Homeland Security warns to disable Java

[MrRiplEy[H]]

Meh firewall and desktop AV have it sorted.

No they don't. Firewall does nothing to this exploit as it uses the regular HTTP port 80 which you have enabled and desktop AV will not catch the malware because it causes a buffer overload and executes code completely out of control of anything that runs on the OS, including the desktop AV.

[Gustav]

Doesn't things like Intel's Execute Disable and Microsoft's DEP help with buffer overflow attacks?

[GScholz]

Oracle has a patch out. Update your Java clients.

[Vulcan]

No they don't. Firewall does nothing to this exploit as it uses the regular HTTP port 80 which you have enabled and desktop AV will not catch the malware because it causes a buffer overload and executes code completely out of control of anything that runs on the OS, including the desktop AV.

Really? Dude. Seriously? Do you even think before you type?

First of all my firewall inspects all traffic contents. It identifies malware, intrusions, and applications. Here is the link to the protection that applies to this exploit: https://www.mysonicwall.com/SonicAlert/index.asp?ev=article&id=515  . This is common across many brands of firewalls (SonicWALL, Juniper, PA, Fortinet, etc).

Secondly buffer overflow protection has been a common component of AV for many many many years. Have a look at what Sophos do (it's common across all good AV apps): http://www.sophos.com/en-us/why-sophos/innovative-technology/hips/layers-of-detection.aspx

[MrRiplEy[H]]

Really? Dude. Seriously? Do you even think before you type?

First of all my firewall inspects all traffic contents. It identifies malware, intrusions, and applications. Here is the link to the protection that applies to this exploit: https://www.mysonicwall.com/SonicAlert/index.asp?ev=article&id=515  . This is common across many brands of firewalls (SonicWALL, Juniper, PA, Fortinet, etc).

Secondly buffer overflow protection has been a common component of AV for many many many years. Have a look at what Sophos do (it's common across all good AV apps): http://www.sophos.com/en-us/why-sophos/innovative-technology/hips/layers-of-detection.aspx

No AV is going to protect you and you're simply a fool if you think they do I've seen hundreds of infected workstations which ran AVs and were behind firewalls. Not to even mention that Sophos and the likes are already like having a bad malware running on the computer, they lag it down.

[Vulcan]

No AV is going to protect you and you're simply a fool if you think they do I've seen hundreds of infected workstations which ran AVs and were behind firewalls. Not to even mention that Sophos and the likes are already like having a bad malware running on the computer, they lag it down.

Sorry I'm happy with mine, I don't think I'll take advice from someone who's clueless about how modern firewalls or AV works.

[guncrasher]

vulcan the only way a firewall is 100% proof is if you unplug your connection from the firewall.  either that or steal skuzzies set up  .


midway

[MrRiplEy[H]]

Sorry I'm happy with mine, I don't think I'll take advice from someone who's clueless about how modern firewalls or AV works.

Famous last words. The best of AVs can get a detection rate of 95-98% of known viruses. That leaves tens of thousands _known_ viruses which get past detection and this does not include 0-day exploits.

Trusting AVs and firewalls is the dumbest mistake anyone can make.

[Skuzzy]

Famous last words. The best of AVs can get a detection rate of 95-98% of known viruses. That leaves tens of thousands _known_ viruses which get past detection and this does not include 0-day exploits.

Trusting AVs and firewalls is the dumbest mistake anyone can make.

You do realize a high quality AV program does not have to depend on virus signatures, but can also use attack vectors to detect an intrusion?  There are far fewer attack vectors than there are viruses.  Good AV software will catch new viruses using common attack vectors, such as buffer overflows, which happen to be the oldest attack vector there is.

That said, I have always had Java disabled.  There are legal things that can be done using Java nothing will catch as being a bad thing, even though it is.  It is not worth the risk to me.

[MrRiplEy[H]]

You do realize a high quality AV program does not have to depend on virus signatures, but can also use attack vectors to detect an intrusion?  There are far fewer attack vectors than there are viruses.  Good AV software will catch new viruses using common attack vectors, such as buffer overflows, which happen to be the oldest attack vector there is.

That said, I have always had Java disabled.  There are legal things that can be done using Java nothing will catch as being a bad thing, even though it is.  It is not worth the risk to me.

Yes I do realize and despite all the fancy computer clogging heuristics they still fail to detect even the known viruses. So simply put AVs will never protect anyone, unless you're lucky enough to hit something that it happens to catch. I've seen so many cases of AV:s getting totally owned by malware and viruses that I've lost any faith in them.

[Vulcan]

Trusting AVs and firewalls is the dumbest mistake anyone can make.

given you seem to have close to zero understanding on how firewall and AV work do you really think you're even remotely qualified to give out advice?

[MrRiplEy[H]]

given you seem to have close to zero understanding on how firewall and AV work do you really think you're even remotely qualified to give out advice?

Give it a rest already. AVs are proven to fail to protect end users over and over again and by default AV makers are fighting a losing battle, a new attack always gets in the wild first, then it gets blocked by AV vendors with varying success. If the AV uses heavy heuristics it's already pretty much like having a virus on the computer with i/o performance crushed and cpu clogged down on every operation.

Show me an AV that catches all viruses and malware Vulcan. Then let's talk.

Trusting AVs is risky behaviour. It's similar to going around banging HIV patients believing a condom will never fail. Much better way is to proactively protect yourself by staying out of the harms way.

[Vulcan]

Give it a rest already. AVs are proven to fail to protect end users over and over again and by default AV makers are fighting a losing battle, a new attack always gets in the wild first, then it gets blocked by AV vendors with varying success. If the AV uses heavy heuristics it's already pretty much like having a virus on the computer with i/o performance crushed and cpu clogged down on every operation.

Show me an AV that catches all viruses and malware Vulcan. Then let's talk.

Trusting AVs is risky behaviour. It's similar to going around banging HIV patients believing a condom will never fail. Much better way is to proactively protect yourself by staying out of the harms way.

AV don't just use heuristics. They use behavioral protection and other mechanisms (like firewall scanning and buffer overflow protection).

But hey, if you knew what you were talking about you'd know that already. But you don't.

Just because your experience is limited to low capability or incorrectly configured products - don't judge the whole industry on it.

Network security is what I do for a living (enterprise, govt etc). So you're kinda wee'ing into the wind here. Stick to apple fights.

[MrRiplEy[H]]

AV don't just use heuristics. They use behavioral protection and other mechanisms (like firewall scanning and buffer overflow protection).

But hey, if you knew what you were talking about you'd know that already. But you don't.

Just because your experience is limited to low capability or incorrectly configured products - don't judge the whole industry on it.

Network security is what I do for a living (enterprise, govt etc). So you're kinda wee'ing into the wind here. Stick to apple fights.

Hey, SHOW ME AN AV PRODUCT THAT IS 100% PROOF THEN TALK AGAIN!

Despite all your fancy schmanzy the best detection rates are in the 90's not at 100%. That means thousands of slipped KNOWN infections and even more unknown 0-day ones which can't be even tested. Every day literally thousands of new attacks are made for windows platform.

Your technologies won't mean jack because they can't detect everything. If heuristics and behavioural tests would work as you claim, we would safely say that at least known viruses should get detected. Well they don't. End of story.

[Skuzzy]

What firewalls and AV products have you personally tested Ripley?

Just FYI, my firewall, at home, traps any buffer overflow exploit, including the latest one hitting Java.  I tested it to be sure.  Those types of exploits are easy to detect.  Of course, my firewall has been a pet project of mine for many years.

As a side note, it is hard to take you seriously Ripley, your rants borderline on irrational with no substance to back them up.  That is just an observation.