Correction, forty years. Sent from Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Deb Boyce <[email protected]> Sent: Sunday, January 18, 2026 12:10:58 PM To: Stephen Wiley <[email protected]>; Deb B <[email protected]> Cc: Stan Brown (using GC 4.14) <[email protected]>; [email protected] <[email protected]> Subject: Re: [Spam] Re: [GNC] Possible malware in GnuCash 3.14 for Windows
I've considered going over to Linux for many reasons, but I haven't touched that O/S in thirty years and about the only command I remember is "kill" and the fact that slashes go the other way in the file paths. After fifty years working in a DOS/Wintel environment, I'm afraid my brain may be too old to make the switch at this point. 😄 Deb Sent from Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Stephen Wiley <[email protected]> Sent: Sunday, January 18, 2026 12:05:22 PM To: Deb B <[email protected]> Cc: Stan Brown (using GC 4.14) <[email protected]>; [email protected] <[email protected]>; Deb Boyce <[email protected]> Subject: Re: [Spam] Re: [GNC] Possible malware in GnuCash 3.14 for Windows You are, at the end of the day, trusting these antivirus vendors to come up with *patterns* to identify binary artifacts as clean or malicious. If your system is so important that you need this the appropriate thing to do is to have people read *the source* and build the binaries from that. This is how Linux distributions work. If your standards are low enough that you're unwilling to demand that level of scrutiny then the practical path forward is to disable your antivirus software which is almost certainly going to get hung up on particulars output from compilers and not intent. --Stephen On Sun, Jan 18, 2026 at 06:59:23PM +0000, Deb B wrote: > So it does make sense to depend on Windows Defender, but I'm still left with > Android and iOs devices to protect. > > Deb > > Sent from Outlook for > Android<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FAAb9ysg&data=05%7C02%7C%7Cc14ced37c9564d7eaaf808de56cceb34%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639043635270304890%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=LG%2B16Bnwitlp0Dir9S32wyR318Nz%2FSMajI%2FPxPc01j0%3D&reserved=0<https://aka.ms/AAb9ysg>> > ________________________________ > From: gnucash-user <[email protected]> on > behalf of Stan Brown (using GC 4.14) <[email protected]> > Sent: Sunday, January 18, 2026 10:50:26 AM > To: [email protected] <[email protected]> > Cc: Deb Boyce <[email protected]> > Subject: Re: [GNC] Possible malware in GnuCash 3.14 for Windows > > > Stan Brown > Tehachapi, CA, USA > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbrownmath.com%2F&data=05%7C02%7C%7Cc14ced37c9564d7eaaf808de56cceb34%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639043635270322806%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=R%2BTtX%2Bw%2FQb7scWzuilrgkNYzuuwu2Dkcvj%2FY1O6d5bI%3D&reserved=0<https://brownmath.com/> > > On 2026-01-18 09:47, Robert Heller wrote: > > I don't (and never have) used MS-Windows, but videos I've seen on YouTube > > suggest that most add-on antivirus software for *recent* versions of > > MS-Windows are a waste of money. "Windows Defender" (which is build in to > > revent versions of MS-Windows) does everything any MS-Windows user needs. > > Almost all malware these days are phishing E-Mail and depend on esentially > > socially engineering to get the user to visit some website to trick the user > > into revealing login credintials. Malware writers generally don't bother > > much > > with the clasic forms of malware these days. And yes, Windows Defender will > > probably flag legit versions of GnuCash, since GnuCash is not "signed" by a > > Microsoft supplied certificate. You will have to "whitelist" (whatever that > > entails) GnuCash. > > Both in Windows 10 and Windows 11 on my machines, the popup complaint > about "unknown publisher" or similar has a "More info" link which is, > let's say, quite poorly named. Actually, "More info" is what you must > select to get to the "run anyway" or "install anyway" option. > > Here's how I know. The email program Betterbird, a fork of Mozilla > Thunderbird, has much more frequent updates than GnuCash. As with > GnuCash, it has no signing certificate. Every time, I get the prompt, > click "More info" and then "install anyway," and I have no issues. > > I second what Robert Heller says about third-party antimalware being a > waste of money on Windows 10 and 11 systems.(*) (Malwarebytes is an > exception, but the free version is sufficient; you just have to remember > to run it manually.) Windows Defender seems to do a fine job. We have > had extensions about malware protection on the Windows 10 and Windows 11 > Usenet newsgroups, and the consensus matches what Robert said. At this > point, I agree, social engineering is a bigger threat than traditional > malware, at least for people who stay away from sketchy websites and use > common sense with email. Never open an attachment you weren't > expecting, even if it purports to come from someone you know. > > (*) Avast is arguably malware, in a small way, since it inserts an > advertisement for itself in the emails you send. This happens without > your permission, and to stop it you must follow a procedure that is far > from obvious. > > Stan Brown > Tehachapi, CA, USA > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbrownmath.com%2F&data=05%7C02%7C%7Cc14ced37c9564d7eaaf808de56cceb34%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639043635270332805%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=t6qv6B4D%2F38b4suBcQ1uYnTWrBBWaq23PCAooosOTrI%3D&reserved=0<https://brownmath.com/> > _______________________________________________ > gnucash-user mailing list > [email protected] > To update your subscription preferences or to unsubscribe: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.gnucash.org%2Fmailman%2Flistinfo%2Fgnucash-user&data=05%7C02%7C%7Cc14ced37c9564d7eaaf808de56cceb34%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639043635270342345%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=6X9aSU5Ha1%2BlbOZ7sWRuT6LUmtCF7hUTw3IrucIUylo%3D&reserved=0<https://lists.gnucash.org/mailman/listinfo/gnucash-user> > ----- > Please remember to CC this list on all your replies. > You can do this by using Reply-To-List or Reply-All. > _______________________________________________ > gnucash-user mailing list > [email protected] > To update your subscription preferences or to unsubscribe: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.gnucash.org%2Fmailman%2Flistinfo%2Fgnucash-user&data=05%7C02%7C%7Cc14ced37c9564d7eaaf808de56cceb34%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C639043635270352101%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=X9zLD8gO1CC0yidrWWNYMGFceZ69HDtd%2F5AIBvGwBMQ%3D&reserved=0<https://lists.gnucash.org/mailman/listinfo/gnucash-user> > ----- > Please remember to CC this list on all your replies. > You can do this by using Reply-To-List or Reply-All. _______________________________________________ gnucash-user mailing list [email protected] To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user ----- Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
