Stupid Java
-
Came in this morning and a Fake Anti-Virus Trojan was running on my computer. I had the IT guy come and see what was up while I went to a meeting. Unfortunately, stupid Symantec didn't catch it until it had already run (did catch it later--thanks alot.) While making sure everything was clean, I ran across the Java Installer logs. Sure enough, that's how the damn thing got in. This is the second time I've seen a trojan/virus come into a system through Java and a coworker said he recenty had the same thing happen. So I removed Java from my system and will never use it again. (Several companies write their damn utilities in Java. Those features and/or products are no longer welcome on any system I use.)
-
Came in this morning and a Fake Anti-Virus Trojan was running on my computer. I had the IT guy come and see what was up while I went to a meeting. Unfortunately, stupid Symantec didn't catch it until it had already run (did catch it later--thanks alot.) While making sure everything was clean, I ran across the Java Installer logs. Sure enough, that's how the damn thing got in. This is the second time I've seen a trojan/virus come into a system through Java and a coworker said he recenty had the same thing happen. So I removed Java from my system and will never use it again. (Several companies write their damn utilities in Java. Those features and/or products are no longer welcome on any system I use.)
Joe Woodbury wrote:
While making sure everything was clean, I ran across the Java Installer logs. Sure enough, that's how the damn thing got in.
How does that work?
-
Joe Woodbury wrote:
While making sure everything was clean, I ran across the Java Installer logs. Sure enough, that's how the damn thing got in.
How does that work?
Have no idea, but Java has a built in installer that has a security hole in it and apparently has for some time. (The date/time stamp on the trojan was identical to the date/time stamp in the Java logs stating that it had installed something. It's the ONLY thing installed yesterday besides the MS patch.)
-
Came in this morning and a Fake Anti-Virus Trojan was running on my computer. I had the IT guy come and see what was up while I went to a meeting. Unfortunately, stupid Symantec didn't catch it until it had already run (did catch it later--thanks alot.) While making sure everything was clean, I ran across the Java Installer logs. Sure enough, that's how the damn thing got in. This is the second time I've seen a trojan/virus come into a system through Java and a coworker said he recenty had the same thing happen. So I removed Java from my system and will never use it again. (Several companies write their damn utilities in Java. Those features and/or products are no longer welcome on any system I use.)
-
Have no idea, but Java has a built in installer that has a security hole in it and apparently has for some time. (The date/time stamp on the trojan was identical to the date/time stamp in the Java logs stating that it had installed something. It's the ONLY thing installed yesterday besides the MS patch.)
But, assuming a properly configured firewall, the download of the trojan must be initiated from your computer. The only way I can see that working is from a dodgy web page that installs a rogue applet, that either is the actual trojan, or downloads it. If that's the case, the problem isn't so much with Java per se, but the Java runtime, which will be written in a proper language. You could always consider switching to a different JRE. I'm with you, though, mainly. I have yet to see a Java program that runs as fast, looks as nice or is as feature-rich as a native platform application. I can see the benefit of using it if you have *lots* of platforms that your code needs to run on (Oracle tools come to mind, for example).
-
Joe Woodbury wrote:
While making sure everything was clean, I ran across the Java Installer logs.
Did you make a note of the location? I'd be interested in checking my system.
It's time for a new signature.
It ended up in <username>\Application Settings\<Random Directory Name> The executable ended in tssd.exe. It may have been installed through an executable called PdfUpd.exe, though that's not clear. We actually found it by using Glary utilities to see what programs were starting.
-
But, assuming a properly configured firewall, the download of the trojan must be initiated from your computer. The only way I can see that working is from a dodgy web page that installs a rogue applet, that either is the actual trojan, or downloads it. If that's the case, the problem isn't so much with Java per se, but the Java runtime, which will be written in a proper language. You could always consider switching to a different JRE. I'm with you, though, mainly. I have yet to see a Java program that runs as fast, looks as nice or is as feature-rich as a native platform application. I can see the benefit of using it if you have *lots* of platforms that your code needs to run on (Oracle tools come to mind, for example).
Our firewall runs Kaspersky and should have caught it. Symantec should have caught it. Neither did. We're trying to figure out the guilty web site. My worry is that one of our customer's sites was hijacked with a zero day attack. Yes, the problem is the JRE, not Java per se. I had an official Sun JRE on there that was used to maintain a proxy server we've since taken out of service and I just left the JRE there thinking it wouldn't be a problem and I might need it. (Surround SCM ships with the GUIFFY compare utility, which uses Java. Turns out it's a horrible program and I've since switch to Beyond Compare.)
-
Came in this morning and a Fake Anti-Virus Trojan was running on my computer. I had the IT guy come and see what was up while I went to a meeting. Unfortunately, stupid Symantec didn't catch it until it had already run (did catch it later--thanks alot.) While making sure everything was clean, I ran across the Java Installer logs. Sure enough, that's how the damn thing got in. This is the second time I've seen a trojan/virus come into a system through Java and a coworker said he recenty had the same thing happen. So I removed Java from my system and will never use it again. (Several companies write their damn utilities in Java. Those features and/or products are no longer welcome on any system I use.)
I mean if a Trojan can sneak through Java installer and that is enough to jump ship perhaps you should change O.S.'s since there are probably more trojan's for your given O.S. than just for Java. Or, maybe, your AV sucks? I suppose you will no longer use any Adobe product, or ie as well. (Of course that probably isn't an issue since only computers you have left likely don't support any consumer software at all)
Need custom software developed? I do custom programming based primarily on MS tools with an emphasis on C# development and consulting. A man said to the universe: "Sir I exist!" "However," replied the universe, "The fact has not created in me A sense of obligation." --Stephen Crane
-
I mean if a Trojan can sneak through Java installer and that is enough to jump ship perhaps you should change O.S.'s since there are probably more trojan's for your given O.S. than just for Java. Or, maybe, your AV sucks? I suppose you will no longer use any Adobe product, or ie as well. (Of course that probably isn't an issue since only computers you have left likely don't support any consumer software at all)
Need custom software developed? I do custom programming based primarily on MS tools with an emphasis on C# development and consulting. A man said to the universe: "Sir I exist!" "However," replied the universe, "The fact has not created in me A sense of obligation." --Stephen Crane
If the only trojans/viruses I've seen on [infected] systems in the last six years have ALL come in through Java, that's a problem and the easiest way to address that problem is to not have Java installed. This isn't a problem since I've used no more than half a dozen Java programs since the language was invented and use none currently. As for AV sucking; Kaspersky and Symantec both failed in this case. Though by this morning's update, Symantec is now catching it (or at least crap it left behind.) That tells me that there's a zero day attack going on since yesterday and I happened to stumble across it. Don't use IE and, ironically, am uninstalling Adobe Creative Suite now since I never use it (and wow, is the Adobe uninstaller slow.) Adobe AIR is next and something called Adobe ExtendScript. (And count me among those who wish Adobe Flash could be deep sixed for eternity, but I use too many sites that require it.)
modified on Thursday, June 24, 2010 1:28 PM
-
If the only trojans/viruses I've seen on [infected] systems in the last six years have ALL come in through Java, that's a problem and the easiest way to address that problem is to not have Java installed. This isn't a problem since I've used no more than half a dozen Java programs since the language was invented and use none currently. As for AV sucking; Kaspersky and Symantec both failed in this case. Though by this morning's update, Symantec is now catching it (or at least crap it left behind.) That tells me that there's a zero day attack going on since yesterday and I happened to stumble across it. Don't use IE and, ironically, am uninstalling Adobe Creative Suite now since I never use it (and wow, is the Adobe uninstaller slow.) Adobe AIR is next and something called Adobe ExtendScript. (And count me among those who wish Adobe Flash could be deep sixed for eternity, but I use too many sites that require it.)
modified on Thursday, June 24, 2010 1:28 PM
-
Came in this morning and a Fake Anti-Virus Trojan was running on my computer. I had the IT guy come and see what was up while I went to a meeting. Unfortunately, stupid Symantec didn't catch it until it had already run (did catch it later--thanks alot.) While making sure everything was clean, I ran across the Java Installer logs. Sure enough, that's how the damn thing got in. This is the second time I've seen a trojan/virus come into a system through Java and a coworker said he recenty had the same thing happen. So I removed Java from my system and will never use it again. (Several companies write their damn utilities in Java. Those features and/or products are no longer welcome on any system I use.)
Good move. I threw it out of my box about a year or so ago and I have no difficulties to speak of.
