Quicken to GnuCash (Windows)

Charles Day cedayiv at gmail.com
Sat Dec 1 17:42:33 EST 2007


On Nov 25, 2007 2:40 PM, Robert Heller <heller at deepsoft.com> wrote:

> > I'll start by using TrueCrypt to create a secure partition, since I am
> > already family with it, but I can't say that this method really
> > satisfies. Once mounted, the financial data becomes cleartext to any
> > program (e.g. viruses). Is there a solution that makes the unencrypted
> > data only available to gnucash?
>
> Yes, but you really are not going to like it: Linux, using either proper
> UNIX User/Group file protection OR (even more secure) using SELinix and
> ACLs (this probably only really makes sense if you are the accountant
> for a spy agency or something and need to keep the accounting for 'black
> opps' secure :-)).
>
> Linux has no viruses (in the sense that MS-Windows does), so even
> though the data is 'clear text', you only need to worry about other
> users on the system from snooping -- if they have different UIDs and/or
> GIDs and you set the protections of your gnucash files to be other=<no
> access> and group=<no access> [chmod go-rwx ...], the normal file
> system protections will keep everyone out (except the super user, who
> is presumed to be trustworthy).  It does have quite functional file
> protection and ownership -- MS-Windows NT only has a half-baked file
> protection and ownership system using NTFS (WinNT, Win2k, and later)
> and none at all with FAT (Win9x).
>
> The only other solution would be to use a dedicated machine (which does
> nothing but run gnucash) behind a very secure firewall and being totally
> anal about virus scanning.
>
> You could also install VMWare and install one of the popular end-user
> Linux distros (such as unbuntu) on a virtual machine (again using
> proper UNIX User/Group file protection on an Ext3 file system).  I
> doubt that any of the MS-Windows viruses can deal with a Ext3 file
> system on their own.
>
>
UNIX/Linux user/group file protection doesn't help me much. I want to keep
professional thieves away from my financial data, not my proverbial little
sister. A quick look at the Firefox bug list alone shows a history of
vulnerabilities that compromise user/group file protection. To steal gnucash
data now, it seems that one would only need to compromise the browser, for
example, then patiently wait for the gnucash data file to be exposed (if any
waiting is even required).

Quicken asks for a password on startup, then decrypts the data file
privately for itself as it accesses it. This is a significant additional
barrier. Naturally, the Quicken data can also be stored on an encrypted
partition using third-party software, if one felt that it was necessary. Of
course, the security or insecurity of Microsoft, Apple, and other
applications lies outside Quicken's control.

I see from other posts that adding this additional security barrier to
gnucash is a low priority for developers, and rightly so, since there are
many other areas that can more directly improve the user experience and
productivity. If additional security gets integrated with gnucash at some
point, great!  This would also make it feasible to add a feature allowing
users to download online transactions for all accounts at once, by caching
the individual account passwords (which would be a significant
improvement.)  But for now, has anyone created their own workaround?

Cheers,
Charles


More information about the gnucash-user mailing list