Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

please can somebody explain this to me #1472

Closed
trickyriky opened this Issue Jan 4, 2017 · 11 comments

Comments

Projects
None yet
5 participants

there are zero windows installers for bitcoin core or classic, that do not come with virus or trojans, how can you expect us to install your software when we know it has security flaws? especially coinstealer

AegisLab Troj.Msil.Gen!c 20170104
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9939 20170104
Kaspersky Trojan.MSIL.CoinStealer.po 20170104

Contributor

MarcoFalke commented Jan 4, 2017

@trickyriky Just to be sure, this is the signed setup.exe from e.g. https://bitcoin.org/bin/bitcoin-core-0.13.2/?

sure is MarcoFalke, downloaded today and ran through virustotal, it was a very disappointing surprise, 64bit has 3 issues, 32 bit has 1 issue :(

same result i got, id love to know what the devs think they are playing at, this is bang out of order :/

Contributor

MarcoFalke commented Jan 4, 2017

@trickyriky This is a known issue with "anti virus" software. Basically the anti virus software is designed to detect malware even though the malware might change/evolve from day to day. Therefore, av software comes with heuristic detection, behavioral detection, etc and only gets shipped with sample fingerprints of malware.
One of those fingerprints might look like "Reads the file bitcoin/wallet.dat". This fingerprint covers a whole bunch of coin stealer applications but unfortunately every version of Bitcoin Core as well.

Contributor

harding commented Jan 4, 2017

@trickyriky it's very likely to be a false positive, although you should of course not install the software until you believe it to be safe.

In the past, some volunteers have filled out the annoying forms on various anti-virus sites to ask them to manually re-evaluate the software, and when they have they've discovered that Bitcoin Core was detected as a virus in error and then changed their evaluation to clean.

Contributor

MarcoFalke commented Jan 4, 2017

I think av vendors solve this by whitelisting authentic software from time to time. So there is probably nothing we can do other than asking the vendor to apply Bitcoin Core to their whitelist.

Contributor

achow101 commented Jan 4, 2017

That's called a false positive. Many AV's flag Bitcoin Core and related software as a trojan because it looks for a wallet.dat file. This is what it is supposed to do as it is the creator of the wallet.dat file and uses it.

thanks for the input guys, im slightly worried by the virustotal results, so i think im going to hold off installing at least until coinstealer is no longer pinging in the results, thats a terrifying trojan name to a crypto player :/

Contributor

MarcoFalke commented Jan 4, 2017

Of course it is always recommended to verify the hashes of the binaries of each release. Do not trust av vendor's opinion if a Bitcoin Core release was backdoored or not.

@wbnns wbnns self-assigned this Jan 13, 2017

@wbnns wbnns closed this Jan 21, 2017

so no good explanation from the devs, they just close it, sayonara bitcoin price :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment