Proactive protection for your computer and Java exploits

A few months back, I posted some demographics on current malware. In that post, I stated that one should not use Internet Explorer (IE) for browsing on the web and that anti-virus solutions are becoming irrelevant. The software being used to just paper over flaws in Windows, is just not working and becoming evident on an increasing volume.

So to recap:

  • If you can refrain from using Internet Explorer, Java, and Adobe Flash and Reader on a Windows operating system, then you can successfully decrease your percentage of getting hosed.
  • 75% of malware is missed by anti-virus software.
  • 75% of browser infections are caused by browsing with Internet Explorer.

Remember, these are not absolute guarantee’s that you will not be owned in some point. Roaming the Internet these days can be a scary venture, most people are oblivious to the risks that they take.

Speaking about Java and current rates of infection of Windows based operating systems. Here is a screenshot of current systems, showing the rate of exploitation, notice Windows 7 and the list of browsers. Running any browser on Windows these days will get you taken to the cleaners eventually.

On Dec. 29, the SANS Internet Storm Center warned about a wave of Java attacks that were apparently using this social engineering approach to great effect. The attacks were taking advantage of built-in Java functionality that will prompt the user to download and run a file, but using an alert from Java (if a Windows user accepts, he or she is not bothered by a separate prompt or warning from the operating system).

Researchers at Kaspersky Lab also have tracked a sizable uptick in attacks leveraging social engineering via Java. Vyacheslav Zakorzhevsky, a senior malware analyst at the Russian security firm, covered this trend in the company’s December 2010 monthly malware statistics report.

In our November review we wrote about the explosive growth of the Trojan-Downloader.Java.OpenConnection family. These programs act in just the same way as exploits do in the latter stages of a drive-by attack, but instead of using vulnerabilities to download malware to victims’ computers, they employ the OpenConnection method of a URL class.”

Two representatives of Trojan-Downloader.Java.OpenConnection (2nd and 7th places) were among the Top 20 malicious programs detected on the Internet in December. At the height of their activity the number of computers on which these programs were detected in a 24-hour period exceeded 40,000.”

As we just mentioned, all the representatives of the Trojan-Downloader.Java.OpenConnection family, instead of exploiting vulnerabilities, use standard Java functionality to download and run files from the web. This is currently one of the prime download methods for malicious programs written in Java. It appears that until Oracle closes the functionality this family uses to download files its popularity will continue to grow.

The graphic below shows the number computers that Kaspersky found were infected with Trojan-Downloader.Java.OpenConnection in the last six weeks of 2010.

I’m not advocating mass abandonment of Java, but I urge users who have no reason to use this program to get rid of it, particularly on systems that are shared by less careful Web surfers. I have Java installed on a couple of my PCs where a particular software program requires it to run properly, but I have disconnected the Java plugins from the browsers on those systems.

If you’re a Firefox user and a Web site you frequent requires Java, consider installing and using the excellent NoScript extension, which will block Web sites from running Java applets unless you specifically whitelist them.

Java malware, incidentally, is generally known for exploiting vulnerabilities in Java, probably ones patched by Oracle/Sun, but targeting the still-large number of users with old versions. The Trojan-Downloader.Java.OpenConnection family, in contrast, is a simple downloader written in Java. It downloads other malware and executes it. In other words, it’s a social networking attack.

Should you dump Java? It’s not a simple question. Apps and applets which require Java are not quite ubiquitous, but neither are they rare.

Java has become the #1 way for malicious hackers to break into your computer, using Java’s numerous security problems to install malware, viruses, or password stealers. This is a problem for ANY computer with Java installed, PC or Mac.

The worst part is, the vast majority people have NO use for Java on their computer. Java is a relic of the early 2000s, when Java applets added needed functionality to web browsers. It has long been surpassed by other technologies. It is time to remove Java from your computer.

You have 2 options for removing Java from your computer. If you don’t know what Java is, and haven’t seen the Java logo (see image), then you likely have never used it and can remove it once and for all (Option #1 below). If, in the very unlikely event you find that you do need Java sometime in the future, you can always reinstall it from the Java website.

