New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Educate Windows users to configure anti-virus software to exclude the Zcash data folder #2046
Comments
Does this apply to the wallet.dat file as well as leveldb? |
What if data is included in a transaction that only becomes a virus signature after it's XORed? |
@Voluntary-zcash That can happen, but if the key is a random secret then it can't be made to happen deliberately, and it won't happen for all users (on platforms that need AV) at once. |
Note that Zcash may be more vulnerable than Bitcoin to malicious contamination of db files with virus signatures, because an attacker can put 1202 contiguous bytes of arbitrary data in the |
There's a backport of Bitcoin's chainstate file obfuscation to 0.11.x at bitcoin/bitcoin#6919 |
Hey, @radix42 since we don't yet support Windows, we don't have a good place for this documentation. Does the windows port have windows-specific user docs? |
@radix42 I filed https://github.com/radix42/zcash/issues/5 over in your Windows fork. Let me know how you want to handle that. |
I'll add a section about that in the Windows user manual I'm writing that
I'll have done before I release. I'll put in screenshots, etc. As I also
commented in that ticket in my repo that you filed, feel free to open
issues in my repo for any Windows, Mac or arm64 specific stuff.
Thanks!
…On Mon, Jan 30, 2017 at 4:23 PM, Nathan Wilcox ***@***.***> wrote:
@radix42 <https://github.com/radix42> I filed radix42#5
<https://github.com/radix42/zcash/issues/5> over in your Windows fork.
Let me know how you want to handle that.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2046 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AF9e0O_xwqHbYFTFbO-3P1uyYnhALePpks5rXnEBgaJpZM4Lt5Id>
.
|
Zcash does not obfuscate database files. This means that someone can include the signature for a virus into a transaction, triggering anti-virus tools to quarantine the file.
Quarantining typically involves moving the file to a new location, which can lead to undefined behaviour and crashes. bitcoin/bitcoin#4069
Obfuscation so that AV software cannot see the signatures was added upstream in 2016, by xoring data stored in leveldb: bitcoin/bitcoin#6613
Note that such a change means that the leveldb database cannot be deciphered using standard tools. Also, it's not impossible that the obfuscation itself leads to data looking like a virus signature, although this is highly unlikely.
A solution for now is to advise users running ports of Zcashd on Windows to configure their anti-virus software to exclude the Zcash folder from being checked. This would include the default (bundled) Windows Defender as well as third party software such as Norton, McAfee, etc.
The data folder on Windows should be located here:
C:\Documents and Settings\YourUserName\Application data\Zcash
or
C:\Users\YourUserName\Appdata\Roaming\Zcash
The text was updated successfully, but these errors were encountered: