Is GNUCASH, in fact, unsafe....

David T. sunfish62 at yahoo.com
Fri Nov 11 11:27:09 EST 2011 

Geert--

Thanks for the updates on several points here.

My reason for raising each of these here is to help the OP track down why his scanner flags Gnucash as infected. 


The PortableApps issue, as I noted, was considered spurious (and therefore not valid), but perhaps this person's copy is from PortableApps, and they are getting this (spurious) virus alert.

I do not use Windows any more, so I have no experience with current virus scanners and how they flag items. I believe that many scanners look for particular kinds of behavior, and I do not know whether this person's scanner has some watch on "network" access, which resulted in the alert. The point about the loopback device was not to question its "rightness" "wrong-ness" "Windows-ness" or "*nix-ness", but to note to the OP that this might be an area to pursue to figure out why his scanner reports Gnucash as unsafe.

David



----- Original Message -----
From: Geert Janssens <janssens-geert at telenet.be>
To: gnucash-user at gnucash.org; David T. <sunfish62 at yahoo.com>
Cc: Yongxin Wang <fefe.wyx at gmail.com>; "danchurch at aol.com" <danchurch at aol.com>
Sent: Friday, November 11, 2011 5:30 AM
Subject: Re: Is GNUCASH, in fact, unsafe....

On donderdag 10 november 2011, David T. wrote:
> Hmm. A search for "gnucash virus" turns up some interesting pages, not the
> least being:
> 
> http://forums.cnet.com/7726-6132_102-5199287.html 
> This does not indicate a virus, but it does mention two potential
> vulnerabilities that the development team may need to examine and address.
> 
I have looked at the issues and fixed one already. The other will need some 
more investigation before I can say more about it.

> 
> In 2009, there was a problem with a (possible?) virus in the MySQL
> dependency, although there doesn't appear to have been a conclusion to
> that thread. Nabble has this at:
> http://gnucash.1415818.n4.nabble.com/Virus-in-downloaded-exe-td1449515.htm
> l
This message also circulated on the mysql forum, where it was confirmed that 
the mysql connector that is downloaded from the mysql site is not virus 
infected. I have verified our downloaded version. According to the md5 sum 
this is really the version on the mysql site. So I would conclude we are using 
a virus free version and this is a false positive report by the virus 
checkers.
> 
> In 2008, PortableApps had a thread about a false positive virus report on
> the portable version of Gnucash at http://portableapps.com/node/14390.
> 
PortableApps is not maintained by the GnuCash developers. So I no idea whether 
this is a valid report or not.
> 
> I also wonder if the use of the loopback device by gconf (do I have that
> right?) might be causing trouble. I know it raised flags for some
> observant Windows users a while back.
I agree with Robert's answer here. Just because we do something on windows 
that is usually not done, doesn't mean it's invalid or bad. The use of a local 
network interface for communication with a service on the system is not a 
security risk in itself. Note also that is was not a virus checker that 
complained about this behaviour, but an overly strict firewall kept asking 
about this.

Geert

More information about the gnucash-user mailing list