Is GNUCASH, in fact, unsafe....

Gregory Forster fgreg74 at gmail.com
Fri Nov 11 14:48:31 EST 2011 

I have Avast 6.0 on a Windows XP SP3 Home machine and GNUcash 2.4.8 with 
absolutely no problems at all.  I use Ad-Aware 9.6 on a Windows 7 
Professional with GNUcash 2.4.8 with  no problems at all.  Both of those 
are desktops.  For my laptop, I have Ad-Aware 9.6 and GNUcash 2.4.8 with 
Windows 7 64bit Home Premium with no problems at all.  I also have 
various "rescue"  anti-virus CDs with no problems about GNUcash. The 
older Avast portable was known for false positives.   Ad-Aware and AVG 
for 2011 and 2012 have very high ratings from many well known PC 
Magazines. AVG 2012 even beat out several commercial anti-virus 
programs.  I use to use Norman (not Norton) who I  think pioneered  the 
sandbox technology (how a suspected file "behaves" that is not in the 
definition database) used today by many anti-virus vendors.

Greg

On 11/11/2011 12:07 PM, David T. wrote:
> Great. Thanks for the clarification.
>
>
>
> ----- Original Message -----
> From: Robert Heller<heller at deepsoft.com>
> To: David T.<sunfish62 at yahoo.com>
> Cc: Geert Janssens<janssens-geert at telenet.be>; "gnucash-user at gnucash.org"<gnucash-user at gnucash.org>; "danchurch at aol.com"<danchurch at aol.com>; Robert Heller<heller at deepsoft.com>
> Sent: Friday, November 11, 2011 8:46 AM
> Subject: Re: Is GNUCASH, in fact, unsafe....
>
> At Fri, 11 Nov 2011 08:27:09 -0800 (PST) "David T."<sunfish62 at yahoo.com>  wrote:
>
>> Geert--
>>
>> Thanks for the updates on several points here.
>>
>> My reason for raising each of these here is to help the OP track down why his scanner flags Gnucash as infected.
>>
>>
>> The PortableApps issue, as I noted, was considered spurious (and therefore not valid), but perhaps this person's copy is from PortableApps, and they are getting this (spurious) virus alert.
>>
>> I do not use Windows any more, so I have no experience with current
>> virus scanners and how they flag items. I believe that many scanners
>> look for particular kinds of behavior, and I do not know whether this
>> person's scanner has some watch on "network" access, which resulted in
>> the alert. The point about the loopback device was not to question its
>> "rightness" "wrong-ness" "Windows-ness" or "*nix-ness", but to note to
>> the OP that this might be an area to pursue to figure out why his
>> scanner reports Gnucash as unsafe.
> I don't think the *virus scanners* actually check *behavior*.  They
> scan for 'signatures', that is known byte sequences, which are either
> code fragments or data fragments.  The problem here is that these tests
> are not always definitive and sometime yield false positives. The
> loopback device thing relates to MS-Windows firewall software, which
> seem to get all huffy about applications making network connections to
> the localhost (127.0.0.1), for no partitularly good reason.
>
>> David
>>
>>
>>
>> ----- Original Message -----
>> From: Geert Janssens<janssens-geert at telenet.be>
>> To: gnucash-user at gnucash.org; David T.<sunfish62 at yahoo.com>
>> Cc: Yongxin Wang<fefe.wyx at gmail.com>; "danchurch at aol.com"<danchurch at aol.com>
>> Sent: Friday, November 11, 2011 5:30 AM
>> Subject: Re: Is GNUCASH, in fact, unsafe....
>>
>> On donderdag 10 november 2011, David T. wrote:
>>> Hmm. A search for "gnucash virus" turns up some interesting pages, not the
>>> least being:
>>>
>>> http://forums.cnet.com/7726-6132_102-5199287.html
>>> This does not indicate a virus, but it does mention two potential
>>> vulnerabilities that the development team may need to examine and address.
>>>
>> I have looked at the issues and fixed one already. The other will need some
>> more investigation before I can say more about it.
>>
>>> In 2009, there was a problem with a (possible?) virus in the MySQL
>>> dependency, although there doesn't appear to have been a conclusion to
>>> that thread. Nabble has this at:
>>> http://gnucash.1415818.n4.nabble.com/Virus-in-downloaded-exe-td1449515.htm
>>> l
>> This message also circulated on the mysql forum, where it was confirmed that
>> the mysql connector that is downloaded from the mysql site is not virus
>> infected. I have verified our downloaded version. According to the md5 sum
>> this is really the version on the mysql site. So I would conclude we are using
>> a virus free version and this is a false positive report by the virus
>> checkers.
>>> In 2008, PortableApps had a thread about a false positive virus report on
>>> the portable version of Gnucash at http://portableapps.com/node/14390.
>>>
>> PortableApps is not maintained by the GnuCash developers. So I no idea whether
>> this is a valid report or not.
>>> I also wonder if the use of the loopback device by gconf (do I have that
>>> right?) might be causing trouble. I know it raised flags for some
>>> observant Windows users a while back.
>> I agree with Robert's answer here. Just because we do something on windows
>> that is usually not done, doesn't mean it's invalid or bad. The use of a local
>> network interface for communication with a service on the system is not a
>> security risk in itself. Note also that is was not a virus checker that
>> complained about this behaviour, but an overly strict firewall kept asking
>> about this.
>>
>> Geert
>>
>> _______________________________________________
>> gnucash-user mailing list
>> gnucash-user at gnucash.org
>> https://lists.gnucash.org/mailman/listinfo/gnucash-user
>> -----
>> Please remember to CC this list on all your replies.
>> You can do this by using Reply-To-List or Reply-All.
>>
>>

More information about the gnucash-user mailing list