Is GNUCASH, in fact, unsafe....
Mike or Penny Novack
stepbystepfarm at mtdata.com
Thu Nov 10 16:10:36 EST 2011
>
>I believe most *practical* virus checkers look for 'code signatures',
>that is known patterns of machine code. They have a database of these
>signatures (code patterns) and do some sort of byte comparison. Again,
>there are all sorts of uncertainities here also -- eg possiblities for
>both missed viruses or false positives.
>
Yes, exactly what they do. Which means .........
1) They cannot recognize all viruses, only those that have been
discovered and a useful signature entered in the database.
2) They will give a false positive for any program that happens to
contain the sequence of bytes matching the signature
Note that this problem becomes intractable once a virus has been written
(or an existing virus rewritten) so that it replicates with only VERY
short possible signatures randomly relocated. Once the maximum length of
signatures is only a few bytes the false positive rate would become
prohibitive. Luckily writing (rewriting) a virus like that isn't a task
for the "script kiddies".
Michael
More information about the gnucash-user
mailing list