DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th November 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,156
Thanked 182 Times in 149 Posts
Default Java is the largest malware target according to Microsoft

From http://h-online.com/-1387528

Quote:
In a posting on the Microsoft Security Blog, Tim Rains, a director of Microsoft's Trustworthy Computing Group, has written of the huge number of Java exploits being found in the wild. In the second half of 2010 and first half of 2011, between a half and a third of all exploits observed by Microsoft's Malicious Software Removal Tool attacked vulnerabilities in Java – in the Runtime Environment, the Virtual Machine or the Java SE in the Java Development Kit. Rains based his comments on the latest Microsoft Security Intelligence Report.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 1st December 2011
joekiser joekiser is offline
The World is Yours.
 
Join Date: May 2008
Posts: 35
Thanked 0 Times in 0 Posts
Default

I don't doubt it. I would estimate 3/4 viruses I find are in users Java cache folder. Unfortunately, we must still support outdated versions of JRE since certain software explicitly depends on it.
Reply With Quote
  #3   (View Single Post)  
Old 6th December 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is online now
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,075
Thanked 198 Times in 156 Posts
Default

The problem is that as soon as you install Java, is also installs a browser plugin which is turned on by default.
Remember, client-side Java on the web is as dead as a dead Dodo, and everyone who installs Java uses it just for desktop apps.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #4   (View Single Post)  
Old 7th December 2011
drhowarddrfine drhowarddrfine is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 358
Thanked 9 Times in 8 Posts
Default

Well, they are talking about "on Windows".
Reply With Quote
  #5   (View Single Post)  
Old 7th December 2011
roddierod's Avatar
roddierod roddierod is offline
Real Name: Rod Person
VPN Cryptographer
 
Join Date: Apr 2008
Location: Pittsburgh, Pa
Posts: 376
Thanked 13 Times in 13 Posts
Default

I just had a Software Engineer position interview (which turned out to be a ASP.Net position, which I found out after I said I hated ASP) anyway the Lead Architect went on for a bit about how everyone was "moving toward Java"...I was real confused by that but apparently that how he saw it.
__________________
"The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use the words." -Philip K. Dick
Reply With Quote
  #6   (View Single Post)  
Old 7th December 2011
drhowarddrfine drhowarddrfine is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 358
Thanked 9 Times in 8 Posts
Default

In "Code Complete" he advocates Java. Java is also used for Android development.
Reply With Quote
  #7   (View Single Post)  
Old 7th December 2011
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 699
Thanked 90 Times in 81 Posts
Default

Quote:
Originally Posted by Carpetsmoker View Post
The problem is that as soon as you install Java, is also installs a browser plugin which is turned on by default.
Remember, client-side Java on the web is as dead as a dead Dodo, and everyone who installs Java uses it just for desktop apps.
Unfortunately, not true. Many webinar frameworks use client-side Java applets via the browser. Many student information systems (like the one we are saddled with) use client-side Java applets via the browser. We use a web-based version of the NX Client from No Machine ... that's client-side Java via the web browser. And there are probably more, but those are the things I've used today.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
MySQL.com Hacked to Serve Malware graudeejs News 0 26th September 2011 11:21 PM
ISCSI Target for mac OSX chymian Other BSD and UNIX/UNIX-like 0 18th July 2011 09:52 PM
Facebook, the new phishing target J65nko News 3 16th May 2010 04:14 PM
p3scan with PF --> Target IP PROBLEM!! alternico FreeBSD Security 7 14th May 2008 11:53 PM


All times are GMT. The time now is 03:25 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick