dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
915
share rss forum feed

scottp99

join:2010-12-11

Anit-Virus protecting me from this Java vulnerability?

I am running McAfee VSE 8.7i and I just want to know if that can protect me from this recent Java exploit?
It has the heuristic scanning features enabled.
Is that good enough?

Thank you


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

It's important to keep in mind the difference between "vulnerability" and "exploit". The recent vulnerability issue in Java is a flaw in the Java code that allows certain kinds of penetration; a particular exploit is just one form of malicious coding that can take advantage of a given vulnerability. Which does not say that other exploits couldn't be created to take their own unique advantage of the same vulnerability. Depending on what signatures or heuristic behavior a particular AV product may use at any given point in time, the AV may or may not detect one given exploit out of perhaps many that tap a particular software vulnerability... and it only takes one.

Put another way, AV generally can't protect against a software's vulnerability, only against a given exploit or set/class of similar exploits - but many exploits can be constructed against a particular vulnerability. Which is why it's so extremely critical to get the original software vulnerability patched quickly to kill off all the potential exploits against it.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville

scottp99

join:2010-12-11
I need to make sure what DAT number has McAfee issued out for this since I cannot disable Java within my browser as I need to work with programs that do require Java enabled within the browser.

And thanks for the detailed explaination.

Maybe Ill hop on the McAfee forums as well.
And this what I gathered from there.

»community.mcafee.com/docs/DOC-4574

But no DAT number info here. Or know one seems to know for sure.


Woody79_00
I run Linux am I still a PC?
Premium
join:2004-07-08
united state
To answer your question, No.

Anti-Virus software are not good at detecting zero-days, and are horrible overall in detecting exploits.

If you insist on leaving Java enabled in your browser, then i suggest you:

1. Enable Software Restriction Policies by following this guide. »www.mechbgon.com/srp/

2. Install and Configure Microsoft EMET
»www.microsoft.com/en-us/download···id=29851

opt all your web browsers, and every executable inside your Java install directory into EMET protection...and might as well opt Adobe Flash player, your PDF reader, and pretty much every other app on your computer that has a browser plugin into the EMET protection.

Now mind you, there is no gurantee EMET will stop this exploit, it just makes exploits more difficult to pull off...as the forced ASLR randomizes memory address every time an application is open, Forced DEP forces applications to run under NX-Bit.

Software Restiction policies, if you follow the guide, will set up your system where a script, exe, .bat, or any executable file type of any kind won't run unless:

1. its located in Windows Folder or Program Files Folder.

2. It is run as an administrator by "right clicking" the File and Selecting "Run as Administrator"

so SRP will stop probably 99.9% of all possible drive-by infestations, usb autorun based malware, and pretty much anything else you can think of unless you purposely run the file in question as Admin blindly clicking though your UAC dialogs.

All these tools are free, they come with Windows, and will protect you more then your AV software can....just read the guides for Software Restriction Policies and EMET and set them up...I wouldn't surf the internet without them...thats how confident I am in them.

Just like I won't surf the Net on a Linux machine without AppArmor...same principle applies

good luck!