Aces High Bulletin Board
General Forums => The O' Club => Topic started by: ghi on January 11, 2013, 05:27:42 PM
-
I don't know what to believe, didn't have problems, but i disabled my Java software; :headscratch:
http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/
-
I don't know about that.
But I deleted Java, and haven't let it back, only because it kept bugging me with popups about updates all the time. I've gotten along just fine without it, some websites (like when I log in to my student account with the local community college) pop up and warm me that they won't work properly without Java... and yet they always seem to works just fine.
-
I use firefox with noscrip add on.
midway
-
I use firefox with noscrip add on.
midway
Nice, you've disabled Javascript. How about the Java Virtual Machine?
-
Nice, you've disabled Javascript. How about the Java Virtual Machine?
Next Question will be: theres a difference?
-
Nice, you've disabled Javascript. How about the Java Virtual Machine?
sandboxie?
midway
-
The problem with Java is that it gets installed everywhere, is rarely needed, and is chock full of security bugs. People forget to keep it updated. It's a favorite of exploit kits.
If you have to use it, install it for only one browser and use another for your everyday web surfing. Use the Java browser only when you have to have Java.
-
Nice, you've disabled Javascript. How about the Java Virtual Machine?
No website will be able to start any javascript or java when noscript is running.
-
I don't know about that.
But I deleted Java, and haven't let it back, only because it kept bugging me with popups about updates all the time. I've gotten along just fine without it, some websites (like when I log in to my student account with the local community college) pop up and warm me that they won't work properly without Java... and yet they always seem to works just fine.
f you frequent a site where java is used
You can set java to not autoupdate or check for updates
-
No website will be able to start any javascript or java when noscript is running.
there were a couple of sites I used to go to thlt used Java. you can se up noscript to only run on the sites you want it to either temporarily or whenever you visit a specific site and not run on any others.
but you are correct. Barring that. Noscript will prevent java from running on sights
-
Here is the link from Oracle
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
-
So is this something I'd be better off deleting or updating?
-
I have uninstalled Java from my PC and have no intentions of re-installing it.
-
Meh firewall and desktop AV have it sorted.
-
Meh firewall and desktop AV have it sorted.
I have ESET Smart Security 5, but I haven't had Java installed on this PC for about a year now.
-
Meh firewall and desktop AV have it sorted.
No they don't. Firewall does nothing to this exploit as it uses the regular HTTP port 80 which you have enabled and desktop AV will not catch the malware because it causes a buffer overload and executes code completely out of control of anything that runs on the OS, including the desktop AV.
-
Doesn't things like Intel's Execute Disable and Microsoft's DEP help with buffer overflow attacks?
-
Oracle has a patch out. Update your Java clients.
-
No they don't. Firewall does nothing to this exploit as it uses the regular HTTP port 80 which you have enabled and desktop AV will not catch the malware because it causes a buffer overload and executes code completely out of control of anything that runs on the OS, including the desktop AV.
Really? Dude. Seriously? Do you even think before you type?
First of all my firewall inspects all traffic contents. It identifies malware, intrusions, and applications. Here is the link to the protection that applies to this exploit: https://www.mysonicwall.com/SonicAlert/index.asp?ev=article&id=515 . This is common across many brands of firewalls (SonicWALL, Juniper, PA, Fortinet, etc).
Secondly buffer overflow protection has been a common component of AV for many many many years. Have a look at what Sophos do (it's common across all good AV apps): http://www.sophos.com/en-us/why-sophos/innovative-technology/hips/layers-of-detection.aspx
-
Really? Dude. Seriously? Do you even think before you type?
First of all my firewall inspects all traffic contents. It identifies malware, intrusions, and applications. Here is the link to the protection that applies to this exploit: https://www.mysonicwall.com/SonicAlert/index.asp?ev=article&id=515 . This is common across many brands of firewalls (SonicWALL, Juniper, PA, Fortinet, etc).
