[GNC] [Spam] Re: Possible malware in GnuCash 3.14 for Windows
Doug
lemans4 at internode.on.net
Sun Jan 18 18:32:04 EST 2026
Second the Linux Transition. I moved 20+ years ago!
If you want to try Linux, you could download & load a distribution
such as PCLinuxOS: it can boot & run from a usb stick without
modifying your system (except for enabling the boot).
In my opinion (without starting a flame war), Windoze is now too
restrictive, & perhaps is more interested in gaining value from
the customers than supplying a service that is really in the customers
interest. Linux is totally different to this model although some
distributions can be a little bit this way.
With Linux, there are usually equivalent o/s programs that replace the
windoze alternatives: a quick google will tell the options & issues one
may face. When I moved 20 years ago, I dual booted Linux & Windows but
after 6 months I found I never booted Windoze, so eventually deleted it.
Now, I feel Windoze safe boot is there to restrict access to non-commercial
programs, more than the perceived additional security.
One thing: it is easy to use a modern Linux distro: My wife used M$ at work,
& Linux at home & did not notice the difference (I had to show her how to save
LibreOffice files in M$ format for compatibility, but otherwise no problems!)
regards, Doug
On Sun, 18 Jan 2026 16:04:23 -0500 (EST)
Robert Heller <heller at deepsoft.com> wrote:
> You might be supprised as to how easy the transition might be to a modern
> (recent) Linux distribution.
>
> At Sun, 18 Jan 2026 20:10:58 +0000 Deb Boyce <dd.boyce at outlook.com> wrote:
>
> >
> > I've considered going over to Linux for many reasons, but I haven't touched that O/S in thirty years and about the only command I remember is "kill" and the fact that slashes go the other way in the file paths. After fifty years working in a DOS/Wintel environment, I'm afraid my brain may be too old to make the switch at this point. 😄
> >
> > Deb
> >
> > Sent from Outlook for Android<https://aka.ms/AAb9ysg>
> > ________________________________
> > From: Stephen Wiley <swiley at swiley.net>
> > Sent: Sunday, January 18, 2026 12:05:22 PM
> > To: Deb B <debrboyce at gmail.com>
> > Cc: Stan Brown (using GC 4.14) <stan+gc at fastmail.fm>; gnucash-user at gnucash.org <gnucash-user at gnucash.org>; Deb Boyce <dd.boyce at outlook.com>
> > Subject: Re: [Spam] Re: [GNC] Possible malware in GnuCash 3.14 for Windows
> >
> > You are, at the end of the day, trusting these antivirus vendors to come
> > up with *patterns* to identify binary artifacts as clean or malicious.
> >
> > If your system is so important that you need this the appropriate thing
> > to do is to have people read *the source* and build the binaries from
> > that. This is how Linux distributions work. If your standards are low
> > enough that you're unwilling to demand that level of scrutiny then the
> > practical path forward is to disable your antivirus software which is
> > almost certainly going to get hung up on particulars output from
> > compilers and not intent.
> >
> > --Stephen
> >
> > On Sun, Jan 18, 2026 at 06:59:23PM +0000, Deb B wrote:
> > > So it does make sense to depend on Windows Defender, but I'm still left with Android and iOs devices to protect.
> > >
> > > Deb
> > >
> > > Sent from Outlook for Android<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FAAb9ysg&data�%7C02%7C%7Cc14ced37c9564d7eaaf808de56cceb34%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639043635270304890%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=LG%2B16Bnwitlp0Dir9S32wyR318Nz%2FSMajI%2FPxPc01j0%3D&reserved=0<https://aka.ms/AAb9ysg>>
> > > ________________________________
> > > From: gnucash-user <gnucash-user-bounces+debrboyce=gmail.com at gnucash.org> on behalf of Stan Brown (using GC 4.14) <stan+gc at fastmail.fm>
> > > Sent: Sunday, January 18, 2026 10:50:26 AM
> > > To: gnucash-user at gnucash.org <gnucash-user at gnucash.org>
> > > Cc: Deb Boyce <dd.boyce at outlook.com>
> > > Subject: Re: [GNC] Possible malware in GnuCash 3.14 for Windows
> > >
> > >
> > > Stan Brown
> > > Tehachapi, CA, USA
> > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbrownmath.com%2F&data�%7C02%7C%7Cc14ced37c9564d7eaaf808de56cceb34%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639043635270322806%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=R%2BTtX%2Bw%2FQb7scWzuilrgkNYzuuwu2Dkcvj%2FY1O6d5bI%3D&reserved=0<https://brownmath.com/>
> > >
> > > On 2026-01-18 09:47, Robert Heller wrote:
> > > > I don't (and never have) used MS-Windows, but videos I've seen on YouTube
> > > > suggest that most add-on antivirus software for *recent* versions of
> > > > MS-Windows are a waste of money. "Windows Defender" (which is build in to
> > > > revent versions of MS-Windows) does everything any MS-Windows user needs.
