That's a misconception commonly propagated by Microsoft advocates. The fallacy lies in that since Linux has an open development model, bugs and security issues are quickly and widely published on purpose, while Microsoft often sits on these for months if not years, sometimes refusing to acknowledge them altogether (going as far as rolling patches secretly into other updates), i.e. you never hear about the majority. So the perception arises that Windows has few bugs, while Linux has a lot. Also, Linux is strictly speaking the kernel only, you are talking about distros with a lot of auxiliary software.

In reality open source sofware in general has less bugs and higher code quality due to many eyes looking at it and simple availability of the source code (even if you know there are bugs in Windows, you can't fix them and have to wait for MS). Do a search on Coverity and errors per line of code. I'm not talking about usability/UI design, there is some stupid sh*t going on in 'Linux' at any given time there


True, but the argument can be made that stupid users are more likely to use Windows than Linux


By that logic, Linux can in fact be more secure than Windows. Or at the very least, just as secure.

If you really want secure, maybe Linux enhanced by the NSA would be the way to go?

SELinux is open source, and has received some scrutiny Not everything government does is evil, neither is everyone in government evil (see Thomas Drake for example).

It's an extra layer of privilege separation but is unlikely to help significantly against your typical (spear)phishing attack. E.g. it may make it harder for an unprivileged local user or process to access system files, but will not help if the same user has the privilege to become root (e.g. occasional uses of sudo), without further configuration at least.

This ^^

This would probably be the ideal solution, a dedicated device which is only used for bitcoin, never to surf the web. The annoyance would be getting addresses from your web-access machine to your bitcoin machine easily. It is so simple to just copy and paste it in the bitcoin client.

But yeah, I intend to do that with my old laptop, as soon as I buy another computer.

Yes all the wallet.dat file contains is public/private key pairs for all of your bitcoin addresses.

You are assuming your system is OK after *something* got compromised? Any password is useless against a keylogger (that includes a future Bitcoin cient offering wallet encryption).

Today crimeware kits are sold with a nice GUI for the thump your head variety criminal who barely knows left from right mouse button. A Bitcoin tailored kit will have some kind of exploit to get in, a module for uploading wallet.dat, keylogger/VNC etc. functionality if needed, a module for cleaning up after itself as if it had never existed and one for hiding itself from the usual suspects (all antiviruses, Spybot S&D, Wireshark, process explorer etc.) until such time that your wallet contains enough coin. Hell, the specialists already own a sizable number of machines and the crimeware might function as a search engine for interesting data on the botnet. They may even fix other vulnerabilities to keep the competition out and keep your system in shape to guarantee uptime (a dead zombie is worthless, heh).

The only way to be sure is to start completely fresh. Including BIOS flashes and viewing old backups as compromised too. And changing Bitcoin addresses, obviously.

I keep all my web-browsers behind sandboxie, and got my parents doing this too. Seems to have been working great. Started using this months before I even heard of bitcoin, because I was mad that clicking on the wrong website somehow put a rootkit on my computer. (and I'm FAR from being a computer noob)

Link: http://www.sandboxie.com/

Sandboxie - Sandbox security software for Windows. Install and run programs in a virtual sandbox environment without writing to the hard drive.

You have no idea how a password safe works I see. It actually makes you less vulnerable to keyloggers and certainly less vulnerable than reusing passwords or using passwords that can be cracked with a dictionary attack. But keep on with that smug attitude.

@joepie91: would be interesting to hear what MtGox has to say about this, please do not forget to post it here, thank you!

So, MtGox seems to be under heavy DDoS fire all the time and also have some security issues, bitcoin7 is an unstable alpha-version at best not to mention CSS-vulnerabilities ... any bad news about TradeHill that I may have missed?