dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
7

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

1 recommendation

siljaline to redwolfe_98

Premium Member

to redwolfe_98

Re: Java Responsible For 93% Of Malware-Infections

Link use here numerous times.
Do you need Java - Not on this PC. Unless you expressly need Oracle Java, some do and power to you but for others, it's an unnecessarily user introduced attack vector.

Boooost
@24.190.186.x

Boooost

Anon

said by siljaline:

Do you need Java - Not on this PC. Unless you expressly need Oracle Java, some do and power to you but for others, it's an unnecessarily user introduced attack vector.

I use Java at home to play Minecraft. At work, we use Java because some major software development tools are written in Java.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

Well again java is exploited more because it is in use more. Ive seen security patches etc for silverlight but don't know of any malware that use it to infect.Im sure there is some but just don't hear bout it much because it is not as wide spread as active x or java.

And same thing here (i dont bother with mine craft but) i work with 3d studio max and it does make use of some java script and java as well as vb etc.
If you do any form of programing or development your going to need java. I would say it is a some what safe bet that most of those who hang out on the sec forums here are also in some way shape or form developers. Meaning most of us use java.
psloss
Premium Member
join:2002-02-24

psloss

Premium Member

said by Nanaki:

Well again java is exploited more because it is in use more.

No, popularity is only part of it -- the current generation of exploit kits try several different popular plugins for Windows browsers; Oracle/Sun Java is only one of them. The bigger issue with Oracle's Java browser plugin is that it became the proverbial lowest hanging fruit; Oracle didn't respond emphatically to reported security issues until after even Adobe (well after in Internet time).
said by Nanaki:

Ive seen security patches etc for silverlight but don't know of any malware that use it to infect.

It was still in mix of exploits for kits in the (Northern Hemisphere) Spring, like Angler. There are at least a couple of link threads here.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

1 recommendation

Nanaki (banned)

Member

A person could create a is with a billion exploitable flaws give it to a few 100 people and it would never get exploited even if it was well known so long as it has no real market share it will never be a target. I remember a vunrability that was supper easy to exploit in a little used server some years back. The was zero in the wild exploits. There was just next to no one using it. Java is in wide spread use and has flaws it gets exploited. You mention a couple threads on silver light. Notice a couple not a 1000. Silver light is just not used enough to be worth targeting. Sure some did but not very many. Linux is now getting enough market share that it has been targeted a couple times now. Sim to silver light. As popularity goes up so to do the attacks.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by Nanaki:

You mention a couple threads on silver light. Notice a couple not a 1000. Silver light is just not used enough to be worth targeting.

I am not a Netflix customer, so I can't say with any authority, but I am pretty sure that Netflix uses Silverlight to playback their streaming content (that is one of the reasons that I am not a Netflix customer). Netflix is not exactly a small outfit with only a handful of customers. I can recall seeing some talk about Netflix migrating to html5, but has that been done already? Their on-line FAQ How does Netflix work? says this:

To begin watching movies and TV shows from your PC or Mac:

1. Open an Internet browser and go to www.netflix.com
2. Sign into your Netflix account
3. Select a title to Play

If you do not already have Microsoft Silverlight plug-in installed, you will be prompted to download and install the free plug-in for your web browser. Just follow the instructions to get started.

Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

Used by netflix and a very few other sites. It is not that common over all a few sites use it not literally millions. Just because netflix has millions of customers don't mean all that much. Let silverlight be used on millions of sites and watch how fast we start seeing posts out the wazoo about it being exploited. As it stands how many infections are traced back to it compared to java?

edited to add...\/

Just did a forum search here. Of the 3k plus posts on it on 4 pages i looked at most are about compatibility or complaints about quality of. A few questions on how to or if you can turn off web cam mic etc which are some what a security threat. But did not actually see any about it being a attack vector. Could have missed them though as i clicked on a few random page links

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

1 recommendation

Chubbzie

Member

said by Nanaki:

Let silverlight be used on millions of sites and watch how fast we start seeing posts out the wazoo about it being exploited

Silverlight has just been added to a few exploit kits within the last few months.

Here's a listing of CVE's currently known Silverlight vulnerabilities:
Microsoft Silverlight: List of Vulnerabilities

There are a few corporations/large institutions that I know of that are forced to use Silverlight b/c of some lazy development staff...