Loading ...
Sorry, an error occurred while loading the content.

Re: [midatlanticretro] Fwd:

Expand Messages
  • Brian Schenkenberger, VAXman-
    ... DITTO! -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.
    Message 1 of 17 , May 15, 2013
    • 0 Attachment
      "B. Degnan" <billdeg@...> writes:

      >Guys please take this thread offline, thnaks.

      DITTO!

      --
      VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG

      Well I speak to machines with the voice of humanity.
    • Wesley Furr
      In doing reading about some of the malware that is out there that I ve run across (we re talking Windows systems here), it has been noted that several of the
      Message 2 of 17 , May 15, 2013
      • 0 Attachment
        In doing reading about some of the malware that is out there that I've run
        across (we're talking Windows systems here), it has been noted that several
        of the serious ones often use Java as an attack vector. I'm honestly not a
        Java expert...but presumably it summons the java browser plugin and then
        takes advantage of it that way...and all that takes is to get them to visit
        a malware-ridden web page.

        Again, I'm talking about Windows. To update in Windows, you have to
        actually click the pop-up in the system tray that says "please update
        me"...and most average users don't pay any attention to things like that.
        Then after you click on it, you have to say yes, please install the update.
        Then it disappears for a short time. Then it pops up in the system tray and
        says "hey, now I'm ready to install that update you just let me download".
        Then when you click on it (again, if the user does so) it comes up and goes
        through a typical full install looking process...you know the ones, ok, yes,
        sure ok, yep, next, yep, ok, whatever...finish. Perhaps easy...but still
        cumbersome...and far from automatic...which is what it takes for probably
        90% of the average users out there to actually do an update. Not talking
        about the knowledgeable folks such as frequent this forum...think about your
        mother or grandmother for a minute...are they likely to notice and act on
        that process?

        Wesley


        -----Original Message-----

        Actual external-access security holes IN THE JVM...the JVM which, by the
        way, doesn't do any network communication unless the program it's running
        opens a socket...seriously?

        It amounts to clicking two buttons on any release of Linux less than
        maybe five years old. It even tells you when updates are needed. I
        honestly hope I never meet the dolt for whom this is "far from easy".
      • Dave
        ... You don t. There are three settings:- 1. As you describe 2. Download then prompt. This is what I have on mine. 3. Download and install. Modern windows
        Message 3 of 17 , May 16, 2013
        • 0 Attachment
          On 16/05/2013 02:25, Wesley Furr wrote:
          > In doing reading about some of the malware that is out there that I've run
          > across (we're talking Windows systems here), it has been noted that several
          > of the serious ones often use Java as an attack vector. I'm honestly not a
          > Java expert...but presumably it summons the java browser plugin and then
          > takes advantage of it that way...and all that takes is to get them to visit
          > a malware-ridden web page.
          >
          > Again, I'm talking about Windows. To update in Windows, you have to
          > actually click the pop-up in the system tray that says "please update
          > me"...and most average users don't pay any attention to things like that.
          > Then after you click on it, you have to say yes, please install the update.
          You don't. There are three settings:-

          1. As you describe
          2. Download then prompt. This is what I have on mine.
          3. Download and install. Modern windows systems set this by default. For
          most "users" this is sensible. Recent versions set this as a default

          However Java has its own updater which has similar options. These days I
          run with Java disabled in the browser. It doesn't seem to break much...

          Dave
          G4UGM
        Your message has been successfully submitted and would be delivered to recipients shortly.