Is GNUCASH, in fact, unsafe....

Mike or Penny Novack stepbystepfarm at mtdata.com
Thu Nov 10 16:10:36 EST 2011


>
>I believe most *practical* virus checkers look for 'code signatures',
>that is known patterns of machine code.  They have a database of these
>signatures (code patterns) and do some sort of byte comparison.  Again,
>there are all sorts of uncertainities here also -- eg possiblities for
>both missed viruses or false positives.
>
Yes, exactly what they do. Which means .........
1) They cannot recognize all viruses, only those that have been 
discovered and a useful signature entered in the database.
2) They will give a false positive for any program that happens to 
contain the sequence of bytes matching the signature

Note that this problem becomes intractable once a virus has been written 
(or an existing virus rewritten) so that it replicates with only VERY 
short possible signatures randomly relocated. Once the maximum length of 
signatures is only a few bytes the false positive rate would become 
prohibitive. Luckily writing (rewriting) a virus like that isn't a task 
for the "script kiddies".

Michael


More information about the gnucash-user mailing list