Java problems--real or hyped?

Discussion in 'Gator Bytes' started by secgator, Jan 12, 2013.

  1. secgator
    Online

    secgator Well-Known Member

    Joined:
    Sep 1, 2007
    Messages:
    10,582
    Likes Received:
    297
    Trophy Points:
    83
    Ratings Received:
    +767
    Ok...I figure someone in here is bound to know if this is a legit concern for everyone or not. Lately I'm seeing more and more mention of the Java vulnerability issue, with everyone being recommended to disable Java script on their browsers.

    Legit concern or not? I have googled several reads on it and it seems to be fairly consistent on the need to disable.

    Thoughts?
  2. FLfan
    Online

    FLfan VIP Member

    Joined:
    May 9, 2007
    Messages:
    6,017
    Likes Received:
    2,142
    Trophy Points:
    113
    Ratings Received:
    +2,274
    I went ahead and uninstalled it today and ran a scan. nada.

    I figured better safe than sorry. I am curious to see what others will say about this. I am by NO means a computer officianado.
    • Like Like x 1
  3. Ceal8ter
    Offline

    Ceal8ter VIP Member

    Joined:
    Sep 9, 2007
    Messages:
    1,931
    Likes Received:
    8
    Trophy Points:
    38
    Ratings Received:
    +23
    Legit. I havent had a virus on my computer in a few years. Yesterday morning I had a notice saying that a Java update was available. I selected ok, DL'd and installed the update as I've done dozens of times. About an hour later I had a screen pop up, saying that my computer was locked by the Justice Dept...etc etc. Turns out i got the "FBI" virus which after doing some research I discovered is being spread through a Java security hole.

    Just my experience. Hope it helps.
  4. HallGator
    Online

    HallGator Administrator VIP Member

    Joined:
    Apr 3, 2007
    Messages:
    43,441
    Likes Received:
    899
    Trophy Points:
    113
    Location:
    Outer Limits
    Ratings Received:
    +3,525
    Just curious, what kind of AV are you running?
  5. Ceal8ter
    Offline

    Ceal8ter VIP Member

    Joined:
    Sep 9, 2007
    Messages:
    1,931
    Likes Received:
    8
    Trophy Points:
    38
    Ratings Received:
    +23
    Malware bytes
  6. vaxcardinal
    Offline

    vaxcardinal Well-Known Member

    Joined:
    Apr 8, 2007
    Messages:
    3,612
    Likes Received:
    478
    Trophy Points:
    83
    Ratings Received:
    +680
    Java and Javascript are not the same thing, related though. You should keep your java updated though. Its highly unlikely that the update you did had anything to do with the FBI virus.
    • Like Like x 1
  7. Ceal8ter
    Offline

    Ceal8ter VIP Member

    Joined:
    Sep 9, 2007
    Messages:
    1,931
    Likes Received:
    8
    Trophy Points:
    38
    Ratings Received:
    +23
    Admittedly I was in ohio on a business trip and had not updated in over a week
  8. HallGator
    Online

    HallGator Administrator VIP Member

    Joined:
    Apr 3, 2007
    Messages:
    43,441
    Likes Received:
    899
    Trophy Points:
    113
    Location:
    Outer Limits
    Ratings Received:
    +3,525
    Yeah, I kind of doubt your update had anything to do with your infection. It's always possible but not highly likely. I love Malwarebytes for an on-demand scan but unless it has changed it is not an anti-virus program. It is a program you would use in conjunction with an AV.
  9. cocodrilo
    Online

    cocodrilo Well-Known Member

    Joined:
    Apr 8, 2007
    Messages:
    11,173
    Likes Received:
    143
    Trophy Points:
    63
    Ratings Received:
    +912
    There was a segment on this tonight on NBC News. The problem, as they explained it, is with Java 7, which they recommend you disable (while Java works on a fix). It is different from Java Script, which is okay.
  10. HallGator
    Online

    HallGator Administrator VIP Member

    Joined:
    Apr 3, 2007
    Messages:
    43,441
    Likes Received:
    899
    Trophy Points:
    113
    Location:
    Outer Limits
    Ratings Received:
    +3,525
    There is no real connection between Java and javascript. One is a platform and the other is a language.
    • Like Like x 1
  11. cocodrilo
    Online

    cocodrilo Well-Known Member

    Joined:
    Apr 8, 2007
    Messages:
    11,173
    Likes Received:
    143
    Trophy Points:
    63
    Ratings Received:
    +912
    I see no way to disable Java on IE 8 or Firefox either (using Windows XP). Should I uninstall Java? How will that affect online computer performance?
  12. medigator
    Offline

    medigator VIP Member

    Joined:
    Mar 25, 2008
    Messages:
    6,958
    Likes Received:
    1,265
    Trophy Points:
    113
    Ratings Received:
    +1,523
    Dillo I have the same questions . Im not a knowledgeable computer guy just know how to use one LOL ! What does disabling Java do and what limitations will I have on computer use ? Thx...
    • Like Like x 1
  13. HallGator
    Online

