dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1197
share rss forum feed


howardfine

join:2002-08-09
Saint Louis, MO
Reviews:
·AT&T Southwest
reply to Mike

Re: [Security] Mac Security: New Java Driveby Appears, Protect Y

I'm surprised that PS would require Java, too.

One of the big differences is that Java has two places. One is for the web and one is for applications. Most people don't use Java for the web anymore (such as in applets) while Java is heavily used in programming applications, including those used to generate web pages.

This particular problem arrives through the web browser so the browser must have the Java plugin and obtain the infected page/picture/(I forgot what) and allow it to execute. If the browser does not have the Java plugin then this infection has no way of getting onto your system.

This is not a problem if your browser has Java disabled or uninstalled even if you use Java on your computer.


howardfine

join:2002-08-09
Saint Louis, MO
Reviews:
·AT&T Southwest
Furthermore, this is not a problem with *nix or Macs. Java is considered a trusted installed program that is given a lot of permissions to run on the system. If that trusted programming environment gets compromised, as in this case, then the infecting program may have the same access that Java has.

In another thread I dispute whether such a thing can still happen but I don't feel like taking the time to think it through. People bring up a lot of "what ifs" and "yeah buts" and things that require adjusting rabbit ear antennas to make me think any of this is possible on a Unix machine which is what OSX is.

jram

join:2003-08-06
Albany, NY
Java is considered a trusted installed program that is given a lot of permissions to run on the system. If that trusted programming environment gets compromised, as in this case, then the infecting program may have the same access that Java has.

Java does have permission to run on the system, but anything that is going to change the system you have to put a password in.


JohnInSJ
Premium
join:2003-09-22
Aptos, CA
reply to Mike
said by Mike:

Something like Photoshop now requires Java. So some people are SOL.

That still doesn't mean you need Java in your browser.
--
My place : »www.schettino.us


kjuh2d

@rr.com
reply to howardfine
It's called... "Social Engineering"


The Geezer
Premium
join:2004-12-28
43.3Á
reply to JohnInSJ
Really?

Try this: Disable Java and Javascript in Safari, then try and navigate to MacUpdate daily update page. It is totally blank! But as soon as Java is enabled, the page shows up properly.

Guess I for one am stuck with Java until something better comes along.
--
Rogers (Ericcson) Rocket Hub, Apple Intel iMac, OSX 10.6


JohnInSJ
Premium
join:2003-09-22
Aptos, CA
said by The Geezer:

Really?

Try this: Disable Java and Javascript in Safari, then try and navigate to MacUpdate daily update page. It is totally blank! But as soon as Java is enabled, the page shows up properly.

You just need javascript, not java for macupdate. Like most everything on the web. This is a java exploit.
--
My place : »www.schettino.us


skeechan
Ai Otsukaholic
Premium
join:2012-01-26
AA169|170
kudos:2
reply to The Geezer
Remember that Java and javascript are two completely separate things.


skeechan
Ai Otsukaholic
Premium
join:2012-01-26
AA169|170
kudos:2


JohnInSJ
Premium
join:2003-09-22
Aptos, CA
Yeah they made it worse.


The Geezer
Premium
join:2004-12-28
43.3Á
reply to JohnInSJ
Mark it down to early-set Alzheimers! I actually knew that...a year or two ago.
--
Rogers (Ericcson) Rocket Hub, Apple Intel iMac, OSX 10.6


J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
Reviews:
·Rogers Portable ..
reply to Mike
said by Mike:

Java is awful.

Film at 11.

News flash:

The American Dental Association announced today that most plaque tends to form on teeth around 4:00 p.m. Film at 11:00.

BAAAAAA....bad pun...sorry.
--
If you can't explain it simply, you don't understand it well enough. - Albert Einstein


TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless

1 edit
reply to daveinpoway
Click for full size
Well, I have had Java disabled globally and in my browsers from day one here, but it is installed on my systems. Going to this site: Is your Java exploitable? returns the warning above.

Since Java is detectable even if disabled globally and in Safari, I am wondering whether it's wise to completely uninstall it. If it is detectable, it could be like honey to the fly, attracting unwanted attention.

Thoughts?

Bob

--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."

"People should not be afraid of their governments. Governments should be afraid of their people"



JohnInSJ
Premium
join:2003-09-22
Aptos, CA
said by TamaraB:

Well, I have had Java disabled globally and in my browsers from day one here, but it is installed on my systems. Going to this site: Is your Java exploitable? returns the warning above.

Since Java is detectable even if disabled globally and in Safari, I am wondering whether it's wise to completely uninstall it. If it is detectable, it could be like honey to the fly, attracting unwanted attention.

Thoughts?

Bob

quote:
Is your Java exploitable?

You'll need to enable Javascript for us to detect your Java version.

Yeah... noscript. It's what's for breakfast
--
My place : »www.schettino.us