I am unsure about many but I am using Veracrypt but there are some more suggested over the web. But do your research before using one of them as some might contain malwares or even mining cookies which could run over your PC.
- Folder Lock
- CryptoExpert 8
Have you noticed Cryptomining software bundled in with VeraCrypt?
No not really, why would you say it ? have you .?
I have been using veracrypt since it was called truecrypt, and well before crypto mining was ever a thing. There never was cryptominning software bundled with veracrypt. Veracrypt is open source and has recently gone through a code audit https://ostif.org/the-veracrypt-audit-results/
Oh well since crypto mining is a thing now, we really cannot trust anything. I wonder how marketing of a single app can push users to download and atleast use once which would leave cookies and hence long term crypto mining. Well thanks for informing me with that.
I wouldn't say that cryptomining has made software less trustworthy; any type of malicious code can pose as legitimate software, and it has going back to the earliest days of Trojans.
crypto mining is just one way malicious software can utilize your computer. It has only become popular in the last few years because it can bring a quick and direct route to money. Using your computer for spamming, or renting your computer out as part of a botnet are other ways that the bad guys can use your computer to make money. Just because a program doesnt have a hidden miner in it doesnt mean that it can be any less malicious.
As a general rule, download well known, vetted programs and download them from the program creators website, or from a trusted website. Open source programs are generally safer to download, but nothing is 100%.
If in doubt, ask someone who is knowledgeable whom you know in person for advice on what programs they would suggest and where to download them from.
Im not sure what you mean by leaving cookies. A cookie is like a note in your web browser that can tell websites things about your browsing history. Not all cookies are harmful. veracrypt would not have any cookies in it
Yes I do agree there with all the points you made out there. But Open source programs are more prone to these activities as they provide a room for anyone to put up whatever they want, and may be promote it. I am not against open source programs but there are hazards associated with it too.
I dont know if I would agree with saying open source is more prone to having malicious software in it because open source allows anyone to put whatever they want in it. The same can be said about closed source programs. Modification of legit executables by using 'joiner' programs I would think is more trivial to accomplish VS modifying source code with malicious code and then compiling it successfully... not to say that a joiner program couldnt join an already compiled exe of a open source program to a malicious exe either.. but I think it really comes down to being smart with where you are getting your files from.
An open source program downloaded from source forge is relatively safe
A closed source program (that does the same thing as the open source program) downloaded from bleepingcomputer is going to be relatively safe as well.
Both have the possibility that they may have been tampered with, but the likely hood of this is pretty low, given that they both are reputable websites. The advantage that the open source one has is that the community has access to the source and if there is any doubt about its functionality it can be checked with much greater ease than the closed source one. The closed source program - we need to trust the creator that it does what they say it does and nothing more. Without access to the source static analysis needs to be done and it will have to be picked apart by debuggers and someone skilled at RE.
There is no doubt that there are risks with both, no argument there, but if i had to choose trust between an open source program and a closed source program if they each do the same thing MOST of the time I am going to trust the open source one as long as I am getting it from a trusted source.
The question that sprung this conversation was cryptocoin mining as a type of malware. Cryptominer spiked programs are actually quite easy to detect without needing to view the source code or reverse engineer the program. A coin miner can be detected in a program if it attempts to connect to a web address associated with a mining pool. If the program does not need network access at all then it connecting to anything is highly suspicious already. This can be detected various ways.. you can sniff your network and watch for packets or you can watch the program with something like process hacker and see if it attempts to make a connection on the network.
Also, if the program is constantly using up all your CPU when it shouldn't be then thats another bad sign.
For the paranoid, checking the hash values of the program after you downloaded it with the value that the trusted website says it should be is another way to check to see if it had been modified at some point without the creators knowledge