Secondly buffer overflow protection has been a common component of AV for many many many years. Have a look at what Sophos do (it's common across all good AV apps): http://www.sophos.com/en-us/why-sophos/innovative-technology/hips/layers-of-detection.aspx
No AV is going to protect you and you're simply a fool if you think they do :) I've seen hundreds of infected workstations which ran AVs and were behind firewalls. Not to even mention that Sophos and the likes are already like having a bad malware running on the computer, they lag it down.
-
No AV is going to protect you and you're simply a fool if you think they do :) I've seen hundreds of infected workstations which ran AVs and were behind firewalls. Not to even mention that Sophos and the likes are already like having a bad malware running on the computer, they lag it down.
Sorry I'm happy with mine, I don't think I'll take advice from someone who's clueless about how modern firewalls or AV works.
-
vulcan the only way a firewall is 100% proof is if you unplug your connection from the firewall. either that or steal skuzzies set up :D.
midway
-
Sorry I'm happy with mine, I don't think I'll take advice from someone who's clueless about how modern firewalls or AV works.
Famous last words. The best of AVs can get a detection rate of 95-98% of known viruses. That leaves tens of thousands _known_ viruses which get past detection and this does not include 0-day exploits.
Trusting AVs and firewalls is the dumbest mistake anyone can make.
-
Famous last words. The best of AVs can get a detection rate of 95-98% of known viruses. That leaves tens of thousands _known_ viruses which get past detection and this does not include 0-day exploits.
Trusting AVs and firewalls is the dumbest mistake anyone can make.
You do realize a high quality AV program does not have to depend on virus signatures, but can also use attack vectors to detect an intrusion? There are far fewer attack vectors than there are viruses. Good AV software will catch new viruses using common attack vectors, such as buffer overflows, which happen to be the oldest attack vector there is.
That said, I have always had Java disabled. There are legal things that can be done using Java nothing will catch as being a bad thing, even though it is. It is not worth the risk to me.
-
You do realize a high quality AV program does not have to depend on virus signatures, but can also use attack vectors to detect an intrusion? There are far fewer attack vectors than there are viruses. Good AV software will catch new viruses using common attack vectors, such as buffer overflows, which happen to be the oldest attack vector there is.
That said, I have always had Java disabled. There are legal things that can be done using Java nothing will catch as being a bad thing, even though it is. It is not worth the risk to me.
Yes I do realize and despite all the fancy computer clogging heuristics they still fail to detect even the known viruses. So simply put AVs will never protect anyone, unless you're lucky enough to hit something that it happens to catch. I've seen so many cases of AV:s getting totally owned by malware and viruses that I've lost any faith in them.
-
Trusting AVs and firewalls is the dumbest mistake anyone can make.
given you seem to have close to zero understanding on how firewall and AV work do you really think you're even remotely qualified to give out advice?
-
given you seem to have close to zero understanding on how firewall and AV work do you really think you're even remotely qualified to give out advice?
Give it a rest already. AVs are proven to fail to protect end users over and over again and by default AV makers are fighting a losing battle, a new attack always gets in the wild first, then it gets blocked by AV vendors with varying success. If the AV uses heavy heuristics it's already pretty much like having a virus on the computer with i/o performance crushed and cpu clogged down on every operation.
Show me an AV that catches all viruses and malware Vulcan. Then let's talk.
Trusting AVs is risky behaviour. It's similar to going around banging HIV patients believing a condom will never fail. Much better way is to proactively protect yourself by staying out of the harms way.
-
Give it a rest already. AVs are proven to fail to protect end users over and over again and by default AV makers are fighting a losing battle, a new attack always gets in the wild first, then it gets blocked by AV vendors with varying success. If the AV uses heavy heuristics it's already pretty much like having a virus on the computer with i/o performance crushed and cpu clogged down on every operation.
Show me an AV that catches all viruses and malware Vulcan. Then let's talk.
Trusting AVs is risky behaviour. It's similar to going around banging HIV patients believing a condom will never fail. Much better way is to proactively protect yourself by staying out of the harms way.
