Is GNUCASH, in fact, unsafe....
Robert Heller
heller at deepsoft.com
Thu Nov 10 08:00:27 EST 2011
At Thu, 10 Nov 2011 07:34:58 -0500 stepbystepfarm at mtdata.com wrote:
>
>
> >Avast used to complain about ,,,,,,
> >
> Our virus checkers will either fail to detect some viruses or give us
> some false positives or both. This isn't because they aren't good enough
> but because it is IMPOSSIBLE to have a program that can check the code
> of any other program (a "universal checker") to determine the runtime
> behavior of that code and be 100% correct in doing that. The behavior in
> this case being "acts like a virus" but in the original statement of
> what is known as the fundamental theorem of computation it was "loops".
> You prove it in the same way.
I believe most *practical* virus checkers look for 'code signatures',
that is known patterns of machine code. They have a database of these
signatures (code patterns) and do some sort of byte comparison. Again,
there are all sorts of uncertainities here also -- eg possiblities for
both missed viruses or false positives.
The only 100% certain check is to download the *source code*, go over it
with a fine tooth comb and compile it yourself. But for most people
this is not practical. Downloading the code from a *trusted* source and
running a CRC type check (eg md5sum) is a close runner up.
In my case, since I run Linux (centos), I use yum to install from the
EPEL repository. Yum does a signature check on the RPMs (package files)
to verify that the packages have not been messed with or something. Oh,
and running Linux avoids the whole virus thing in general.
>
> Assume that there was such a universal checker. You can think of it as a
> function V(p) that returns 1 if p will act like a virus and 0 if p will
> not act like a virus. Then construct the simple program P
> If V(p) then halt
> else "act like a virus"
>
> What is the result of trying to check P? In other words, what is the
> result of V(P)
>
> See? This supposedly always correct virus checker gets P wrong. So it
> can't exist.
>
> Michael
>
> PS: While almost any Computer Science person knows this theorem (and who
> first proved it) do not feel bad because you didn't. In the large shop
> where I worked for three decades I bet less than 2% of my co-workers
> did. Information Technology people are not the same as Computer Science
> people and besides, most of us had undergraduate degrees unrelated to
> either. Mine was Physics.
>
>
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
>
>
--
Robert Heller -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments
More information about the gnucash-user
mailing list