The two things I'd really like see is
1. Encryption on my wallet file
2. The ability to move my wallet file where ever I like.
I'd then store my wallet file in a secure (probably truecrypt) container or thumb drive. I'd feel much better about everything.
for #2:
use bitcoin client (0.3.22) with -datadir option:
bitcoin.exe -datadir="Z:\SomeRemoveableDrive\somedirectory"
Don't under, any circumstances store your wallet.dat in a directory under your Windows operating system %APPDATA% (C:\Users\youruser\AppData\Roaming\Bitcoin by default on Win 7)
Don't have bitcoin client installed on windows either.
Store both the client folder and the wallet.dat on separate media that you do NOT keep constantly mounted. Keep balances in the default wallet.dat LOW, to boot, and use a separate wallet in another location at least.
Note: these are not even adequate security measures for a determined search program. But the ftp stealer that is available on forums worldwide (and that is pictured here on Symantec blog with weird ironic name:
http://www.symantec.com/connect/sites/default/files/images/bitcoininfostealer.jpg, from Symantec URL
http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours )
uses code such as:
char* appdata = getenv("APPDATA"); //Gets %Appdata% data
char* truepath = strcat(appdata, "\\Bitcoin\\wallet.dat"); //Bitcoin file to steal
and it's a 'grab and go' ;-/
Does anybody know where the thread is for keeping track of which anti-malware progs keep track of these new Bitcoin stealers?
The larger security discussion in this thread, of course, is perfectly appropriate, esp. in light of the larger tech media outlets using the 25k theft as "yet another reason not to use bitcoin" ...yada...yada
