viability of 99% offline clean computer for storage?

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: bob123 on October 16, 2017, 01:54:16 PM

Quote from: LoyceV on October 13, 2017, 05:18:20 PM

1% online is enough for trojans to patiently wait and send all your money away the moment you go online. Any wallet that has ever touched an online device should be considered a hot wallet.

Its not like trojans on the internet are waiting for hosts to come online to run at them. You need to actively download (and execute) malware.
There are only few exceptions where worms automatically make use of exploits and distributes very fast.

I think you'll find LoyceV was not saying that Trojans wait for hosts to come online and then try to attack them, but was actually talking about a computer that already has the malware/trojan onboard... In this instance, the trojan works quietly in the background gathering data (wallet files/keylogging/screenshots etc)... then when it detects the network is active, sends out all the data to the "Bad People"™

99% offline is not much more secure than 0% offline to be honest... if the computer gets connected to a network, it is possible that "Bad Things"™ can happen, and you should take appropriate precautions. DO NOT be lulled into thinking that your machine is viable for "proper" cold storage if you are regularly connecting it to a network.

aleksej996

sr. member

Activity: 490

Merit: 389

Do not trust the government

Quote from: bob123 on October 16, 2017, 01:54:16 PM

Its not like trojans on the internet are waiting for hosts to come online to run at them. You need to actively download (and execute) malware.
There are only few exceptions where worms automatically make use of exploits and distributes very fast.
To test such wallets you could create a virtual network device which simulates the internet. After capturing packages you could see and control how the wallet tries to communicate with the internet.
Or you just go on github and read the open source code (i personally would not store coins on a closed source (and non tested) application.

Few might be a bit of an understatement, but they are less common forms of malware, if that is what you mean. Few might be a right term to explain perhaps a weekly or daily amount of new worms popping up. Not all are very successful, but they are being actively developed. On top of that, many malware have worm capabilities as well, as there are many expoits publicly available that you might as well integrate in you malware.

Quote from: MisterLG on October 16, 2017, 02:45:15 PM

Often I read posts about LINUX and windows but how is the security risk on a Macbook?

Not as good as Linux of course, due to it's closed source nature and corporate priorities, but not as bad as Windows of course, as nothing is bad as Windows. Windows was simply not built with security in mind and it didn't evolve to compensate due to different priorities in development.

But as far as it goes, I would say that Mac is closer to Linux then Windows when it comes to that. Mostly due to the fact that the kernel is UNIX based, but the new features that were added on top of that might be just as bad as Windows. But you know, the UNIX design of a kernel is more secure then Window's kernel.

MisterLG

sr. member

Activity: 476

Merit: 252

Often I read posts about LINUX and windows but how is the security risk on a Macbook?

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: LoyceV on October 13, 2017, 05:18:20 PM

Quote from: KTS4GR on October 13, 2017, 11:15:50 AM

A PC updated and maybe even using linux and nearly 99% offline for maybe 5 or so alt coin types with lower levels of investment and using only the dev recommended wallets.

1% online is enough for trojans to patiently wait and send all your money away the moment you go online. Any wallet that has ever touched an online device should be considered a hot wallet.

Its not like trojans on the internet are waiting for hosts to come online to run at them. You need to actively download (and execute) malware.
There are only few exceptions where worms automatically make use of exploits and distributes very fast.
To test such wallets you could create a virtual network device which simulates the internet. After capturing packages you could see and control how the wallet tries to communicate with the internet.
Or you just go on github and read the open source code (i personally would not store coins on a closed source (and non tested) application.

KTS4GR

jr. member

Activity: 36

Merit: 5

thanks guys, looks like I might do the dedicated linux pc wallet route. as someone else said use a hardware wallet for mainstream coins and i do. this setup would just be if my alts ever got to the point of being enough value i'd hate to lose it but it wouldn't affect me per say. like the comment above i don't think it's worth the effort for 100% offline hassle for that. if somehow an alt pulled 100x move I'd reevaluate for sure.

i think the compromise for a little convenience while still being much better than main rig wallets or especially exchanges fits this scenario well enough assuming smart implementation on the user end. not to mention I have the pc ready and collecting dust, another big component.

philipma1957

legendary

Activity: 4256

Merit: 8551

'The right to privacy matters'

mac mini by apple is decent choice far better for malware.

and really really really easy to clone the drive for a backup off site.

but all wallets have issues it is hard to hold coins safely.

multiple wallets with partial amounts is more what I do.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: KTS4GR on October 13, 2017, 11:15:50 AM

A PC updated and maybe even using linux and nearly 99% offline for maybe 5 or so alt coin types with lower levels of investment and using only the dev recommended wallets.

1% online is enough for trojans to patiently wait and send all your money away the moment you go online. Any wallet that has ever touched an online device should be considered a hot wallet.

That being said, I keep my altcoins in a Virtual Machine on Linux. My altcoins aren't worth enough to go through the hassle of offline security.
From your description, it sounds like you want to use your PC the way I use USB disks: online 1% of the time only. If that's the case, why not use a different USB-disk/stick for each wallet? At least they can be separated and used only one at a time.
Needless to say: always ensure you have sufficient backups.

Welsh

staff

Activity: 3304

Merit: 4115

Quote

Using linux is always a good Idea. About 96%+ of Malware is written for Windows.

Although, Windows greatly out numbers Linux for malware the numbers will be a little more skewed for programs related to Bitcoin.

