Most malware on web uses java expoits

[Galdorf]

Seems the safest way to secure your system is to remove java completely seem zero day exploits uses java to inject malicious code same goes for flash.

I have done tests on how machine get infected and found that if a machine has no java or flash there is very little chance of getting infected by fake av's.

On another note today on office machine we were browsing the web when all of a sudden norton scan popped up and started scanning somehow using an exploit it installed itself and started scanning.

 

[SThompson86]

Interesting find, Thanks for sharing.

 

[sjlplat]

Seems the safest way to secure your system is to remove java completely seem zero day exploits uses java to inject malicious code same goes for flash..

I think you mean JavaScript. Java is not JavaScript. Disabling JavaScript protects you from most XSS attacks, but it also disables most websites since AJAX and JavaScript toolkits like jQuery and mootools are now used on a large majority of mainstream websites.

 

[Xander]

Seems the safest way to secure your system is to remove java completely seem zero day exploits uses java to inject malicious code same goes for flash.

Got a URL for a source?

On another note today on office machine we were browsing the web when all of a sudden norton scan popped up and started scanning somehow using an exploit it installed itself and started scanning.

Someone updated Shockwave and didn't turn off the option to install Norton Scan.

 

[Galdorf]

Got a URL for a source?

Someone updated Shockwave and didn't turn off the option to install Norton Scan.

http://www.youtube.com/watch?v=fo69WyrzCkw

I did the same trying to infect a machine without java installed not javascript they exploit older version of java.

 

[sjlplat]

I did the same trying to infect a machine without java installed not javascript they exploit older version of java.

I think you should do some more reading about XSS. Java exploits are not anywhere near as widespread as XSS.

 

[Xander]

Sorry, but I'm not taking the word of some guy off YouTube. While it sounds credible enough, I would like to see something done from a more empirical standpoint.

This isn't a java vs. malware study; it's a review from some guy off the web for Comodo.

 

[NYJimbo]

42 minutes. I gotta watch some joker talk about a commodo program for 42 minutes?.

 

[Galdorf]

Its outdated java and flash that is the problem most customers i have don't update their java and the malware websites use buffer overflow exploits to inject malware into your system, updated java and flash are not so much a problem.

 

[sjlplat]

Its outdated java and flash that is the problem most customers i have don't update their java and the malware websites use buffer overflow exploits to inject malware into your system, updated java and flash are not so much a problem.

I can't think of a language anywhere that hasn't been subjected to a buffer overflow at one time or another. It's a part of programming, and it's everywhere. Java is no less secure than any other language in this aspect.

 

[jimmm33]

According to ScanSafe Annual Global Threat Report 2009 .pdf attacks are the majority. Here is my source.

www.scansafe.com/downloads/gtr/2009_AGTR.pdf

I have been updating Adobe Reader on every machine I get in front of.

 

[HubCityPC]

According to ScanSafe Annual Global Threat Report 2009 .pdf attacks are the majority. Here is my source.

www.scansafe.com/downloads/gtr/2009_AGTR.pdf

I have been updating Adobe Reader on every machine I get in front of.

I avoid Adobe Reader like the plague. I install Foxit reader instead. If a client insists on Adobe Reader, I disable scripting from the options menu. Most people don't need scripting turned on to view simple PDFs. I make them aware of this, recommend Foxit one more time and then leave it up to them from there. I don't understand why Adobe has scripting turned on by default in the first place.

Kevin