> > > > Almost all malware these days are phishing E-Mail and depend on esentially
> > > > socially engineering to get the user to visit some website to trick the user
> > > > into revealing login credintials. Malware writers generally don't bother much
> > > > with the clasic forms of malware these days. And yes, Windows Defender will
> > > > probably flag legit versions of GnuCash, since GnuCash is not "signed" by a
> > > > Microsoft supplied certificate. You will have to "whitelist" (whatever that
> > > > entails) GnuCash.
> > >
> > > Both in Windows 10 and Windows 11 on my machines, the popup complaint
> > > about "unknown publisher" or similar has a "More info" link which is,
> > > let's say, quite poorly named. Actually, "More info" is what you must
> > > select to get to the "run anyway" or "install anyway" option.
> > >
> > > Here's how I know. The email program Betterbird, a fork of Mozilla
> > > Thunderbird, has much more frequent updates than GnuCash. As with
> > > GnuCash, it has no signing certificate. Every time, I get the prompt,
> > > click "More info" and then "install anyway," and I have no issues.
> > >
> > > I second what Robert Heller says about third-party antimalware being a
> > > waste of money on Windows 10 and 11 systems.(*) (Malwarebytes is an
> > > exception, but the free version is sufficient; you just have to remember
> > > to run it manually.) Windows Defender seems to do a fine job. We have
> > > had extensions about malware protection on the Windows 10 and Windows 11
> > > Usenet newsgroups, and the consensus matches what Robert said. At this
> > > point, I agree, social engineering is a bigger threat than traditional
> > > malware, at least for people who stay away from sketchy websites and use
> > > common sense with email. Never open an attachment you weren't
> > > expecting, even if it purports to come from someone you know.
> > >
> > > (*) Avast is arguably malware, in a small way, since it inserts an
> > > advertisement for itself in the emails you send. This happens without
> > > your permission, and to stop it you must follow a procedure that is far
> > > from obvious.
> > >
> > > Stan Brown
> > > Tehachapi, CA, USA
> > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbrownmath.com%2F&data�%7C02%7C%7Cc14ced37c9564d7eaaf808de56cceb34%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639043635270332805%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=t6qv6B4D%2F38b4suBcQ1uYnTWrBBWaq23PCAooosOTrI%3D&reserved=0<https://brownmath.com/>
> > > _______________________________________________
> > > gnucash-user mailing list
> > > gnucash-user at gnucash.org
> > > To update your subscription preferences or to unsubscribe:
> > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.gnucash.org%2Fmailman%2Flistinfo%2Fgnucash-user&data�%7C02%7C%7Cc14ced37c9564d7eaaf808de56cceb34%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639043635270342345%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=6X9aSU5Ha1%2BlbOZ7sWRuT6LUmtCF7hUTw3IrucIUylo%3D&reserved=0<https://lists.gnucash.org/mailman/listinfo/gnucash-user>
> > > -----
> > > Please remember to CC this list on all your replies.
> > > You can do this by using Reply-To-List or Reply-All.
> > > _______________________________________________
> > > gnucash-user mailing list
> > > gnucash-user at gnucash.org
> > > To update your subscription preferences or to unsubscribe:
> > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.gnucash.org%2Fmailman%2Flistinfo%2Fgnucash-user&data�%7C02%7C%7Cc14ced37c9564d7eaaf808de56cceb34%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639043635270352101%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=X9zLD8gO1CC0yidrWWNYMGFceZ69HDtd%2F5AIBvGwBMQ%3D&reserved=0<https://lists.gnucash.org/mailman/listinfo/gnucash-user>
> > > -----
> > > Please remember to CC this list on all your replies.
> > > You can do this by using Reply-To-List or Reply-All.
> >
> > _______________________________________________
> > gnucash-user mailing list
> > gnucash-user at gnucash.org
> > To update your subscription preferences or to unsubscribe:
> > https://lists.gnucash.org/mailman/listinfo/gnucash-user
> > -----
> > Please remember to CC this list on all your replies.
> > You can do this by using Reply-To-List or Reply-All.
> >
> >
>
> --
> Robert Heller -- Cell: 413-658-7953 GV: 978-633-5364
> Deepwoods Software -- Custom Software Services
> http://www.deepsoft.com/ -- Linux Administration Services
> heller at deepsoft.com -- Webhosting Services
>
More information about the gnucash-user
mailing list