New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
please can somebody explain this to me #1472
Comments
@trickyriky Just to be sure, this is the signed setup.exe from e.g. https://bitcoin.org/bin/bitcoin-core-0.13.2/? |
sure is MarcoFalke, downloaded today and ran through virustotal, it was a very disappointing surprise, 64bit has 3 issues, 32 bit has 1 issue :( |
Here's the link to VirusTotal's analysis of https://bitcoin.org/bin/bitcoin-core-0.13.2/bitcoin-0.13.2-win64-setup.exe : |
same result i got, id love to know what the devs think they are playing at, this is bang out of order :/ |
@trickyriky This is a known issue with "anti virus" software. Basically the anti virus software is designed to detect malware even though the malware might change/evolve from day to day. Therefore, av software comes with heuristic detection, behavioral detection, etc and only gets shipped with sample fingerprints of malware. |
@trickyriky it's very likely to be a false positive, although you should of course not install the software until you believe it to be safe. In the past, some volunteers have filled out the annoying forms on various anti-virus sites to ask them to manually re-evaluate the software, and when they have they've discovered that Bitcoin Core was detected as a virus in error and then changed their evaluation to clean. |
I think av vendors solve this by whitelisting authentic software from time to time. So there is probably nothing we can do other than asking the vendor to apply Bitcoin Core to their whitelist. |
That's called a false positive. Many AV's flag Bitcoin Core and related software as a trojan because it looks for a wallet.dat file. This is what it is supposed to do as it is the creator of the wallet.dat file and uses it. |
thanks for the input guys, im slightly worried by the virustotal results, so i think im going to hold off installing at least until coinstealer is no longer pinging in the results, thats a terrifying trojan name to a crypto player :/ |
Of course it is always recommended to verify the hashes of the binaries of each release. Do not trust av vendor's opinion if a Bitcoin Core release was backdoored or not. |
so no good explanation from the devs, they just close it, sayonara bitcoin price :( |
@trickyriky You already got an excellent and concise answer from @MarcoFalke and @harding Note that Kaspersky and a couple of others have updated their detection to "not-a-virus" I often use Virustotal for sample analysis. The only correct course of action is to verify that result and flag it as a false positive and, contacting the offending AV vendors directly if necessary. Note that some the results are not-a-virus/riskware/PUP which are each a category that are not-a-virus. The detection for Trojan is a false positive. It would be better to handle this as a part of the release schedule. |
Please note these CLEAN results for the official download URL of the current release: https://www.virustotal.com/#/url/55cbacac023a4a89e4c66f6645013184fe83e5613434f58639818195c720bd5a/detection |
there are zero windows installers for bitcoin core or classic, that do not come with virus or trojans, how can you expect us to install your software when we know it has security flaws? especially coinstealer
AegisLab Troj.Msil.Gen!c 20170104
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9939 20170104
Kaspersky Trojan.MSIL.CoinStealer.po 20170104
The text was updated successfully, but these errors were encountered: