Reviews:
 ·AT&T Southwest
| reply to Mike
Re: [Security] Mac Security: New Java Driveby Appears, Protect Y I'm surprised that PS would require Java, too.
One of the big differences is that Java has two places. One is for the web and one is for applications. Most people don't use Java for the web anymore (such as in applets) while Java is heavily used in programming applications, including those used to generate web pages.
This particular problem arrives through the web browser so the browser must have the Java plugin and obtain the infected page/picture/(I forgot what) and allow it to execute. If the browser does not have the Java plugin then this infection has no way of getting onto your system.
This is not a problem if your browser has Java disabled or uninstalled even if you use Java on your computer. |
|
Reviews:
·AT&T Southwest
| Furthermore, this is not a problem with *nix or Macs. Java is considered a trusted installed program that is given a lot of permissions to run on the system. If that trusted programming environment gets compromised, as in this case, then the infecting program may have the same access that Java has.
In another thread I dispute whether such a thing can still happen but I don't feel like taking the time to think it through. People bring up a lot of "what ifs" and "yeah buts" and things that require adjusting rabbit ear antennas to make me think any of this is possible on a Unix machine which is what OSX is. |
|
|
|
jram
join:2003-08-06
Albany, NY | Java is considered a trusted installed program that is given a lot of permissions to run on the system. If that trusted programming environment gets compromised, as in this case, then the infecting program may have the same access that Java has.
Java does have permission to run on the system, but anything that is going to change the system you have to put a password in. |
|
 JohnInSJPremium
join:2003-09-22
San Jose, CA
 ·PHONE POWER
 ·Comcast
| reply to Mike
said by Mike:Something like Photoshop now requires Java. So some people are SOL.
That still doesn't mean you need Java in your browser.
--
My place : »www.schettino.us |
|
| reply to howardfine
It's called... "Social Engineering" |
|
| reply to JohnInSJ
Really?
Try this: Disable Java and Javascript in Safari, then try and navigate to MacUpdate daily update page. It is totally blank! But as soon as Java is enabled, the page shows up properly.
Guess I for one am stuck with Java until something better comes along.
--
Rogers (Ericcson) Rocket Hub, Apple Intel iMac, OSX 10.6 |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| said by The Geezer:Really?
Try this: Disable Java and Javascript in Safari, then try and navigate to MacUpdate daily update page. It is totally blank! But as soon as Java is enabled, the page shows up properly.
You just need javascript, not java for macupdate. Like most everything on the web. This is a java exploit.
--
My place : »www.schettino.us |
|
 skeechanAi OtsukaholicPremium
join:2012-01-26
AA169|170
kudos:2 | reply to The Geezer
Remember that Java and javascript are two completely separate things. |
|
skeechanAi OtsukaholicPremium
join:2012-01-26
AA169|170
kudos:2 | LOL
»www.macworld.com/article/1168382···rss_main |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA | Yeah they made it worse. |
|
| reply to JohnInSJ
Mark it down to early-set Alzheimers! I actually knew that...a year or two ago.
--
Rogers (Ericcson) Rocket Hub, Apple Intel iMac, OSX 10.6 |
|
 J E F FWhatta Ya Think About Dat?Premium
join:2004-04-01
Kitchener, ON
kudos:1
 ·Rogers Portable ..
·WIND Mobile
·Rogers Hi-Speed
·magicjack.com
| reply to Mike
said by Mike:Java is awful.
Film at 11.
News flash:
The American Dental Association announced today that most plaque tends to form on teeth around 4:00 p.m. Film at 11:00.
BAAAAAA....bad pun...sorry.
--
If you can't explain it simply, you don't understand it well enough. - Albert Einstein |
|
 TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx
·Optimum Online
·Clearwire Wireless
1 edit | reply to daveinpoway
Well, I have had Java disabled globally and in my browsers from day one here, but it is installed on my systems. Going to this site: Is your Java exploitable? returns the warning above.
Since Java is detectable even if disabled globally and in Safari, I am wondering whether it's wise to completely uninstall it. If it is detectable, it could be like honey to the fly, attracting unwanted attention.
Thoughts?
Bob
--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."
"People should not be afraid of their governments. Governments should be afraid of their people"
|
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| said by TamaraB:Well, I have had Java disabled globally and in my browsers from day one here, but it is installed on my systems. Going to this site: Is your Java exploitable? returns the warning above.
Since Java is detectable even if disabled globally and in Safari, I am wondering whether it's wise to completely uninstall it. If it is detectable, it could be like honey to the fly, attracting unwanted attention.
Thoughts?
Bob
quote:
Is your Java exploitable?
You'll need to enable Javascript for us to detect your Java version.
Yeah... noscript. It's what's for breakfast 
--
My place : »www.schettino.us |
|
