So I have been arguing with my best friend about the trezor. I keep telling that it is safe to use trezor even on compromised machines, but he keeps telling me this cannot be possible. So for the sake of the argument, if I have several malwares on my computer, couple of trojans, keyloggers etc.. are my funds safe by using trezor?
I want to show him the replies on this question and shut his mouth once and for all!
Thanks all!
Trezor is secure in two important points:
1. It will never share your private keys with a computer no matter how many viruses and troyans are on the computer.
2. When signing a transaction (which is created on computer so it potentialy may be incorrect, missleading or maliciously created), Trezor will display comprehensive information about the transaction and it will ask you to press the confirm button twice. As mentioned above me, this does not protect you against phising attack as described here:
http://doc.satoshilabs.com/trezor-faq/threats.html#what-doesn-t-trezor-protect-against-yet but the important point is that Trezor would never sign this transaction without you seeing it and confirming it. So in case you know the address you want to send to, there is no way computer can trick you into signing something else.