    HallGator Administrator VIP Member

    Joined:
    Apr 3, 2007
    Messages:
    43,441
    Likes Received:
    899
    Trophy Points:
    113
    Location:
    Outer Limits
    Ratings Received:
    +3,525
    There are several versions of Java 7 so I don't know if they were talking about the latest which is Java 7 update 10 or not. However doing a little research I haven't found any strong proof to disable or remove the latest version. If you don't have the most up to date version I would suggest you install it if you are going to keep it on your system. If you don't want to keep it or you want to disable it the following link will tell you how to do so. Just keep in mind Java is used by a lot of different things so you may find yourself trying to access or navigate somewhere and they will prompt you to download the program in order to proceed.

    java
  14. cocodrilo
    Online

    cocodrilo Well-Known Member

    Joined:
    Apr 8, 2007
    Messages:
    11,173
    Likes Received:
    143
    Trophy Points:
    63
    Ratings Received:
    +912
    According to a Washington Times article, if you have Java 7 you should first get Update 10 and then disable Java. It also tells you how to do it, which I've already done. It also says that a Java patch is due on Tuesday to fix 86 vulnerabilities. (Only 86? That sounds good.)

    I'm not providing a link right now because my computer is running so slow this morning it has taken three attempts, after three reboots, just to open this thread. If I'm able to go to the article again and then get back here, I'll post the link.
  15. cocodrilo
    Online

    cocodrilo Well-Known Member

    Joined:
    Apr 8, 2007
    Messages:
    11,173
    Likes Received:
    143
    Trophy Points:
    63
    Ratings Received:
    +912
  16. HallGator
    Online

    HallGator Administrator VIP Member

    Joined:
    Apr 3, 2007
    Messages:
    43,441
    Likes Received:
    899
    Trophy Points:
    113
    Location:
    Outer Limits
    Ratings Received:
    +3,525
    Good find coco. I did some checking this morning and came across the following:

    http://blog.malwarebytes.org/intelligence/2013/01/cta-unpatched-java-exploit-in-the-wild/#

    I found the article interesting in that it says certain browsers, like Mozilla Firefox, may be disabling Java automatically. This could be the case with my machine since I did a check for Java at their site last night and it did not return info saying I already had it installed, but I have both the x64 version and the x86 version.

  17. orangeblueorangeblue
    Offline

    orangeblueorangeblue Well-Known Member

    Joined:
    Apr 8, 2007
    Messages:
    57,079
    Likes Received:
    596
    Trophy Points:
    113
    Ratings Received:
    +2,879
    Both are languages. What Java does is run interpreted through a virtual machine, meaning it can be run cross-platform without any code adjustments.

    Both are rife with vulnerabilities and along with Flash constitute the biggest avenues for malware on the Web. It's worth noting that almost all of these vulnerabilities are exploited through remnant ad servers, so step 1 always for Web security is to install Adblock.

    Javascript and Java aren't really even related; syntactically they share similarities with a lot of C variants, but that's about it.

    I have had Java disabled on Chrome for a long, long time.
  18. HallGator
    Online

    HallGator Administrator VIP Member

    Joined:
    Apr 3, 2007
    Messages:
    43,441
    Likes Received:
    899
    Trophy Points:
    113
    Location:
    Outer Limits
    Ratings Received:
    +3,525
    Java is both a platform and a language. My point was to make a discernment between the two since so many people think they are closely related. I totally agree that many exploits come through Java and much of that is to do with people not keeping it updated.
  19. orangeblueorangeblue
    Offline

    orangeblueorangeblue Well-Known Member

    Joined:
    Apr 8, 2007
    Messages:
    57,079
    Likes Received:
    596
    Trophy Points:
    113
    Ratings Received:
    +2,879
    Javascript is, too, a platform in that sense. The engines that interpret Javascript are essentially analogs to the JVM.
  20. secgator
    Online

    secgator Well-Known Member

    Joined:
    Sep 1, 2007
    Messages:
    10,582
    Likes Received:
    297
    Trophy Points:
    83
    Ratings Received:
    +767
    From your linked article..."If you have Java 7, the easiest way to disable it is to make sure you have Update 10 and you are not using Internet Explorer. If you do not have Update 10 but have Java 7, upgrade to Update 10. This will allow you to more easily disable the program than if you have previous Updates.

    Next, go to the Java control panel. To access the Java control panel in windows, go to start/control panel and click on Java.

    After the Java control panel appears, click on the Security tab.

    De-select “Enable Java content in the browser.”

    That will stop Java from running on your computer."


    My question to the brighter geeks in here--does this mean I can use a one-step process and it disables Java from running in both of my browsers? I have both IE9 and Chrome as browsers so I was thinking I might need to disable Java on both...individually. This article makes it sound like a one-step method.

    Someone here have an answer?

Share This Page