maflcko
commented
7 years ago @trickyriky Just to be sure, this is the signed setup.exe from e.g. https://bitcoin.org/bin/bitcoin-core-0.13.2/?
Closed trickyriky closed 7 years ago
maflcko
commented
7 years ago @trickyriky Just to be sure, this is the signed setup.exe from e.g. https://bitcoin.org/bin/bitcoin-core-0.13.2/?
trickyriky
commented
7 years ago sure is MarcoFalke, downloaded today and ran through virustotal, it was a very disappointing surprise, 64bit has 3 issues, 32 bit has 1 issue :(
harding
commented
7 years ago Here's the link to VirusTotal's analysis of https://bitcoin.org/bin/bitcoin-core-0.13.2/bitcoin-0.13.2-win64-setup.exe :
trickyriky
commented
7 years ago same result i got, id love to know what the devs think they are playing at, this is bang out of order :/
maflcko
commented
7 years ago @trickyriky This is a known issue with "anti virus" software. Basically the anti virus software is designed to detect malware even though the malware might change/evolve from day to day. Therefore, av software comes with heuristic detection, behavioral detection, etc and only gets shipped with sample fingerprints of malware. One of those fingerprints might look like "Reads the file bitcoin/wallet.dat". This fingerprint covers a whole bunch of coin stealer applications but unfortunately every version of Bitcoin Core as well.
harding
commented
7 years ago @trickyriky it's very likely to be a false positive, although you should of course not install the software until you believe it to be safe.
In the past, some volunteers have filled out the annoying forms on various anti-virus sites to ask them to manually re-evaluate the software, and when they have they've discovered that Bitcoin Core was detected as a virus in error and then changed their evaluation to clean.
maflcko
commented
7 years ago I think av vendors solve this by whitelisting authentic software from time to time. So there is probably nothing we can do other than asking the vendor to apply Bitcoin Core to their whitelist.
achow101
commented
7 years ago That's called a false positive. Many AV's flag Bitcoin Core and related software as a trojan because it looks for a wallet.dat file. This is what it is supposed to do as it is the creator of the wallet.dat file and uses it.
trickyriky
commented
7 years ago thanks for the input guys, im slightly worried by the virustotal results, so i think im going to hold off installing at least until coinstealer is no longer pinging in the results, thats a terrifying trojan name to a crypto player :/
maflcko
commented
7 years ago Of course it is always recommended to verify the hashes of the binaries of each release. Do not trust av vendor's opinion if a Bitcoin Core release was backdoored or not.
trickyriky
commented
7 years ago so no good explanation from the devs, they just close it, sayonara bitcoin price :(
Willtech
commented
6 years ago @trickyriky You already got an excellent and concise answer from @MarcoFalke and @harding
Note that Kaspersky and a couple of others have updated their detection to "not-a-virus"
I often use Virustotal for sample analysis. The only correct course of action is to verify that result and flag it as a false positive and, contacting the offending AV vendors directly if necessary.
Note that some the results are not-a-virus/riskware/PUP which are each a category that are not-a-virus. The detection for Trojan is a false positive.
It would be better to handle this as a part of the release schedule.
Willtech
commented
6 years ago Please note these CLEAN results for the official download URL of the current release: https://www.virustotal.com/#/url/55cbacac023a4a89e4c66f6645013184fe83e5613434f58639818195c720bd5a/detection
there are zero windows installers for bitcoin core or classic, that do not come with virus or trojans, how can you expect us to install your software when we know it has security flaws? especially coinstealer
AegisLab Troj.Msil.Gen!c 20170104 Baidu Win32.Trojan.WisdomEyes.16070401.9500.9939 20170104 Kaspersky Trojan.MSIL.CoinStealer.po 20170104