Allow the user to change working dir path to increase security level

[SMH17]

Also if the wallet is encrypted is better to allow the user to change default working dir path, to avoid that a malware in an exploited pc can easily find all the private wallet files simply looking at default paths of most popular Bitcoin wallet clients. A strongbox is more safe is nobody know where is located.

[jim618]

With MultiBit Classic you could choose where to store your wallet. We encountered a surprising large number of support calls where people had forgotten where their wallet was and couldn't find it. Thus with HD we engineered out the user choice of the wallet location.

[SMH17]

Strongly disagree. You should develop the software in the better way possible to assure the maximum level of security. If someone changes the default path and forgot where has stored the wallet, this is his own fault, so why not allow all other users to decide where they want to set the working dir? The backup setting yet allow to change wallet backup path choosing a custom path, is just to add another option for the working dir in the same way.

[gary-rowe]

While I understand your viewpoint, security by obscurity is not real security. You appear to be advocating hiding the wallet somewhere so that malware cannot find it. Almost all well-engineered malware is going to conduct a full disk scan to locate the wallet files. Also it is likely to be lying in wait for the combination of key presses to reveal the password in combination with the encrypted wallet files.

All of this is moot though because once you have malware on your machine all bets are off. Your machine is compromised.

Further, as Jim noted, allowing users to select their wallet path has demonstrably caused real problems to users who were not infected with malware. We would in effect be making the software worse by following this course of action.

Closing because no action will be taken on this.

[SMH17]

1-No known malware out of here scan full hard disk files to search and send bitcoin wallets, but ALL bitcoin-stole malware that I know looks exactly to these hardcoded working paths, there are many evidence of this. No doubt that a malware could also be coded to perform complex search to find wallet position anyway, but a full hard disk scan activity is slower and more demanding in term of resources and isn't what common malware do, since can be show suspicious activity to the usera that can see abnormal hd leds blinking.

2-Yes. The wallet protection is needed only in compromised machine. If you are the only user of the pc and no other can access it, you wouldn't need any protection but this doesn't mean, that would be a good choice.

3-Obscurity is an additional security. Cannot totally prevent to access wallet files, but makes the procedure harder for all most common attakers, in addition allow you to use an honeypot. If a thief enter in your home is better for you to have money in a stronghold well hidden or with an arrow marked with $ symbol that shows exactly its position?

I accept your decision, but saying that a noob may not remember where he have "explicitly choose" to move the wallet make no sense, is like saying that an user could lose his password so is better to avoid any password (also more senseless than this, since the app would use default path doesn't affecting the user experience if the user doesn't decide himself to change configuration).