AV don't just use heuristics. They use behavioral protection and other mechanisms (like firewall scanning and buffer overflow protection).
But hey, if you knew what you were talking about you'd know that already. But you don't.
Just because your experience is limited to low capability or incorrectly configured products - don't judge the whole industry on it.
Network security is what I do for a living (enterprise, govt etc). So you're kinda wee'ing into the wind here. Stick to apple fights.
-
AV don't just use heuristics. They use behavioral protection and other mechanisms (like firewall scanning and buffer overflow protection).
But hey, if you knew what you were talking about you'd know that already. But you don't.
Just because your experience is limited to low capability or incorrectly configured products - don't judge the whole industry on it.
Network security is what I do for a living (enterprise, govt etc). So you're kinda wee'ing into the wind here. Stick to apple fights.
Hey, SHOW ME AN AV PRODUCT THAT IS 100% PROOF THEN TALK AGAIN!
Despite all your fancy schmanzy the best detection rates are in the 90's not at 100%. That means thousands of slipped KNOWN infections and even more unknown 0-day ones which can't be even tested. Every day literally thousands of new attacks are made for windows platform.
Your technologies won't mean jack because they can't detect everything. If heuristics and behavioural tests would work as you claim, we would safely say that at least known viruses should get detected. Well they don't. End of story.
-
What firewalls and AV products have you personally tested Ripley?
Just FYI, my firewall, at home, traps any buffer overflow exploit, including the latest one hitting Java. I tested it to be sure. Those types of exploits are easy to detect. Of course, my firewall has been a pet project of mine for many years.
As a side note, it is hard to take you seriously Ripley, your rants borderline on irrational with no substance to back them up. That is just an observation.
-
What firewalls and AV products have you personally tested Ripley?
Just FYI, my firewall, at home, traps any buffer overflow exploit, including the latest one hitting Java. I tested it to be sure. Those types of exploits are easy to detect. Of course, my firewall has been a pet project of mine for many years.
As a side note, it is hard to take you seriously Ripley, your rants borderline on irrational with no substance to back them up. That is just an observation.
I don't need to test them. There are several sources for statistics.
For example: www.av-comparatives.org
Everything I've said is a pure and simple fact. Nothing irrational about it.
-
I don't need to test them. There are several sources for statistics.
For example: www.av-comparatives.org
Everything I've said is a pure and simple fact. Nothing irrational about it.
Sorry, I cannot view that WEB site as it depends on Java and javascript to work. For me, that kind of puts a hole in their credibility.
So, your opinion is based off of what you read on other sites. How do you know those sites are accurate or have any credibility at all?
-
Sorry, I cannot view that WEB site as it depends on Java and javascript to work. For me, that kind of puts a hole in their credibility.
So, your opinion is based off of what you read on other sites. How do you know those sites are accurate or have any credibility at all?
That site works just fine with javascript and java blocked. You just lose a couple of UI features. Links are direct linked and in PDF form.
How do you know anything you see is accurate, from any source? By default everything you see and experience is a false image created by your brain. Are you saying now that, by stating your expert opinnion, you have done an exhaustive testing on all major AV products using the lock&key secret dataset of all registered virus signatures? LOL gimme a break. With all due respect how can you talk about credibility after that?
Feel free to show me proof of a single AV that has a 100% detection rate, which would effectively mean it actually protects the end user.
With all statistics pointing to the best of AVs having 98-99,6% detection rates that leaves 10 200 known signatures that are missed by the best of the AV:s despite heuristics and analytics and the fact that a KNOWN signature is available for the threats (Norton has 17+ million signatures for example). Naturally one can deduct that the failure rate is much higher on the cases where a known signature is not available (Stuxnet, anyone?). High persistent rate of infected computers also speaks to my favor as most of the infected computers are running the false promise of an AV at the time of the infection. The attackers are just ahead of the game and take over the computer.
