[GNC] Possible malware in GnuCash 3.14 for Windows

Adrien Monteleone adrien.monteleone at lusfiber.net
Wed Jan 21 01:28:58 EST 2026 

I fully concur.

After decades of managing work machines, and helping family with their 
personal machines, short of a Linux migration, my #2 recommendation 
would be to uninstall any except the built-in Windows Defender, set it 
to run unobtrusive scans at sane times, and to set some good firewall 
rules. (which should also be done on Linux systems)

Also, don't click any and every link in an e-mail or on a webpage. Don't 
use the same simple password everywhere, especially not for both a web 
account *and* the e-mail tied to it. Be discerning about where you 
source your apps. Folks are entirely too trusting of others they have 
not, and never will, meet. "Pay attention to what you are doing" is the 
most effective, yet underrated and even undermentioned security advice 
possible.

The above admonitions should cover just about every threat, mobile or 
desktop, because those threats are designed to exploit you not heeding 
one or more of them.

Regards,
Adrien

p.s. - bonus: use a forked Mozilla-based browser (such as Waterfox or 
Librewolfe, etc.) and install uBlock-origin on it. Take a few minutes to 
set some agressive filters. Get used to not viewing a webpage if you get 
a warning it is a known spammer or malware host. That's the point!

And yes, you can now install uBlock-origin-lite on mobile devices.

On 1/18/26 11:47 AM, Robert Heller wrote:
> I don't (and never have) used MS-Windows, but videos I've seen on YouTube
> suggest that most add-on antivirus software for *recent* versions of
> MS-Windows are a waste of money.  "Windows Defender" (which is build in to
> revent versions of MS-Windows) does everything any MS-Windows user needs.
> Almost all malware these days are phishing E-Mail and depend on esentially
> socially engineering to get the user to visit some website to trick the user
> into revealing login credintials.  Malware writers generally don't bother much
> with the clasic forms of malware these days.  And yes, Windows Defender will
> probably flag legit versions of GnuCash, since GnuCash is not "signed" by a
> Microsoft supplied certificate.  You will have to "whitelist" (whatever that
> entails) GnuCash.

More information about the gnucash-user mailing list