If you have seen the Java logo recently, and aren’t sure if you want to completely remove it, you can disable it from running in your web browser. See Option #2 below.

Here’s how
Option #1: Remove Java Completely
Luckily, this is quite easy. Click on Start -> Settings ->Control Panel -> Add/Remove Programs. Find any entries that begin with “Java 2″ – it should be something like “Java Runtime Environment”. Remove it and then restart your computer. All done!

Option #2: Disable Java in your Web Browser
This depends on which web browser you use.

Firefox:
Click on Tools in the Firefox menu
Choose Add-ons
Choose the Plugins tab
Click on any entries that start with Java
Click Disable

Internet Explorer:
Click on Tools in the IE menu
Choose Internet Options
Click on the Programs tab, then click on Manage Add-ons
Click on any entries that start with Java
Click Disable

Google Chrome:
In the address bar, type: “about: plugins”
Find the Java plugins and click Disable

Safari:
Click on the Edit menu and choose Preferences
Choose the Security icon
Uncheck the box that says “Enable Java”

January 15th, 2011 | dsmith | Categories: Adobe Flash, Adobe PDF, Anti-virus, Apple, Attack, Browser, Exploit, Flaw, Internet Explorer, Java, Malware, Microsoft, Opera, Security, Virus, Vulnerability, Windows, Windows 7, Windows Vista, Windows XP | Comments: 1 Comment

Evaluation of Current Malware

I happened across some demographics on current malware being pushed across the web, check it out.

These tell me the following things:

  • If you can refrain from using Internet Explorer, Java, and Adobe Flash and Reader on a Windows operating system, then you can successfully decrease your percentage of getting hosed.
  • 75% of malware is missed by anti-virus software.
  • The Ukraine, UK and USA put out <50% of the worlds malware when combined.
  • 75% of browser infections are caused by browsing with Internet Explorer.

So to summarize, do not use IE for browsing on the web. Anti-virus solutions are becoming irrelevant and the Windows operating system is suffering from systemic shock on many fronts.

November 6th, 2010 | dsmith | Categories: Adobe Flash, Anti-virus, Exploit, Flaw, Internet Explorer, Java, Malware, Vulnerability, Windows | Comments: No Comments

Flash Update Plugs 18 Security Holes

Adobe on Thursday released an update to its Flash Player software that fixes at least 18 security vulnerabilities, including one that is being exploited in targeted attacks.

The Flash update brings the latest version to v 10.1.102.64. To find out if your computer has Flash installed (it almost certainly does) and what version it may be running, go here. The new version is available from this link, but be aware that if you accept all of the default settings, the update may include additional software, such as a toolbar or anti-virus scanner.

If you’d like to avoid Adobe’s obnoxious Download Manager and all these extras, grab the update from this link instead. Updates are available for Windows,MacintoshLinux, and Solaris versions of Flash.

If you use Internet Explorer in addition to other browsers, you will need to apply this update twice: Once to install the Flash Active X plugin for IE, and again to update other browsers, such as Firefox or Google Chrome (you may find that Google has already updated their browser with this fix). Also, while it’s not strictly necessary, Adobe recommends that users uninstall the previous version of Flash before updating to the latest copy of Flash. Instructions and tools for removing Flash are here.

More information on the vulnerabilities fixed in this patch is available in the Adobe advisory.

November 6th, 2010 | dsmith | Categories: Adobe Flash, Exploit, Firefox, Flaw, Google, Google Chrome, Internet Explorer, MacOS, Vulnerability | Comments: No Comments

Desktops and Linux are Not Dead

So, in an article at PCW (http://www.pcworld.com/businesscenter/article/207999-2/desktop_linux_the_dream_is_dead.html), Robert Strohmeyer argues that the dream of desktop Linux is dead. I disagree. I strongly disagree. I don’t disagree because I have some hope of Linux out-pacing Windows or Macintosh OSX. I don’t disagree because there is some new distribution that is going to sweep the market. I don’t disagree because of how easy to use Ubuntu, Mint, and Mandriva are. I disagree because the Linux community will never rest.

