Homeland Security warns to disable Java

[MrRiplEy[H]]

What firewalls and AV products have you personally tested Ripley?

Just FYI, my firewall, at home, traps any buffer overflow exploit, including the latest one hitting Java.  I tested it to be sure.  Those types of exploits are easy to detect.  Of course, my firewall has been a pet project of mine for many years.

As a side note, it is hard to take you seriously Ripley, your rants borderline on irrational with no substance to back them up.  That is just an observation.

I don't need to test them. There are several sources for statistics.

For example: www.av-comparatives.org

Everything I've said is a pure and simple fact. Nothing irrational about it.

[Skuzzy]

I don't need to test them. There are several sources for statistics.

For example: www.av-comparatives.org

Everything I've said is a pure and simple fact. Nothing irrational about it.

Sorry, I cannot view that WEB site as it depends on Java and javascript to work.  For me, that kind of puts a hole in their credibility.

So, your opinion is based off of what you read on other sites.  How do you know those sites are accurate or have any credibility at all?

[MrRiplEy[H]]

Sorry, I cannot view that WEB site as it depends on Java and javascript to work.  For me, that kind of puts a hole in their credibility.

So, your opinion is based off of what you read on other sites.  How do you know those sites are accurate or have any credibility at all?

That site works just fine with javascript and java blocked. You just lose a couple of UI features. Links are direct linked and in PDF form.

How do you know anything you see is accurate, from any source? By default everything you see and experience is a false image created by your brain. Are you saying now that, by stating your expert opinnion, you have done an exhaustive testing on all major AV products using the lock&key secret dataset of all registered virus signatures? LOL gimme a break. With all due respect how can you talk about credibility after that?

Feel free to show me proof of a single AV that has a 100% detection rate, which would effectively mean it actually protects the end user.

With all statistics pointing to the best of AVs having 98-99,6% detection rates that leaves 10 200 known signatures that are missed by the best of the AV:s despite heuristics and analytics and the fact that a KNOWN signature is available for the threats (Norton has 17+ million signatures for example). Naturally one can deduct that the failure rate is much higher on the cases where a known signature is not available (Stuxnet, anyone?). High persistent rate of infected computers also speaks to my favor as most of the infected computers are running the false promise of an AV at the time of the infection. The attackers are just ahead of the game and take over the computer.

100% of the computers I've seen infected with a malware or a virus have been running an antivirus at the time of the infection and sometimes even after the infection, oblivious to the fact of being infected We have such cases even here in AH community judging from the posts of people asking for help.

[ACE]

Av has 98% chance to keep you safe correct? 

[Skuzzy]

Ripley, I never made any claims that any AV could catch 100% of the viruses.  They can't.  Quite impossible.  I also never claimed to be an expert.  I asked pertinent questions to help make an informed decision.  Yes, I checked my firewall using a few testing services to validate its operation.

I can state that the particular exploit being discussed in this thread can be caught 100% of the time, with the correct tools.  Not only that, but it can be caught with zero impact on the client system.  My system catches it.  I already tested it.  I did not have to make any changes to my system configuration, for it to be caught.

Consumer grade AV software sucks.  That is a know quantity.  100% of the computers I have seen infected with malware were due to poor user practices, and/or poor configurations.  Usually due to someone being fooled into thinking they are protected because they are running some consumer grade AV software.

I do not run any AV software on any of my personal computers.  I never will.  I also will never have to deal with a virus or malware.  Ta-da.  I do not need to talk about how much any AV will stop.  I do not care.


The point about the remote site you linked is they do not know enough to build a site which does not need to use Java and/or javascript, so I chose to put them into the "questionable" category.  It is one of the practices I employ to protect my computers.

I also do not trust anything I read on the Internet.  I make my own assessment.  You do not have to trust me, but then again, how do you know I am not more credible than those other guys (rhetorical question)?  You can't.

[Vulcan]

I don't need to test them. There are several sources for statistics.

For example: www.av-comparatives.org

Everything I've said is a pure and simple fact. Nothing irrational about it.

av-comparitives do not test behavioral aspects of AV. In fact I've never seen them test some of the enterprise products - EVER.

Between signatures, heuristics, behavioral, and a decent firewall it is possible to achieve 100% protection. I have one client who has >500 of the worst users you've ever seen - they haven't had an outbreak in around 10 years. Their users typically introduce all sorts of nasties (they're teachers). Around 10 years ago I upgraded their firewall and configured their AV correctly.

And this is not an uncommon experience for people I deal with.

[Skuzzy]

Is it fair to say those type of clients are running something more than a consumer grade AV product?

[MrRiplEy[H]]

Is it fair to say those type of clients are running something more than a consumer grade AV product?

