Is GNUCASH, in fact, unsafe....

David T. sunfish62 at yahoo.com
Fri Nov 11 13:07:52 EST 2011 

Great. Thanks for the clarification. 



----- Original Message -----
From: Robert Heller <heller at deepsoft.com>
To: David T. <sunfish62 at yahoo.com>
Cc: Geert Janssens <janssens-geert at telenet.be>; "gnucash-user at gnucash.org" <gnucash-user at gnucash.org>; "danchurch at aol.com" <danchurch at aol.com>; Robert Heller <heller at deepsoft.com>
Sent: Friday, November 11, 2011 8:46 AM
Subject: Re: Is GNUCASH, in fact, unsafe....

At Fri, 11 Nov 2011 08:27:09 -0800 (PST) "David T." <sunfish62 at yahoo.com> wrote:

> 
> Geert--
> 
> Thanks for the updates on several points here.
> 
> My reason for raising each of these here is to help the OP track down why his scanner flags Gnucash as infected. 
> 
> 
> The PortableApps issue, as I noted, was considered spurious (and therefore not valid), but perhaps this person's copy is from PortableApps, and they are getting this (spurious) virus alert.
> 
> I do not use Windows any more, so I have no experience with current
> virus scanners and how they flag items. I believe that many scanners
> look for particular kinds of behavior, and I do not know whether this
> person's scanner has some watch on "network" access, which resulted in
> the alert. The point about the loopback device was not to question its
> "rightness" "wrong-ness" "Windows-ness" or "*nix-ness", but to note to
> the OP that this might be an area to pursue to figure out why his
> scanner reports Gnucash as unsafe.

I don't think the *virus scanners* actually check *behavior*.  They
scan for 'signatures', that is known byte sequences, which are either
code fragments or data fragments.  The problem here is that these tests
are not always definitive and sometime yield false positives. The
loopback device thing relates to MS-Windows firewall software, which
seem to get all huffy about applications making network connections to
the localhost (127.0.0.1), for no partitularly good reason.

> 
> David
> 
> 
> 
> ----- Original Message -----
> From: Geert Janssens <janssens-geert at telenet.be>
> To: gnucash-user at gnucash.org; David T. <sunfish62 at yahoo.com>
> Cc: Yongxin Wang <fefe.wyx at gmail.com>; "danchurch at aol.com" <danchurch at aol.com>
> Sent: Friday, November 11, 2011 5:30 AM
> Subject: Re: Is GNUCASH, in fact, unsafe....
> 
> On donderdag 10 november 2011, David T. wrote:
> > Hmm. A search for "gnucash virus" turns up some interesting pages, not the
> > least being:
> > 
> > http://forums.cnet.com/7726-6132_102-5199287.html 
> > This does not indicate a virus, but it does mention two potential
> > vulnerabilities that the development team may need to examine and address.
> > 
> I have looked at the issues and fixed one already. The other will need some 
> more investigation before I can say more about it.
> 
> > 
> > In 2009, there was a problem with a (possible?) virus in the MySQL
> > dependency, although there doesn't appear to have been a conclusion to
> > that thread. Nabble has this at:
> > http://gnucash.1415818.n4.nabble.com/Virus-in-downloaded-exe-td1449515.htm
> > l
> This message also circulated on the mysql forum, where it was confirmed that 
> the mysql connector that is downloaded from the mysql site is not virus 
> infected. I have verified our downloaded version. According to the md5 sum 
> this is really the version on the mysql site. So I would conclude we are using 
> a virus free version and this is a false positive report by the virus 
> checkers.
> > 
> > In 2008, PortableApps had a thread about a false positive virus report on
> > the portable version of Gnucash at http://portableapps.com/node/14390.
> > 
> PortableApps is not maintained by the GnuCash developers. So I no idea whether 
> this is a valid report or not.
> > 
> > I also wonder if the use of the loopback device by gconf (do I have that
> > right?) might be causing trouble. I know it raised flags for some
> > observant Windows users a while back.
> I agree with Robert's answer here. Just because we do something on windows 
> that is usually not done, doesn't mean it's invalid or bad. The use of a local 
> network interface for communication with a service on the system is not a 
> security risk in itself. Note also that is was not a virus checker that 
> complained about this behaviour, but an overly strict firewall kept asking 
> about this.
> 
> Geert
> 
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
> 
>            

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments

More information about the gnucash-user mailing list