We know that the general advise for someone with a cold wallet is to use a offline wallet using a Linux distribution which would mean that this could be targeted a lot more than we usually see in general.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: KTS4GR on October 13, 2017, 11:15:50 AM

I've read both your comments, thank you, the second one was a little above my head and interest for more speculative alts right now, that is a fully air gapped setup. Hence the reason I was curious about my initial question. A PC updated and maybe even using linux and nearly 99% offline for maybe 5 or so alt coin types with lower levels of investment and using only the dev recommended wallets. Only to be network connected to transact to and from an exchange and off again? Just wondering if that's a "decent" amount of security assuming I don't mess it up with poor installs.

Using linux is always a good Idea. About 96%+ of Malware is written for Windows.
If you are using linux, do keep your pc offline almost all the time (you also should not plug in any "non-trustworthy" usb-devices anymore), keep it up to date (best approach would be to download linux update on another online-machine, then copy it via local network onto your wallet-pc, verify it there, then install it), you should be quite fine with your setup.
Assumed the wallets you use do not contain any backdoors.
I'd recommend a Hardware wallet (e.g. trezor/ledger) for your Bitcoins and (most common) Altcoins. Its more secured and easier to handle.

Quote from: aleksej996 on October 13, 2017, 02:17:01 PM

I can't advise you on keeping the system offline for most of the time, since that means that you won't be having security updates and patches. That works when you have it offline 100% of the time, but if you just pop it online for a short while, it might not even get a chance to catch up before it gets infected with malware.

Well, its possible to download updates on another machine, copy, verify and install them.
And most linux distributions are not contacting 100 web services and creating 600 http requests before the OS is ready to start internet explorer Roll Eyes

aleksej996

sr. member

Activity: 490

Merit: 389

Do not trust the government

Quote from: KTS4GR on October 13, 2017, 11:15:50 AM

I've read both your comments, thank you, the second one was a little above my head and interest for more speculative alts right now, that is a fully air gapped setup. Hence the reason I was curious about my initial question. A PC updated and maybe even using linux and nearly 99% offline for maybe 5 or so alt coin types with lower levels of investment and using only the dev recommended wallets. Only to be network connected to transact to and from an exchange and off again? Just wondering if that's a "decent" amount of security assuming I don't mess it up with poor installs.

I can't advise you on keeping the system offline for most of the time, since that means that you won't be having security updates and patches. That works when you have it offline 100% of the time, but if you just pop it online for a short while, it might not even get a chance to catch up before it gets infected with malware. Keeping PC disconnected for most of the time is a two-edged sword, can't tell you with certainty what is safer, but Linux that is often updated should be very secure.

KTS4GR

jr. member

Activity: 36

Merit: 5

I've read both your comments, thank you, the second one was a little above my head and interest for more speculative alts right now, that is a fully air gapped setup. Hence the reason I was curious about my initial question. A PC updated and maybe even using linux and nearly 99% offline for maybe 5 or so alt coin types with lower levels of investment and using only the dev recommended wallets. Only to be network connected to transact to and from an exchange and off again? Just wondering if that's a "decent" amount of security assuming I don't mess it up with poor installs.

bob123

legendary

Activity: 1624

Merit: 2481

You could use your old PC as Wallet for any coins. Its important to keep it up-to-date.
If you are going to store a lot of alt coins, you should verify each wallet to be sure there is no backdoor/trojan.
I would recommend to build it air gapped (no internet connection at all - not even for transactions).

In case of performing a transaction you would have to do the following:

boot Wallet-PC
sign Transaction
copy/print raw transaction
shut down Wallet-PC
paste TX onto your main PC
push TX to Network (either directly from your node (if you are running a full node) or via online service (e.g. https://blockchain.info/pushtx)

If your wallet-pc is clean and has no internet connection i can't imagine an attacking scenario which would lead to a loss of your BTC's. (Of course dont let shady people boot your wallet-pc Cheesy

)

aleksej996

sr. member

Activity: 490

Merit: 389

Do not trust the government

The thing is that downloading other altcoin wallets could get you malware. If you must have an online (hot) wallet for BTC, then try keeping that PC as secure as possible (the best bet here is to run Linux and only open source software on it, including Bitcoin Core or if you really can't download the whole blockchain then Electrum). You can use that old PC for experimenting with different altcoin wallets, but be careful what you download, there are plenty of high tech malwere out there disguising as a cryptocurrency wallet.

Keep in mind that no matter how fresh/clean your OS installation is and how many antivirus software you run and how rarely you go offline, it will never compete with running Linux and there are no real drawbacks when using it.

KTS4GR

jr. member

Activity: 36

Merit: 5

I've been dabbling a little in btc and eth for a while now and have a trezor for that. Past that my knowledge is fairly limited. But I was thinking of considering some alts. My question is what is the viability or risk reduction rate estimation of using a separate clean/fresh computer to use as a storage wallet for a handful of various types of coins? I'd only ever connect it to the net to do transactions which would be very rare, like months in between if not more.

I have a very viable (not likely to die) unused PC that would be great for it and it serves no other purpose right now and hardware wallets with various alt coins seems not very viable and tedious.

I don't know exactly how it would work but in my head this seems to bridge a few gaps of hardware wallet alt issues, the bulk of offline security and ease of use. I understand nothing is perfect though. I'm the only person who would touch it and there's no public access. Simply keep everything updated and smartly engage transactions and that's it online.

I looked around and found little info about this specifically. Thanks for any helpful responses.

Topic: viability of 99% offline clean computer for storage? (Read 683 times)