Malware/Java Issue

[cozofdeath]

I've been running my computer just fine with no problems for as long as I can remember. Any type of malware seems to get eliminated right away if found. However, whenever I see the small java icon in the sys tray popup I know an exploit it being executed and usually my AV will pop up and eliminate the threat. Yes, I know java isn't bad but the only time I see it executing it seems to be. The other day this same thing happened but it managed to get through and instantly shut the computer down and cause many other problems. My question is, why is it always java doing this? Yes, I know what java is, for the most part, and no I wasn't looking at porn when it happened. These java exploits are happening all the time weather they are caught or not. Isn't java supposed to be in a sandboxed environment? Do I need some kind of update? Win7 x64 Firefox v8. Anyone have any thoughts or opinions on it?

[Killboy]

Java is in a sandboxed environment but there are of course exploits to escape it. Especially with older version this might happen a lot.

The best things you can do, depending on what you need:

- Update to newest Java 1.6.x (fairly secure)

- Update to newest Java 1.7.x (new, hence might kill a few old exploits but might not be as safe)

- Use 64-bit Java (might render some exploits obsolete that depend on x86 shell code), NOTE: wont work with Firefox (it's 32-bit)

- Use NoScript Firefox plugin to block Java/Javascript/Flash on all pages except the ones you allow it on (eg. Flash only on youtube)

- Uninstall Java (which software do you need that uses it? OpenOffice? LimeWire?), possibly install it in a VM

If you use NoScript, make sure you use it wisely, disabling everything will annoy the heck out of you, making you remove it out of pure frustration.

[cozofdeath]

I'm going to just remove it because I don't see myself needing it and apparently it is the most attacked software presently known according to http://www.theregister.co.uk/2010/10/19/unprecedented_java_exploits/ and some other pages. If it turns out that I need it I'll try a NoScript. Thanks for the info Killboy.

[cozofdeath]

Just posting this because of a coincidence type of situation. I'm looking up some vulnerability stats for a presentation (in college) and I ran into some for the 2nd quarter or this year posted by Kaspersky for mobile platforms. All java platforms have skyrocketed in exploits. It's at http://www.securelist.com/en/analysis/204792186/IT_Threat_Evolution_Q2_2011#8 under "Worry Statistics". Java is a scary thing. I better update my android device.

[deepzero]

Java is a scary thing

and so is flash.

Shiny, colorful animations come at a price

[Killboy]

Thank god HTML5 is right around the corner

[deepzero]

we`ll see about that although i`ll admit that my knowledge on HTML5 is limited to non-existent at this moment.

wasnt there some buffer overflow in opera related to a beta implementation of HTML5 a while ago, though?

in any case, security wise flash and java are probably not hard to outrun...

[cozofdeath]

Turns out one of the main issues was a x64 rootkit. Nice! And extremely hard to find support to remove it. Out of 15 or so rootkit scanners I think there were 2 that proved useful and really only 1 that could identify it and remove it. Not cool!

[Killboy]

Props for actually trying all 15 of 'em