In the mid-90s, the Linux community was much smaller than it is today. It was, in fact, minuscule in comparison. We’ve grown by leaps and bounds. Well, if our community is so much smaller, why are the market share estimates by so many relatively the same size? Well, how do you gather data on the number of desktop machines running Linux? Are you doing so by website polls and such? Are you doing so by the Linux Counter? Are you doing so by PC sales? None of these are going to deliver any kind of accurate statistics. This is because Linux normally spreads by word of mouth. How many times have you shown Linux to someone? How many times have you told people what Linux is? How many times have people entered into conversations describing the benefits of Linux to others? It is often from these encounters that Linux market share increases. Very few people by computers with Linux preinstalled on them, which means you would have to literally ask everyone who owns a desktop computer which OS he/she is running. To date, no one has asked me or anyone I know (not anyone conducting a poll anyway).

Next, the article asserts that reasons are flash, or that the reasons are lack of content, or that the reasons are due to media incompatibilities. These are all bogus. Flash runs well on most desktop Linux distributions. Media playback is often painless and beautiful on most desktop Linux distributions, and there are many thousands of applications available on most Linux distributions. None of those are the reasons for the lack of Linux to become dominant in the PC world. The real reasons have never changed. Number one is the lack of hardware vendor commitment. Number two is a lack of advertising. Number three is the general lack of knowledge/care that most users have of/for operating systems in general.

This article then moves on to say that the desktop is becoming irrelevant itself. This is probably the most bogus claim in the entire thing. Have desktop PC sales slowed? Sure they have. Have desktop PC sales stopped? No they haven’t. There are several groups who will never want to give up their desktops. First, gamers. Laptops are never as powerful as their desktop brethren of the same era. Second, workstation users. A workstation these days is quite simply a powerful desktop computer. Third, the thrifty. A low-end laptop costs about as much as a mid-range desktop of the same era. Fourth, enthusiasts. You usually cannot build your own laptop, and certainly cannot do so as easily as you can a desktop.

All in all, the article was bogus. People need to be weary of FUD like that. Too many credible news agencies are starting to churn out drivel like this PCW article.

October 23rd, 2010 | dsmith | Categories: Adobe Flash, FUD, Linux, Linux Mint, MacOS, Ubuntu, Windows | Comments: No Comments

Verizon to sell Galaxy Tablet

Summary: Verizon to sell Galaxy Tablet starting November 11th for $599.99

America’s largest carrier has announced plans to sell Samsung’s Galaxy Tab for… $599.99. The 3G, Android 2.2-based unit (which will be loaded with V CAST apps, of course) will hit retail on November 11th, and since it’s being sold at full price, a data plan (which starts at $20 per month for 1GB) is completely optional. It looks like customers will have some fairly strong choices on Big Red, considering that the impossible-to-ignore iPad is being made available in Verizon’s stores as well. Tough decisions are ahead for potential tablet buyers — but we’re sure you’ll do what’s right. Check out the full press release below, and good luck!

Verizon Wireless Puts Samsung Galaxy Tab™ in Stores in November

Verizon Wireless and Samsung Telecommunications America (Samsung Mobile) today announced the highly anticipated Samsung Galaxy Tab™ will be available Nov. 11 for $599.99. Running on Android™ 2.2, the Samsung Galaxy Tab features a brilliant 7-inch touch screen; robust HTML Web browsing experience with full support for Adobe® Flash® 10.1 for video and mobile gaming; and a 1GHz Cortex A8 Hummingbird Application processor.

“This is an incredible time in mobile technology, and as a company we’re excited to add the Samsung Galaxy Tab to our portfolio,” said Marni Walden, vice president and chief marketing officer for Verizon Wireless. “The Samsung Galaxy Tab brings together the reliability of Verizon Wireless’ 3G network and the power of Android 2.2 to deliver on our promise of providing consumers and business customers with a host of options to help manage their lives.”

October 23rd, 2010 | dsmith | Categories: Adobe Flash, Android, Samsung, Tablet, Verizon | Comments: No Comments

« Previous Page