100% of the computers I've seen infected with a malware or a virus have been running an antivirus at the time of the infection and sometimes even after the infection, oblivious to the fact of being infected :) We have such cases even here in AH community judging from the posts of people asking for help.
-
Av has 98% chance to keep you safe correct?
-
Ripley, I never made any claims that any AV could catch 100% of the viruses. They can't. Quite impossible. I also never claimed to be an expert. I asked pertinent questions to help make an informed decision. Yes, I checked my firewall using a few testing services to validate its operation.
I can state that the particular exploit being discussed in this thread can be caught 100% of the time, with the correct tools. Not only that, but it can be caught with zero impact on the client system. My system catches it. I already tested it. I did not have to make any changes to my system configuration, for it to be caught.
Consumer grade AV software sucks. That is a know quantity. 100% of the computers I have seen infected with malware were due to poor user practices, and/or poor configurations. Usually due to someone being fooled into thinking they are protected because they are running some consumer grade AV software.
I do not run any AV software on any of my personal computers. I never will. I also will never have to deal with a virus or malware. Ta-da. I do not need to talk about how much any AV will stop. I do not care.
The point about the remote site you linked is they do not know enough to build a site which does not need to use Java and/or javascript, so I chose to put them into the "questionable" category. It is one of the practices I employ to protect my computers.
I also do not trust anything I read on the Internet. I make my own assessment. You do not have to trust me, but then again, how do you know I am not more credible than those other guys (rhetorical question)? You can't.
-
I don't need to test them. There are several sources for statistics.
For example: www.av-comparatives.org
Everything I've said is a pure and simple fact. Nothing irrational about it.
av-comparitives do not test behavioral aspects of AV. In fact I've never seen them test some of the enterprise products - EVER.
Between signatures, heuristics, behavioral, and a decent firewall it is possible to achieve 100% protection. I have one client who has >500 of the worst users you've ever seen - they haven't had an outbreak in around 10 years. Their users typically introduce all sorts of nasties (they're teachers). Around 10 years ago I upgraded their firewall and configured their AV correctly.
And this is not an uncommon experience for people I deal with.
-
Is it fair to say those type of clients are running something more than a consumer grade AV product?
-
Is it fair to say those type of clients are running something more than a consumer grade AV product?
The enterprise level protection is only partly achieved by AV and firewalls. It includes locking down the user privileges to a point where the user can barely do his work and sometimes not even that - infuriating users typically and making them hate their workstations. At least that's the image I've got from all the clients whose companies enforce tight rules. But when the user can't do much anything on his computer he stays safe - which is proactive safety I was talking about. If the company has restricted available sites through firewalls and content filtering and locked down group policies so that the user can only start a selected bunch of applications and nothing more, chances are they're not going to get infected unless it's a conficker like USB spread virus.
PS: The organization of my link probably didn't make the website themselves. They may concentrate on AV product testing and not web page developing. The reason I brought it up is because they're a nonprofit and arguably unbiased source for test data - naturally many other sites show similar comparisons.
-
The enterprise level protection is only partly achieved by AV and firewalls. It includes locking down the user privileges to a point where the user can barely do his work and sometimes not even that - infuriating users typically and making them hate their workstations.
Not true. In the example I have above the teachers have local admin rights. In fact that's fairly common across a lot of organisations. We get a truckload of nasties coming in all the time on USB sticks and drives - and they are dealt with.
It's also worth noting that an important goal in security is that users can get what they want (within reason). We don't want to give them any motivation to attempt to bypass any solutions we put in place (not that they can :) ).
And Skuzzy, yes and no. Yes it is enterprise product, but it is available down to consumer level. The firewalls (Sonicwall, Fortinet, Astaro etc) all have low end versions which offer the same capabilities (albeit slower throughput for SOHO/home) and some AV products do not differentiate between home and enterprise functionality (other than the enterprise version usually being managed).
-
No website will be able to start any javascript or java when noscript is running.
I am sure you realize web browsers are not the only means for Java use, many applications use Java as well, Oracle Open Office , minecraft - online game, runescape - online game, Android phones, etc .....Have read that many Bank server side applications use Java (very scary here).
Cross platform functionality seems to be the hackers target these days.
HL
-
Ohhhhhhhhhhhhhhhhhhhh Skuzzy...
Some Mac users were taken by surprise as their computers stopped running programs written using the Java programming language after Apple blocked Java due to security problems.
Java allows programmers to write a wide variety of internet applications and other software programs and run them on most computers, including Apple's Mac. However, earlier this month the US Department of Homeland Security recommended disabling Java in Web browsers to avoid potential hacking attacks.
Don't you love how apple can disable your desktop apps at will (and 3 weeks late to the exploit :devil ).
-
Ohhhhhhhhhhhhhhhhhhhh Skuzzy...
Don't you love how apple can disable your desktop apps at will (and 3 weeks late to the exploit :devil ).
And Firefox, and Google Chrome. . . at the very least.
-
Not true. In the example I have above the teachers have local admin rights. In fact that's fairly common across a lot of organisations. We get a truckload of nasties coming in all the time on USB sticks and drives - and they are dealt with.
It's also worth noting that an important goal in security is that users can get what they want (within reason). We don't want to give them any motivation to attempt to bypass any solutions we put in place (not that they can :) ).
And Skuzzy, yes and no. Yes it is enterprise product, but it is available down to consumer level. The firewalls (Sonicwall, Fortinet, Astaro etc) all have low end versions which offer the same capabilities (albeit slower throughput for SOHO/home) and some AV products do not differentiate between home and enterprise functionality (other than the enterprise version usually being managed).
You mean you catch 98-99% of the nasties while the rest slip through. You probably haven't hit that leftover 1% yet or just won't admit it :) There is no such thing as a 100% proof antivirus made to date. Or why do you think they always seem to fail on detection tests even when they use a database of previously known attacks?
It's also quite funny how you're so protective about your super antivirus like you're afraid someone will pop up a testing statistic proving your claims wrong. You mentioned it's available for consumer use - how come it's not included in the AV benchmarks? Which product are you talking about?
-
Ohhhhhhhhhhhhhhhhhhhh Skuzzy...
Don't you love how apple can disable your desktop apps at will (and 3 weeks late to the exploit :devil ).
Funny no desktop apps were disabled on my Macs. You sound like a child that's excited to tell stories from the big boys. All Apple did was force users to start getting updates directly from Oracle to speed up the patching.
HL117: That doesn't really matter. The attacker can't get through as long as the browser blocks the malicious code unless the user does something stupid such as running files from unknown sources. The whole issue with java/browser is that the attacker can initiate the attack without the browser users knowledge or consent. And what goes for java apps and internet banking - I would switch banks in a heartbeat if my bank started to use Java for 'security' :D We do have one Danish bank down here that does so but it's an exception to the rule.
-
Ohhhhhhhhhhhhhhhhhhhh Skuzzy...
Don't you love how apple can disable your desktop apps at will (and 3 weeks late to the exploit :devil ).
Yeah, Microsoft can do the same thing with Windows 8. It's all the rage.
-
Yeah, Microsoft can do the same thing with Windows 8. It's all the rage.
Are you talking about applocker? I believe that's a bit different - as in policies are set by domain membership - so it's not M$ sending out the blocks it's your company. Big difference to what apple are doing.
-
Are you talking about applocker? I believe that's a bit different - as in policies are set by domain membership - so it's not M$ sending out the blocks it's your company. Big difference to what apple are doing.
No he's talking about Metro apps and the change to the EULA which permits MS to remove software from the computer when necessary. Doomsday people see this as a huge red flag but IMO this is only a necessity for the built in windows defender to be able to do its job and to keep Metro apps secured. They need to be able to pull a compromised Metro app away if malware slips past the content checks - just as Apple does.
-
As long as it doesn't affect my arena latency.
Once that is affected, it's time to track down the perps, Jay and Silent Bob style.