Microsoft: Update Java or kill it

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
Microsoft OS's do have a problem with Java; even when the IE plugin is disabled, an exploit kit attached to a webpage can trigger IE into running Java via file associations. Is that a Java or an MS flaw?
 
Why are they focusing on java?

Java is far less exploited than flash...

Or would a security expert care to correct me?
Java is more widely used and is very easy to script maliciously. However, anyone with a PC updated in the last 5 years could fight off most the attacks.

@satrow, do you think they are doing this because of java's involvement in things like IE? While flash is stand alone?(for the most part)
 
If (and I have tested this out) I hit the attack website with Firefox and the Java plugin disabled, nothing untoward happened, Process Explorer showed nothing new - in IE however, 2x new processes beginning with J* were triggered, by my reckoning, by Windows' file association - probably some hangover related to keeping enterprises happy when running ancient Java apps that the old MSJava used to run back in the W2K/XPSP1 era?

I didn't think to also test what would happen if I globally switched off Java via the control Panel. I don't recall the exact exe names that were triggered, and I was quite eager to get them shut down, even though I was confident about my security and all my software was fully updated.

FX also flagged up the Google Safe Browsing warning that I had to bypass to access the site - in IE, there was no such warning, SmartScreen only seems to look for phishing sites and 'rare' downloads, regardless of whether they're actually infected or not.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top