant portion of the "security software" for Windows is little more than nicely chromed and lacquered garbage constantly getting in the way, pretending to be useful.

Why do AV programs have to display flashy pop-ups saying "this file here is ok" or "hard as it might be to believe, I actually managed to update my virus database without BSODing" ??!

Comodo... I never held their software in high regard but they just seem to have jumped the shark.
"Danger! Danger! This app here wants to draw itself a window so it can actually be interacted with. Set condition 2! Set condition 2!"


I use the Defense+ for the sake if anything wanted to access my wallet, I would be notified immediately, w/e tries to access the wallet, gets locked down til I authorize allow or deny. imo, well worth using.
full member
Activity: 210
Merit: 100
January 16, 2012, 05:39:36 PM
#16
Beware deepceleron's razor: when you make something so simple even idiots can use it, only idiots will use it.

You made my day Deepceleron  Grin
I'd be more than happy to send a fistful of bitcents your way.

The sad truth is, that a significant portion of the "security software" for Windows is little more than nicely chromed and lacquered garbage constantly getting in the way, pretending to be useful.

Why do AV programs have to display flashy pop-ups saying "this file here is ok" or "hard as it might be to believe, I actually managed to update my virus database without BSODing" ??!

Comodo... I never held their software in high regard but they just seem to have jumped the shark.
"Danger! Danger! This app here wants to draw itself a window so it can actually be interacted with. Set condition 2! Set condition 2!"

legendary
Activity: 1512
Merit: 1036
January 16, 2012, 03:04:01 PM
#15
More screenshots:

4. Receive Coins screen:


5. Transactions screen. The tooltip is from hovering over the last entry:


6. Address Book screen. You can't send from here, but you can create a new address and label existing addresses:


legendary
Activity: 1512
Merit: 1036
January 16, 2012, 03:03:36 PM
#14
Screenshots of 0.5.2:

1. Overview screen - first view when starting Bitcoin (tooltip is from hovering over the last "recent transaction"):


2. Send Coins screen. Next to the address field, the first icon is Choose address from address book. The next icon is Paste address from clipboard. The last icon is Remove this recipient (enabled if you have added several Pay To recipient entries):


3. What we see after clicking the Choose address from address book icon:





legendary
Activity: 1512
Merit: 1036
January 16, 2012, 02:31:32 PM
#13
Also one other thing I've noticed, I don't know about you or others, Comodo Defense+ said that bitcoin-qt needed to access something of the system component which gives bitcoin-qt.exe access to take screenshots of your desktop.
"Accessing the screen directly allows an application to draw custom bitmaps"; there's your answer. In order to avoid this security warning, likely all graphics and button icons would have to be removed from the program, or a windows-only client using only the windows API to create the GUI would be needed.

I just installed 0.5.2beta for my first look at 0.5.x-qt, (been letting others test the bleeding edge...), and didn't realize before how much the interface was changed, and I am impressed with the layout of information. It is basically how I would have designed it.

Some things are annoying, like hiding the block count, confirmations, and connections behind icons. Fees could be shown in the transaction window, and the block number in the transaction details. Address book is sparse; it doesn't clearly state that these are others' addresses you have previously used to send people money, doesn't let you do anything like send coins to an address you choose, and could be integrated into "send coins" better - The "address book" menu bar icon changes the whole interface to that "tab", but finding and pressing the unlabeled "address book" icon in "send coins" brings up a different but identical address book window. The "Export" icon is not consistent with UI user expectation; it functions to export data from the other icon you have selected, it is not it's own "tab".

Beware deepceleron's razor: when you make something so simple even idiots can use it, only idiots will use it.
hero member
Activity: 770
Merit: 502
January 16, 2012, 12:12:02 PM
#12
Old client was better in everything, interface and icon.

Here i have to hover my mouse to check how many blocks and connection i do have and the addresses are well hidden...

Yes, those are two I can name that I dislike as well. The hovering and the connection of how many ip's I am connecting to. I've never added additional addresses, all I know is that there are or use to be 8 of em, they usually connect fine. I like the concept of sorting out the btc address's last used 5 days or w/e. It would be nice as an option to opt out of the block count check mark to show how many blocks there are downloaded. The wireless like connection icon as well too. Yea, it can use some work on it though. Give options/options/options to the end user.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
January 16, 2012, 06:30:37 AM
#11
Old client was better in everything, interface and icon.

Here i have to hover my mouse to check how many blocks and connection i do have and the addresses are well hidden...
hero member
Activity: 770
Merit: 502
January 14, 2012, 02:30:38 PM
#10
As I already said, no one is interested in maintaining two pieces of code. The developers have much more important issues on their hands.
Version 4 client can't even filter the transactions according to user-specified criteria. It's gone past its prime and has been shot and buried.

You read my #8 post wrong. You've already cleared it up for me in post #3 and I said thanks.
full member
Activity: 210
Merit: 100
January 14, 2012, 01:33:43 PM
#9
As I already said, no one is interested in maintaining two pieces of code. The developers have much more important issues on their hands.
Version 4 client can't even filter the transactions according to user-specified criteria. It's gone past its prime and has been shot and buried.
hero member
Activity: 770
Merit: 502
January 14, 2012, 01:16:44 PM
#8
But any how, what happened to the original bitcoin.exe and the original bitcoin icon?
Superseded with bitcoin-qt. The less code there is to maintain, the better. Why keep the old, clunky interface?

No reason to keep the old interface, I was just was curious as to why. Thanks.
hero member
Activity: 770
Merit: 502
January 14, 2012, 01:14:03 PM
#7
I've been out of the bitcoin game for a few months for personal reasons and just got back into it. I'll be back up mining soon, hopefully within 2 more months. Sucks.

I suppose the 5.1 installer should in a clear and comprehensible way recommend uninstalling version 4 client first.

For sure, glad I have little more knowledge than the average monkey about bitcoin client, otherwise I would have been stuck.
full member
Activity: 210
Merit: 100
January 14, 2012, 11:53:26 AM
#6
No problem Jordan.

I fully expect this matter to keep popping up as simply installing 5.1 over 4 keeps the old bitcoin.exe intact.
All shortcuts will still point at the old executable.
I suppose the 5.1 installer should in a clear and comprehensible way recommend uninstalling version 4 client first.
full member
Activity: 203
Merit: 100
January 14, 2012, 11:38:59 AM
#5
Quote
Such behavior ill-advised, especially for someone having posted just 12 times before.
Sorry. I guess it is. It just seemed to me that asking a question that has been discussed extensively and not even bothering to do a single search about it beforehand called for some minor trolling. After all, this is the bitcoin forum.
Sorry if you got offended. Cheers.
sr. member
Activity: 352
Merit: 250
Firstbits: 1m8xa
January 14, 2012, 11:31:05 AM
#4
To be fair, I liked the old Bitcoin icon more.
full member
Activity: 210
Merit: 100
January 14, 2012, 11:11:03 AM
#3
But any how, what happened to the original bitcoin.exe and the original bitcoin icon?
Superseded with bitcoin-qt. The less code there is to maintain, the better. Why keep the old, clunky interface?


Donny, you are out of your element.
Such behavior ill-advised, especially for someone having posted just 12 times before.
Pages:
Jump to: