Is GNUCASH, in fact, unsafe....

[Geert Janssens]

On donderdag 10 november 2011, David T. wrote:
> Hmm. A search for "gnucash virus" turns up some interesting pages, not the
> least being:
> 
> http://forums.cnet.com/7726-6132_102-5199287.html 
> This does not indicate a virus, but it does mention two potential
> vulnerabilities that the development team may need to examine and address.
> 
I have looked at the issues and fixed one already. The other will need some 
more investigation before I can say more about it.

> 
> In 2009, there was a problem with a (possible?) virus in the MySQL
> dependency, although there doesn't appear to have been a conclusion to
> that thread. Nabble has this at:
> http://gnucash.1415818.n4.nabble.com/Virus-in-downloaded-exe-td1449515.htm
> l
This message also circulated on the mysql forum, where it was confirmed that 
the mysql connector that is downloaded from the mysql site is not virus 
infected. I have verified our downloaded version. According to the md5 sum 
this is really the version on the mysql site. So I would conclude we are using 
a virus free version and this is a false positive report by the virus 
checkers.
> 
> In 2008, PortableApps had a thread about a false positive virus report on
> the portable version of Gnucash at http://portableapps.com/node/14390.
> 
PortableApps is not maintained by the GnuCash developers. So I no idea whether 
this is a valid report or not.
> 
> I also wonder if the use of the loopback device by gconf (do I have that
> right?) might be causing trouble. I know it raised flags for some
> observant Windows users a while back.
I agree with Robert's answer here. Just because we do something on windows 
that is usually not done, doesn't mean it's invalid or bad. The use of a local 
network interface for communication with a service on the system is not a 
security risk in itself. Note also that is was not a virus checker that 
complained about this behaviour, but an overly strict firewall kept asking 
about this.

Geert