Author

Topic: [SECURITY] Feature request for Windows clients (Read 1077 times)

legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
The problem, of course, is in the implementation. It's actually quite difficult to determine - for real - if updates are available for a Windows box. Many viruses and trojans pull tricks to prevent the Windows update service from working properly, so one might determine that there are no updates when there really are. Of course some of them are none too subtle about it, so a lot of these situations would be detectable.
I think the goal is more to warn a person that their box is vulnerable, not that it's compromised already.

Quote
I'm not sure it's such a good idea to weigh down the official Bitcoin client with what would essentially be a large chunk of anti-malware code.
I wonder if somebody already has a library to do exactly this. If it was already build and maintained, that might make the decision easier. Trying to have the client maintainers also maintain a list of vulnerabilities to probe seems to be a bit crazy.
hero member
Activity: 588
Merit: 500
Nah, that would be "SuperBitcoinAntiMalware2013". Grin
full member
Activity: 141
Merit: 101
Security Enthusiast
Quote
It's actually quite difficult to determine - for real - if updates are available for a Windows box. Many viruses and trojans pull tricks to prevent the Windows update service from working properly, so one might determine that there are no updates when there really are.

We can at least try to ask Windows Security Centre whether or not they have anti-virus, updates, etc.  Even if it doesn't provide the correct answer (i.e. it lies because they already have a virus) wouldn't that be better than nothing?

I think we can query Windows Security Centre for Updates, Firewall, and Anti-virus, although I could be wrong as I know very little on the subject.

Quote
I'm not sure it's such a good idea to weigh down the official Bitcoin client with what would essentially be a large chunk of anti-malware code.

Would make a good fork though.  Alt-client: "Secure bitcoin"
hero member
Activity: 588
Merit: 500
It's a nice idea.

The problem, of course, is in the implementation. It's actually quite difficult to determine - for real - if updates are available for a Windows box. Many viruses and trojans pull tricks to prevent the Windows update service from working properly, so one might determine that there are no updates when there really are. Of course some of them are none too subtle about it, so a lot of these situations would be detectable.

I'm not sure it's such a good idea to weigh down the official Bitcoin client with what would essentially be a large chunk of anti-malware code.
newbie
Activity: 56
Merit: 0
Hi,

A few assumptions I'd like to make:
1. most developers do not use windows, by default.
2. in the future, most new user will be using windows.
3. a large number of those users will have vulnerable machines (OS not patched with latest fixes).

Given this I'd like to propose a new feature that should be relatively easy to develop yet provide massive bang for buck in user security and positive Bitcoin press. However I'm no Win OS developer so for all I know it's impossible. Maybe via the WUApi.dll?

Whenever bitcoin is run on a windows machine that is not up to date the client shows a prominent warning icon that their wallet security is as stake.
This can link to a simple guide explaining how to turn on windows update.

If I had a lot of BTC, which I sadly don't, I would bounty this.
Jump to: