Java

[brk-lnt]

Quote:

Originally Posted by MAXUM

S
The only reason why MACs and LINUX os's haven't seen the number of exploits as Windows is simply that Windows is a much larger target due to market share. Not that either on is fundamentally more secure.

The quantity of each platform and the correlation to virus and exploit issues is an oft-repeated urban myth.

Linux is widely used on webservers around the world. Apple has been eating steady marketshare away from Windows in the consumer market for years now. Both have installations of 10's, if not hundreds, of millions of active machines. Plenty enough to make them a target of virii and exploits.

Each OS has its own pros and cons, and the security of the core OS itself is one thing, then there is how easy that OS (or other pre-installed software like IE) makes it for rogue code to be downloaded and executed.

The core of the Windows OS is pretty secure. Their UI model and other aspects of the software, not so much. Windows is "secure", but more easily exploited than linux or OSX due to how applications can be installed and run without direct user interaction or awareness.

[MAXUM]

Quote:

Originally Posted by brk-lnt

The quantity of each platform and the correlation to virus and exploit issues is an oft-repeated urban myth.

Linux is widely used on webservers around the world. Apple has been eating steady marketshare away from Windows in the consumer market for years now. Both have installations of 10's, if not hundreds, of millions of active machines. Plenty enough to make them a target of virii and exploits.

Each OS has its own pros and cons, and the security of the core OS itself is one thing, then there is how easy that OS (or other pre-installed software like IE) makes it for rogue code to be downloaded and executed.

The core of the Windows OS is pretty secure. Their UI model and other aspects of the software, not so much. Windows is "secure", but more easily exploited than linux or OSX due to how applications can be installed and run without direct user interaction or awareness.

Well it's said that apple is eating away Microsoft's market share, but the numbers speak to that, see here: http://www.netmarketshare.com/operat...=9&qpcustomb=0

So it would stand to reason that anyone looking to data mine or exploit an operating system would target the windows desktop, especially since so many are used in places of business which is a target rich environment. No doubt with the popularity of smart phones and portable devices they too will become of more interest to hackers. Thing is that many users of both desktops and mobile devices have little knowledge as to what they are doing and many exploits are passed along due to ignorance of the user, often times gaining access to a system with the logged on account having full unrestricted rights to the operating system than anything else. There is only so much any manufacturer can do to curb that, IE can't fix stupid! An email with an attachment that is executed with malicious code as an example can just as easily screw any computer up, whether it be a windows system with a user logged on with full administrative rights, or a user on a UNIX system logged in as root. I would assert also that most folks that run a LINUX desktop are not your average dare I say ignorant user. Therefore they would tend to be more judicious in how they setup and use their systems.

Stuff like this can be argued till the cows come home, my only point was to show that the Java exploit was in the JRE and if installed doesn't matter what OS it's on the system is vulnerable. That is not a poor reflection on any of the operating system manufacturers, it's the JRE to blame in this case!

[JayDV]

Thanks to all you learned folk. I found this to be very interesting.

I have tried to maintain a secure pc, but I still encounter slow(er) performance issues. I tried scans and have not found any problems. I will try that Advanced Care 6 mentioned earlier here.

I do know that password protection is utmost important and I was having difficulty coming up with new unique passwords for the many accounts I have and was recently introduced to LastPass. It runs along with your browser somehow and you click an icon to "login" to an account your browser has opened. The passwords are stored "elsewhere" and it auto logs you in. Because you are not using your keyboard to log into an account, the keystroke logger virus can't catch those passwords. LastPass can also auto generate a password for you, the length will show the strength of the password.

I'm sure there is a bunch more about this type of password program that I don't know about, but I would like to hear some opinions.

[magicrobotmonkey]

One tip for setting passwords that I've always done: instead of making my passwords words, I make them patterns on the keyboard. For instance, try typing zSE4bHU8 It's a simple pattern and if you have to use it mutiple times a day it will be no time at all before it becomes muscle memory and you don't even have to think it, your hands do it for you!

[trfour]

Under; Read It And Weep!
http://threatpost.com/en_us/blogs/la...s-found-011813

Terry
____________________________________

[Rusty]

Quote:

Originally Posted by trfour

Under; Read It And Weep!
http://threatpost.com/en_us/blogs/la...s-found-011813

Terry
____________________________________

Thanks Terry.

Just got off the phone with technical support for my cameras and they said to use Activex instead of Java. That means I will have to use Firefox as my browser. Internet Explorer uses Java and Firefox uses Activex.
That means anyone who uses a Mac do not have to worry about Java.

I guess I need to think this whole thing over because I use many different computers and locations to view my security cameras.

[Slickcraft]

While I did install the build 11 update there was not an overwhelming sense of security. So I disabled Java in the browser on the Java control panel but allowed Java Script in Firefox.

So far I have not had any problems navigating web pages with the Java add-on disabled. If I need it for a specific known web page such as the registry of deeds than I would turn it on only for that session.

[ishoot308]

Quote:

Originally Posted by Rusty

Thanks Terry.

Just got off the phone with technical support for my cameras and they said to use Activex instead of Java. That means I will have to use Firefox as my browser. Internet Explorer uses Java and Firefox uses Activex.
That means anyone who uses a Mac do not have to worry about Java.

I guess I need to think this whole thing over because I use many different computers and locations to view my security cameras.

Correct me if I am wrong but I believe Internet Explorer supports Activex not Firefox...??

Dan

[Rusty]

Quote:

Originally Posted by ishoot308

Correct me if I am wrong but I believe Internet Explorer supports Activex not Firefox...??

Dan

I guess both browsers support Java or Activex (somehow anyway). Firefox supports mostly Java but can support Activex.

If I understood the tech support fella he said that my security cameras will only use Java for ie and when I use Firefox it will ask me to load Activex. I really don't understand the reason why but he said that is the only way to not use Java for my cameras. It must have something to do with their software. I have D-Link cameras and use mydlink.com to access them.


Confusing to say the least.

[ApS]

Quote:

Originally Posted by magicrobotmonkey

One tip for setting passwords that I've always done: instead of making my passwords words, I make them patterns on the keyboard. For instance, try typing zSE4bHU8 It's a simple pattern and if you have to use it mutiple times a day it will be no time at all before it becomes muscle memory and you don't even have to think it, your hands do it for you!

My ISP provider stated I had an excellent eight-digit password—so I told him—"Look down at where those keys are located on your keyboard".

(They made a pattern that was easy to remember).

[Slickcraft]

I run Norton Internet Security and got an email this morning on the Java issue:

Quote:

You may have recently seen some of the extensive news coverage, including statements from the United States Department of Homeland Security, regarding a vulnerability in Java. Java is both a language and a platform to run websites and programs used by many computer users, both on the PC and Mac operating systems. This vulnerability leaves millions of computers open to malware attacks and can lure online traffic to virus-infected websites.
Rest assured, because you have a Norton security software product installed on your computer, you’re protected against the Java bug (CVE-2013-0422), as long as you have not disabled the automatic updates feature.
We also recommend that you apply Oracle’s recently released security patch and make sure you are running the most updated version of Java.

Thank you for being a valued Norton customer.

Sincerely,
The Norton Team

[trfour]

disable Java in your browser on Windows, Mac. I sure do get a kick out of some Mac folks thinking that Mac computers are safe and the cure-all for internet security.

http://www.zdnet.com/how-to-disable-...ac-7000009732/


Terry
_______________________________

[trfour]

You decide whats best for you.
http://threatpost.com/en_us/blogs/it...on-java-012113




Terry
__________________________

[trfour]

Posted on ZDnet today....

http://www.zdnet.com/if-you-need-jav...ad-7000010157/



Terry
___________________________

[NoBozo]

JAVA Update 7-13 is now available. I downloaded and installed it BUT Left it disabled. NB

[Diver1111]

I read about the Java vulnerability and frankly didn't trust any patches or fixes so I deleted Java entirely-all of it; The amazing thing is it hasn't changed the performance of my computers whatsoever-nothing; I know it's used around the world but I seem to have no need for it-everything runs as it did before-everything, to the letter.

I also run two browsers-IE and Firefox-no changes there either.

FYI.

[NoBozo]

JAVA Update 7-15 is now available. NB

[trfour]

Must Read; http://threatpost.com/en_us/blogs/tw...ch-team-022513



Terry
_________________________

[NoBozo]

I for one, will feel Much more comfortable when JAVA 7-17 comes out. NB

[NoBozo]

Thank God: Version 7-17 is now available. NB

EDIT: JAVA is still Disabled on my system. Maybe I should just uninsatll the whole thing..... NB