SUBSIM Radio Room Forums - View Single Post

Skybird · 09-05-12, 09:28 AM

Java 6 is compromised.

Java 7 was meant to close it's holes, but it did that only for some of them. And added new exploits.

Java is maintained very badly by Oracle, it seems, you can see that when somtimes updating from an old version of Java, say Java 5, to newer version, say Java 6, version 6 does not replace and overwritte version 5, but leaves it intact. While your system then runs with Java 6, and gets all the updates for Java 6, it fporgets to care for Java 5 with all the open holes in there. And you the user are not even aware of that security hole. This is where manual inspection of your system or PSI (more on that down below) help. You do not need two versions of Java parallel to each other, only one, and ideally it should be the latest version. At least AFAIK. It does ot compare to certain Microsoft packages of which you may need different versions, one for each of any depending software like Office, and others.

In Germany, even the German Federal Police has strongly advised to switch off Java for the time being. Note that Explorer users cannot rely on the various recipes circling on the web to "deactivate" it like I read it is possible in other browsers via switches. If you want to be sure, you must reinstall it. These recipes do not even work for every system - that should give you a hint.

Deinstalling is easy via Windows Software screen. If later you need to reinstall it, it is also no problem and is done in a minute, automatically. So, no big deal. Check your browser addons that all Java addons there are deactivated and deleted, too. They can still be there, working, even after you deinstalled Java.

Do not mistake Java and Javascript.

---

Haplo, I finally figured out the sandbox thing, and got it configured. It all gets deleted now automatically when I close the sandboxed browser. I owe you one for pushing my view to that direction.

---

Some general ideas that I followed myself.

Run your internet browsing from a separated, password-protected account which has no adminsitrator rights. That and UAC then helps to contain the infection to that account'S rights - maybe. It is also recommended to use an administrator'S account only for installing software. All other activity should be done via a user account.

Note that the Windows defaultz account is labelled as adminsitrator - but does not have full adminsitrator'S rights. These must be unlocked in hidden options. Usually, this should not be necessary.

Use Secunia PSI (Private Software Inspector) to be sure that your software is always up to date. PSI compares your installed software with a databse at Secunia where they constantly update the version status of all software they support in that library. So PSI does not help with software not in that database. But it definitely does a great job in informing you on outdated software that is easy to forget to check, and sometimes even informs you on software updates that even Windows Updates do not mention. I had that case just yesterdays with Microsoft MSXML 4 or 6. The Windows Update page did not mention it at all. I clicked on the alarm from within Secunia, got an update from some x.20 to x.30 installed, and PSI was happy again.

Malwarebyte'S Antimalware has a very good reputation on the web for scanning out the nasty stuff that antivirus scanners often does not catch. Considering it is free, but thre active scanner is fully implemented, this is a must-have tool. Update must be downloaded manually as long as you do not use the payware version. The tool is great for quickly doing a quick file or system scan, I do it by routine every day when shutting down the system for bedtime, costs only a minute.

Use a sandbox. I found Sandboxie here: www.sandboxie.com. It is easy to use and seems to have a good reputation. When you use it, you can go with almost the default settings. Only two things you must remember: you must configure your email porogram manually in its options, and you must manually activate the option that the sandbox gets deleted every time it is being closed (you close browser or email program).

Be choosy on when and where to let run ActiveX scripts.

Never feel totally safe. You aren't.

09-05-12, 09:28 AM	#6
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,708 Downloads: 10 Uploads: 0	Java 6 is compromised. Java 7 was meant to close it's holes, but it did that only for some of them. And added new exploits. Java is maintained very badly by Oracle, it seems, you can see that when somtimes updating from an old version of Java, say Java 5, to newer version, say Java 6, version 6 does not replace and overwritte version 5, but leaves it intact. While your system then runs with Java 6, and gets all the updates for Java 6, it fporgets to care for Java 5 with all the open holes in there. And you the user are not even aware of that security hole. This is where manual inspection of your system or PSI (more on that down below) help. You do not need two versions of Java parallel to each other, only one, and ideally it should be the latest version. At least AFAIK. It does ot compare to certain Microsoft packages of which you may need different versions, one for each of any depending software like Office, and others. In Germany, even the German Federal Police has strongly advised to switch off Java for the time being. Note that Explorer users cannot rely on the various recipes circling on the web to "deactivate" it like I read it is possible in other browsers via switches. If you want to be sure, you must reinstall it. These recipes do not even work for every system - that should give you a hint. Deinstalling is easy via Windows Software screen. If later you need to reinstall it, it is also no problem and is done in a minute, automatically. So, no big deal. Check your browser addons that all Java addons there are deactivated and deleted, too. They can still be there, working, even after you deinstalled Java. Do not mistake Java and Javascript. --- Haplo, I finally figured out the sandbox thing, and got it configured. It all gets deleted now automatically when I close the sandboxed browser. I owe you one for pushing my view to that direction. --- Some general ideas that I followed myself. Run your internet browsing from a separated, password-protected account which has no adminsitrator rights. That and UAC then helps to contain the infection to that account'S rights - maybe. It is also recommended to use an administrator'S account only for installing software. All other activity should be done via a user account. Note that the Windows defaultz account is labelled as adminsitrator - but does not have full adminsitrator'S rights. These must be unlocked in hidden options. Usually, this should not be necessary. Use Secunia PSI (Private Software Inspector) to be sure that your software is always up to date. PSI compares your installed software with a databse at Secunia where they constantly update the version status of all software they support in that library. So PSI does not help with software not in that database. But it definitely does a great job in informing you on outdated software that is easy to forget to check, and sometimes even informs you on software updates that even Windows Updates do not mention. I had that case just yesterdays with Microsoft MSXML 4 or 6. The Windows Update page did not mention it at all. I clicked on the alarm from within Secunia, got an update from some x.20 to x.30 installed, and PSI was happy again. Malwarebyte'S Antimalware has a very good reputation on the web for scanning out the nasty stuff that antivirus scanners often does not catch. Considering it is free, but thre active scanner is fully implemented, this is a must-have tool. Update must be downloaded manually as long as you do not use the payware version. The tool is great for quickly doing a quick file or system scan, I do it by routine every day when shutting down the system for bedtime, costs only a minute. Use a sandbox. I found Sandboxie here: www.sandboxie.com. It is easy to use and seems to have a good reputation. When you use it, you can go with almost the default settings. Only two things you must remember: you must configure your email porogram manually in its options, and you must manually activate the option that the sandbox gets deleted every time it is being closed (you close browser or email program). Be choosy on when and where to let run ActiveX scripts. Never feel totally safe. You aren't. __________________ If you feel nuts, consult an expert.