The enterprise level protection is only partly achieved by AV and firewalls. It includes locking down the user privileges to a point where the user can barely do his work and sometimes not even that - infuriating users typically and making them hate their workstations. At least that's the image I've got from all the clients whose companies enforce tight rules. But when the user can't do much anything on his computer he stays safe - which is proactive safety I was talking about. If the company has restricted available sites through firewalls and content filtering and locked down group policies so that the user can only start a selected bunch of applications and nothing more, chances are they're not going to get infected unless it's a conficker like USB spread virus.

PS: The organization of my link probably didn't make the website themselves. They may concentrate on AV product testing and not web page developing. The reason I brought it up is because they're a nonprofit and arguably unbiased source for test data - naturally many other sites show similar comparisons.

[Vulcan]

The enterprise level protection is only partly achieved by AV and firewalls. It includes locking down the user privileges to a point where the user can barely do his work and sometimes not even that - infuriating users typically and making them hate their workstations.

Not true. In the example I have above the teachers have local admin rights. In fact that's fairly common across a lot of organisations. We get a truckload of nasties coming in all the time on USB sticks and drives - and they are dealt with.

It's also worth noting that an important goal in security is that users can get what they want (within reason). We don't want to give them any motivation to attempt to bypass any solutions we put in place (not that they can  ).

And Skuzzy, yes and no. Yes it is enterprise product, but it is available down to consumer level. The firewalls (Sonicwall, Fortinet, Astaro etc) all have low end versions which offer the same capabilities (albeit slower throughput for SOHO/home) and some AV products do not differentiate between home and enterprise functionality (other than the enterprise version usually being managed).

[HL117]

No website will be able to start any javascript or java when noscript is running.

I am sure you realize web browsers are not the only means for Java use, many applications use Java as well, Oracle Open Office , minecraft - online game, runescape - online game, Android phones, etc .....Have read that many Bank server side applications use Java (very scary here).

Cross platform functionality seems to be the hackers target these days.


HL

[Vulcan]

Ohhhhhhhhhhhhhhhhhhhh Skuzzy...

Some Mac users were taken by surprise as their computers stopped running programs written using the Java programming language after Apple blocked Java due to security problems.

Java allows programmers to write a wide variety of internet applications and other software programs and run them on most computers, including Apple's Mac. However, earlier this month the US Department of Homeland Security recommended disabling Java in Web browsers to avoid potential hacking attacks.

Don't you love how apple can disable your desktop apps at will (and 3 weeks late to the exploit    ).

[Chalenge]

Ohhhhhhhhhhhhhhhhhhhh Skuzzy...

Don't you love how apple can disable your desktop apps at will (and 3 weeks late to the exploit    ).

And Firefox, and Google Chrome. . . at the very least.

[MrRiplEy[H]]

Not true. In the example I have above the teachers have local admin rights. In fact that's fairly common across a lot of organisations. We get a truckload of nasties coming in all the time on USB sticks and drives - and they are dealt with.

It's also worth noting that an important goal in security is that users can get what they want (within reason). We don't want to give them any motivation to attempt to bypass any solutions we put in place (not that they can  ).

And Skuzzy, yes and no. Yes it is enterprise product, but it is available down to consumer level. The firewalls (Sonicwall, Fortinet, Astaro etc) all have low end versions which offer the same capabilities (albeit slower throughput for SOHO/home) and some AV products do not differentiate between home and enterprise functionality (other than the enterprise version usually being managed).

You mean you catch 98-99% of the nasties while the rest slip through. You probably haven't hit that leftover 1% yet or just won't admit it There is no such thing as a 100% proof antivirus made to date. Or why do you think they always seem to fail on detection tests even when they use a database of previously known attacks?

It's also quite funny how you're so protective about your super antivirus like you're afraid someone will pop up a testing statistic proving your claims wrong. You mentioned it's available for consumer use - how come it's not included in the AV benchmarks? Which product are you talking about?

[MrRiplEy[H]]

Ohhhhhhhhhhhhhhhhhhhh Skuzzy...

Don't you love how apple can disable your desktop apps at will (and 3 weeks late to the exploit    ).

Funny no desktop apps were disabled on my Macs. You sound like a child that's excited to tell stories from the big boys. All Apple did was force users to start getting updates directly from Oracle to speed up the patching.

HL117: That doesn't really matter. The attacker can't get through as long as the browser blocks the malicious code unless the user does something stupid such as running files from unknown sources. The whole issue with java/browser is that the attacker can initiate the attack without the browser users knowledge or consent. And what goes for java apps and internet banking - I would switch banks in a heartbeat if my bank started to use Java for 'security' We do have one Danish bank down here that does so but it's an exception to the rule.

[Skuzzy]

Ohhhhhhhhhhhhhhhhhhhh Skuzzy...

Don't you love how apple can disable your desktop apps at will (and 3 weeks late to the exploit    ).

Yeah, Microsoft can do the same thing with Windows 8.  It's all the rage.