Proactive protection for your computer and Java exploits
A few months back, I posted some demographics on current malware. In that post, I stated that one should not use Internet Explorer (IE) for browsing on the web and that anti-virus solutions are becoming irrelevant. The software being used to just paper over flaws in Windows, is just not working and becoming evident on an increasing volume.
So to recap:
- If you can refrain from using Internet Explorer, Java, and Adobe Flash and Reader on a Windows operating system, then you can successfully decrease your percentage of getting hosed.
- 75% of malware is missed by anti-virus software.
- 75% of browser infections are caused by browsing with Internet Explorer.
Remember, these are not absolute guarantee’s that you will not be owned in some point. Roaming the Internet these days can be a scary venture, most people are oblivious to the risks that they take.
Speaking about Java and current rates of infection of Windows based operating systems. Here is a screenshot of current systems, showing the rate of exploitation, notice Windows 7 and the list of browsers. Running any browser on Windows these days will get you taken to the cleaners eventually.
On Dec. 29, the SANS Internet Storm Center warned about a wave of Java attacks that were apparently using this social engineering approach to great effect. The attacks were taking advantage of built-in Java functionality that will prompt the user to download and run a file, but using an alert from Java (if a Windows user accepts, he or she is not bothered by a separate prompt or warning from the operating system).
Researchers at Kaspersky Lab also have tracked a sizable uptick in attacks leveraging social engineering via Java. Vyacheslav Zakorzhevsky, a senior malware analyst at the Russian security firm, covered this trend in the company’s December 2010 monthly malware statistics report.
In our November review we wrote about the explosive growth of the Trojan-Downloader.Java.OpenConnection family. These programs act in just the same way as exploits do in the latter stages of a drive-by attack, but instead of using vulnerabilities to download malware to victims’ computers, they employ the OpenConnection method of a URL class.”
Two representatives of Trojan-Downloader.Java.OpenConnection (2nd and 7th places) were among the Top 20 malicious programs detected on the Internet in December. At the height of their activity the number of computers on which these programs were detected in a 24-hour period exceeded 40,000.”
As we just mentioned, all the representatives of the Trojan-Downloader.Java.OpenConnection family, instead of exploiting vulnerabilities, use standard Java functionality to download and run files from the web. This is currently one of the prime download methods for malicious programs written in Java. It appears that until Oracle closes the functionality this family uses to download files its popularity will continue to grow.
The graphic below shows the number computers that Kaspersky found were infected with Trojan-Downloader.Java.OpenConnection in the last six weeks of 2010.
I’m not advocating mass abandonment of Java, but I urge users who have no reason to use this program to get rid of it, particularly on systems that are shared by less careful Web surfers. I have Java installed on a couple of my PCs where a particular software program requires it to run properly, but I have disconnected the Java plugins from the browsers on those systems.
If you’re a Firefox user and a Web site you frequent requires Java, consider installing and using the excellent NoScript extension, which will block Web sites from running Java applets unless you specifically whitelist them.
Java malware, incidentally, is generally known for exploiting vulnerabilities in Java, probably ones patched by Oracle/Sun, but targeting the still-large number of users with old versions. The Trojan-Downloader.Java.OpenConnection family, in contrast, is a simple downloader written in Java. It downloads other malware and executes it. In other words, it’s a social networking attack.
Should you dump Java? It’s not a simple question. Apps and applets which require Java are not quite ubiquitous, but neither are they rare.
Java has become the #1 way for malicious hackers to break into your computer, using Java’s numerous security problems to install malware, viruses, or password stealers. This is a problem for ANY computer with Java installed, PC or Mac.
The worst part is, the vast majority people have NO use for Java on their computer. Java is a relic of the early 2000s, when Java applets added needed functionality to web browsers. It has long been surpassed by other technologies. It is time to remove Java from your computer.
You have 2 options for removing Java from your computer. If you don’t know what Java is, and haven’t seen the Java logo (see image), then you likely have never used it and can remove it once and for all (Option #1 below). If, in the very unlikely event you find that you do need Java sometime in the future, you can always reinstall it from the Java website.
If you have seen the Java logo recently, and aren’t sure if you want to completely remove it, you can disable it from running in your web browser. See Option #2 below.
Here’s how
Option #1: Remove Java Completely
Luckily, this is quite easy. Click on Start -> Settings ->Control Panel -> Add/Remove Programs. Find any entries that begin with “Java 2″ – it should be something like “Java Runtime Environment”. Remove it and then restart your computer. All done!
Option #2: Disable Java in your Web Browser
This depends on which web browser you use.
Firefox:
Click on Tools in the Firefox menu
Choose Add-ons
Choose the Plugins tab
Click on any entries that start with Java
Click Disable
Internet Explorer:
Click on Tools in the IE menu
Choose Internet Options
Click on the Programs tab, then click on Manage Add-ons
Click on any entries that start with Java
Click Disable
Google Chrome:
In the address bar, type: “about: plugins”
Find the Java plugins and click Disable
Safari:
Click on the Edit menu and choose Preferences
Choose the Security icon
Uncheck the box that says “Enable Java”
