Java Vulnerability

Per warnings from numerous security sources on the Java zero day mess, I’ve already disabled Java in IE and will be keeping it installed only because there are a couple of applications I need it for.

However, as a new user to Avast and since I’m not very familiar with the AvastIS capabilities, my question is whether or not Avast provides protection against the Java exploit? I will still need limited use of Java until they fix the vulnerabilities so I would like some greater level of understanding of my risk and how much Avast will protect me.

Thanks.

Does this help? https://blog.avast.com/2012/08/30/blackhats-adopt-latest-java0day/

Thanks Vladimyr.

I don’t have any confidence in Oracle. From what I have read, they have known about this for months. Plus, acquiring Sun and allowing OpenOffice to fade away for some time has made me bitter. I try to stay away from anything Oracle as much as I can.

Read more here.
http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/

http://www.webpronews.com/oracle-knew-about-java-exploits-since-april-2012-08

I’m curious to see how long it takes for the release of a patch.

Patch: http://www.h-online.com/open/news/item/Oracle-releases-emergency-fixes-for-Java-0day-1696132.html

http://www.forbes.com/sites/andygreenberg/2012/08/31/oracles-java-security-woes-mount-as-researchers-spot-a-bug-in-its-critical-bug-fix/

http://www.pcworld.com/businesscenter/article/261748/researchers_find_critical_vulnerability_in_java_7_patch_hours_after_release.html

I have the latest version of Java and so far I haven’t had any problems.

Yet … The update is compromised as well


Also, go to the General section of this forum & read pages 138 & 139 of “SECURITY WARNINGS & Notices - Please post them here” for more information.


EDIT - to correct page locations.


It’s not as if you’d “see” an obvious problem… e.g., it’s not that java will “crash” on you if you run it. Rather, java has a “hole” in it, that hackers can sneak through to easily attack your system (if they wish).

I think people have to ask if they really need JAVA installed, the greatest majority probably don’t need it. Unless you visit sites that use it or have applications that require it then best not to have it installed.

I agree with DavidR.

I removed Java from my systems a few years ago, and have had no regrets.

There was only one webpage that I used to visit regularly that invoked java — the Secunia ONLINE Software Inspector (OSI). However, this is easily bypassed by using the Secunia PERSONAL Software Inspector (PSI), which does NOT use java (however, it uses Flash, which seems to be equally under attack).

I’m not saying that’s the only site that uses Java… just the only one I used to visit regularly. My wife tried living without Java, but some site she used… not sure, it might have been eBay… forced her to put it back.

Note that some OFFLINE programs may also require java. The dataBASE module of OpenOffice, as well as most of the Wizzards in OpenOffice, require Java. But I’ve been able to use both the WRITER and CALC (“Excel”) modules without encountering a need for Java. [Perhaps some features that I haven’t accessed will require it?]

About the only other time I personally used a java-based program was a foreign language learning program. Since I didn’t think too highly of that particular program, I felt no loss when I went java free.

At work, one of the people uses a java-based program, so it had to be installed on some [but not all] of the work machines.

Bottom line: each person needs to test for him/herself whether they need Java. The simplest way is to DISABLE the Java add-on (plug-in) in one of your browsers, and try surfing around to your regular/important sites, to see which one(s), if any, advise you that you need java. [Alternatively, you can run the special IE with NO Add-Ons, which disables Java as well as all other add-ons. I tried this for a few days, and was pleasantly surprised to see how much I could live without.]

Or you can simply UNinstall java… and do your regular surfing until you discover something that actually needs java. And then you’ll have to decide how critical that site [or program] is to you, that you’d want to reinstall (or enable) java for its sake.

Please stress: Java is a completely separate entity from the sound-alike JavaSCRIPT. JavaSCRIPT is used almost everyone on the internet, and so it’s essential to have to view most web pages. But Java is not required. [I think some sites that used Java in the past have replaced it by Flash.]

Yes, secunia was one of the very few sites that I use/d which require it and I have stopped visiting it as keeping JAVA patched is becoming a full time occupation.

Is Java version 6 safe to use?

Hi -midnight,

Read my response and link I gave here : http://forum.avast.com/index.php?topic=52252.msg835549#new
In your case the only secure java to use is java in firefox with noscript extension installed, see: http://noscript.net/
Not only you are safe now with NoScript but also in the furture for java vulnerabilities that haven’t even be found up yet.

polonus

Either 6 or 7 suffers the same exploit. The discussion in the topic is if the new patch covered or not the last vulnerability and it seems that a hole was discovered in the patch itself so leaving Java, again, vulnerable to an attack.

So the recommendation is if you really do not need Java, Why have it installed at all ?

I disabled Java in Firefox but had to enable it again because Facebook won’t work with No Script or Java. I will disable it on IE 9 and Flock.

Don’t mix up Java with JavaScript…!! :wink:

What’s the difference? BTW…I can’t check any of our bank accounts when I disable Java.

  1. Java: http://en.wikipedia.org/wiki/Java_(software_platform)
    JavaScript: http://en.wikipedia.org/wiki/JavaScript
  2. Well, guess you need it then. :wink: