Jump to content



Photo

  • Please log in to reply
87 replies to this topic

#1 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 17 December 2011 - 04:47

Java! Uninstall It, Update it, or bend over and grab the ketchup!

For some of you, this is news!


If you have it, but don't know you explicitly really need it, please uninstall it immediately!!

Java is bad. Not by itself, but by the exploits it brings along with it. While you may have the most current version, the bad guys always seem to keep a zero day vulnerability close to their hearts!

The current version of Java (version 7) does in fact use DEP. Which should (in theory keep Vista and Windows 7 users safe, until proven it doesn't). For those of you using XP, you should come up with a really good reason why you still need java.

My mom who does stock trading. I tell her, "Please keep java updated. Only use Java with IE. The rest of the time, use Java Firefox and the Quickjava extension with Java DISABLED!"

While a lot of you love java, (I Love a cup of coffee as much as the next guy) Please take Java seriously, otherwise you may be looking down a malware infested barrel, called a rootkit infested machine!

For those of you who know and program in Java and are OK with the consequences of having it installed "More power to you!".

For the rest of the Neowin members, if you have Java, that's great, but please (for the love of god) keep it up to date, or disabled until you need it!


Walfgang Kandek, CEO of Qualys, said that the 200,000 who visited broswere security service BrowserCheck in July 2010 – January 2011, 42% of them were running versions of plug-in Java that had not been updated and contains known vulnerabilities. Only 24% of them were older versions of Flash that include also vulnerabilities. Other applications risky because old versions are Adobe Reader (32%) and Apple QuickTime(25%).


During 2010, Oracle released several updates to address vulnerabilities Java . One last update addresses a group of 21 vulnerabilities, 8 of them considered critical. 19 of which can be exploited through a network not valid without the required login data. It is the second warning that draws attention to Java , after the December, released by Cisco, which announced that attacks through Java had surpassed the number on the Adobe Reader and Acrobat in 2010.


Read more: http://computersight.../#ixzz1h6FIlfVj



From that blog post:[indent=1]
“During the one year period starting in the third quarter of 2010 (3Q10) and ending in the second quarter of 2011 (2Q11), between one-third and one-half of all exploits observed in each quarter were Java exploits[1]. During this one year period, Microsoft antimalware technologies detected or blocked, on average, 6.9 million exploit attempts on Java related components per quarter, totaling almost 27.5 million exploit attempts during the year.”

The exploit attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier. If you are using Java 6 Update 29, or Java 7 Update 1, then you have the latest version that is patched against this and 19 other security threats. If you are using a vulnerable version of Java, it’s time to update. Not sure whether you have Java or what version you may be running? Check out this link, and then click the “Do I have Java?” link below the big red “Free Java Download” button. Apple issued its own update to fix this flaw and other Java bugs earlier this month.


http://krebsonsecuri...p-threat-level/


#2 XPGoD

XPGoD

    The XPGoD

  • Joined: 03-July 02
  • Location: Kansas, btw toto ate my MCSE

Posted 17 December 2011 - 04:54

Someone get the ZeroAccess?

#3 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 17 December 2011 - 04:58

Someone get the ZeroAccess?


Nope, although every infested Malware /rootkit machine that comes into my office has an out of date version of java

#4 ArialBlue

ArialBlue

    var lulz;

  • Joined: 24-June 10
  • Location: Democratic People's Republic of Korea
  • OS: Windows Master Race

Posted 17 December 2011 - 05:04

If you ain't using 1.7.02 for reasons other than not working with your stuff, please punch yourself.

#5 giantpotato

giantpotato

    Neowinian Senior

  • Joined: 27-January 04
  • Location: Montreal, Canada

Posted 17 December 2011 - 05:27

What's so special about Java that it deserves its own thread? Doesn't this rule apply to any software; update it or risk getting infected.

#6 Zkal

Zkal

    Neowinian

  • Joined: 04-December 08

Posted 17 December 2011 - 11:39

What's so special about Java that it deserves its own thread? Doesn't this rule apply to any software; update it or risk getting infected.

This plus just disable Java in your browser. That's what I do since only thing I use Java for is Minecraft.

#7 htcz

htcz

    Neowinian Senior

  • Joined: 22-July 11

Posted 17 December 2011 - 11:41

Java should be destroyed entirely. The only reason that it exists is that the .NET framework hasnt been opened to other OSs. If so, C# would **** all over it.

#8 +Lovell

Lovell

    ,l,(-.-),l,

  • Joined: 14-November 03
  • Location: Great Britain

Posted 17 December 2011 - 11:59

Why is Java needed? I've just spent hours removing malware from my brothers laptop.

#9 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 17 December 2011 - 12:54

Strange, I have installed JAVA on every machine I owned regardless of whether I needed it or not and have never been infected because of it.

#10 Beyond Godlike

Beyond Godlike

    Neowinian

  • Joined: 21-December 10
  • Location: Winterpeg

Posted 17 December 2011 - 13:04

I work in information security where we have IDS's setup. We regularly see java getting owned and malware being installed even on current versions within corporate environments. On peoples home PC's..yikes...

#11 +Chicane-UK

Chicane-UK

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 02-November 01
  • Location: The UK!
  • OS: MacOS 10.9 Mavericks
  • Phone: Google Nexus 4

Posted 17 December 2011 - 13:08

I fricking hate Java.. I think the fundamental concepts of the language, and it being cross platform etc are excellent but like so many things to do with Oracle, it's just been horrendously implemented.

It seems to need updating on a near weekly basis and even if you turn off automatic updating, it still bugs you about updating. Not to mention how unreliable it is and the penchant it has for locking up / breaking. Hateful. I just wish it would go away and die somewhere quietly, and take Oracle with it.

#12 cork1958

cork1958

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 04-October 02

Posted 17 December 2011 - 13:09

Will NEVER install Suns version of this total POS software!!

The ONLY use I have really ever seen for this bloated, insecure junk is java speed tests. I simply don't run those.

The 3 most attacked (and crappiest) pieces of software ever written, IMO, are java, flash, Windows!!

#13 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 17 December 2011 - 13:15

Careful internet use and a good updated AV and Windows will still protect against JAVA exploits though right ?

Same as with any malware ?

#14 bjoswald

bjoswald

    Neowinian Senior

  • Joined: 14-January 08
  • Location: Florida
  • OS: Windows 7 Home Premium
  • Phone: HTC Aria

Posted 17 December 2011 - 13:24

This again?

We get it -- you hate Java. But for the rest of us, we have to use it and learn to deal with it.

Get over it already.

#15 tiagosilva29

tiagosilva29

    Looking for a job in Lisbon

  • Tech Issues Solved: 1
  • Joined: 08-May 04

Posted 17 December 2011 - 13:28

  • Not Back Page News material
  • Never seen malware via Java.

Posted Image