Workout progress:
Current arm size: 14.4in
Desired arm size: 18in
Next Target: 15.4in by Dec 2010Current training method: HIT
-
Came in this morning and a Fake Anti-Virus Trojan was running on my computer. I had the IT guy come and see what was up while I went to a meeting. Unfortunately, stupid Symantec didn't catch it until it had already run (did catch it later--thanks alot.) While making sure everything was clean, I ran across the Java Installer logs. Sure enough, that's how the damn thing got in. This is the second time I've seen a trojan/virus come into a system through Java and a coworker said he recenty had the same thing happen. So I removed Java from my system and will never use it again. (Several companies write their damn utilities in Java. Those features and/or products are no longer welcome on any system I use.)
From today's newsletter Who Needs Java? Probably Not You[^]
I know the language. I've read a book. - _Madmatt
-
From today's newsletter Who Needs Java? Probably Not You[^]
I know the language. I've read a book. - _Madmatt
You beat me to it. That news item was a little wishy-washy though: on one hand it says "Java is a security threat and you can easily live without it" but on the other it says some apps that may be mission critical (VMWare?) require java, so you may as well install Java just in case. I'd much rather the article just say "Die, Java, Die" so we could have a good, proper religious war about it all.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
You beat me to it. That news item was a little wishy-washy though: on one hand it says "Java is a security threat and you can easily live without it" but on the other it says some apps that may be mission critical (VMWare?) require java, so you may as well install Java just in case. I'd much rather the article just say "Die, Java, Die" so we could have a good, proper religious war about it all.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
Chris Maunder wrote:
You beat me to it.
Still rattled from the quake yesterday? Was the keyboard still moving around? But if Java died what would all of those Oracle users do. ;P
I know the language. I've read a book. - _Madmatt
-
You beat me to it. That news item was a little wishy-washy though: on one hand it says "Java is a security threat and you can easily live without it" but on the other it says some apps that may be mission critical (VMWare?) require java, so you may as well install Java just in case. I'd much rather the article just say "Die, Java, Die" so we could have a good, proper religious war about it all.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
Chris Maunder wrote:
mission critical (VMWare?) require java
Does it mean that Micahel Dunn is writing Java Code. :omg:
-
From today's newsletter Who Needs Java? Probably Not You[^]
I know the language. I've read a book. - _Madmatt
Yep, I make sure to keep JRE out of my home machine. The same rule generally applied to .NET runtime before it started coming with Windows (maybe it is possible to remove it even now, but I am too lazy to check :) )
-
Our firewall runs Kaspersky and should have caught it. Symantec should have caught it. Neither did. We're trying to figure out the guilty web site. My worry is that one of our customer's sites was hijacked with a zero day attack. Yes, the problem is the JRE, not Java per se. I had an official Sun JRE on there that was used to maintain a proxy server we've since taken out of service and I just left the JRE there thinking it wouldn't be a problem and I might need it. (Surround SCM ships with the GUIFFY compare utility, which uses Java. Turns out it's a horrible program and I've since switch to Beyond Compare.)
Traditional signature based virus scanners are at a real disadvantage these days. The good exploit writers use virus generation applications that replace the binaries every few hours to stay ahead of the signatures. By the time the scanner can detect the binary, they are probably already onto the next binary.
I can imagine the sinking feeling one would have after ordering my book, only to find a laughably ridiculous theory with demented logic once the book arrives - Mark McCutcheon
-
You beat me to it. That news item was a little wishy-washy though: on one hand it says "Java is a security threat and you can easily live without it" but on the other it says some apps that may be mission critical (VMWare?) require java, so you may as well install Java just in case. I'd much rather the article just say "Die, Java, Die" so we could have a good, proper religious war about it all.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
VMWare does *not* require Java. Open Office does though which is the only "big" app I can think of that does that even remotely is on my radar.
Yesterday they said today was tomorrow but today they know better. - Poul Anderson
Not having used VMWare lately I was merely quoting the article: "In batting the idea around, Alex Williams, our enterprise editor, noted that a large number of enterprise solutions still rely on Java. Vmware, for example, is introducing platforms[^] to work with both Salesforce and Google that depend on Java to operate"
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
Yep, I make sure to keep JRE out of my home machine. The same rule generally applied to .NET runtime before it started coming with Windows (maybe it is possible to remove it even now, but I am too lazy to check :) )