cozofdeath Posted December 12, 2011 Posted December 12, 2011 I've been running my computer just fine with no problems for as long as I can remember. Any type of malware seems to get eliminated right away if found. However, whenever I see the small java icon in the sys tray popup I know an exploit it being executed and usually my AV will pop up and eliminate the threat. Yes, I know java isn't bad but the only time I see it executing it seems to be. The other day this same thing happened but it managed to get through and instantly shut the computer down and cause many other problems. My question is, why is it always java doing this? Yes, I know what java is, for the most part, and no I wasn't looking at porn when it happened. These java exploits are happening all the time weather they are caught or not. Isn't java supposed to be in a sandboxed environment? Do I need some kind of update? Win7 x64 Firefox v8. Anyone have any thoughts or opinions on it?
Killboy Posted December 12, 2011 Posted December 12, 2011 Java is in a sandboxed environment but there are of course exploits to escape it. Especially with older version this might happen a lot. The best things you can do, depending on what you need: - Update to newest Java 1.6.x (fairly secure) - Update to newest Java 1.7.x (new, hence might kill a few old exploits but might not be as safe) - Use 64-bit Java (might render some exploits obsolete that depend on x86 shell code), NOTE: wont work with Firefox (it's 32-bit) - Use NoScript Firefox plugin to block Java/Javascript/Flash on all pages except the ones you allow it on (eg. Flash only on youtube) - Uninstall Java (which software do you need that uses it? OpenOffice? LimeWire?), possibly install it in a VM If you use NoScript, make sure you use it wisely, disabling everything will annoy the heck out of you, making you remove it out of pure frustration.
cozofdeath Posted December 13, 2011 Author Posted December 13, 2011 I'm going to just remove it because I don't see myself needing it and apparently it is the most attacked software presently known according to http://www.theregister.co.uk/2010/10/19/unprecedented_java_exploits/ and some other pages. If it turns out that I need it I'll try a NoScript. Thanks for the info Killboy.
cozofdeath Posted December 14, 2011 Author Posted December 14, 2011 Just posting this because of a coincidence type of situation. I'm looking up some vulnerability stats for a presentation (in college) and I ran into some for the 2nd quarter or this year posted by Kaspersky for mobile platforms. All java platforms have skyrocketed in exploits. It's at http://www.securelist.com/en/analysis/204792186/IT_Threat_Evolution_Q2_2011#8 under "Worry Statistics". Java is a scary thing. I better update my android device.
deepzero Posted December 14, 2011 Posted December 14, 2011 Java is a scary thing and so is flash. Shiny, colorful animations come at a price
deepzero Posted December 14, 2011 Posted December 14, 2011 we`ll see about that although i`ll admit that my knowledge on HTML5 is limited to non-existent at this moment. wasnt there some buffer overflow in opera related to a beta implementation of HTML5 a while ago, though? in any case, security wise flash and java are probably not hard to outrun...
cozofdeath Posted December 17, 2011 Author Posted December 17, 2011 Turns out one of the main issues was a x64 rootkit. Nice! And extremely hard to find support to remove it. Out of 15 or so rootkit scanners I think there were 2 that proved useful and really only 1 that could identify it and remove it. Not cool!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now