Loading ...
Sorry, an error occurred while loading the content.

RE: [midatlanticretro] Fwd:

Expand Messages
  • Wesley Furr
    In doing reading about some of the malware that is out there that I ve run across (we re talking Windows systems here), it has been noted that several of the
    Message 1 of 17 , May 15, 2013
    • 0 Attachment
      In doing reading about some of the malware that is out there that I've run
      across (we're talking Windows systems here), it has been noted that several
      of the serious ones often use Java as an attack vector. I'm honestly not a
      Java expert...but presumably it summons the java browser plugin and then
      takes advantage of it that way...and all that takes is to get them to visit
      a malware-ridden web page.

      Again, I'm talking about Windows. To update in Windows, you have to
      actually click the pop-up in the system tray that says "please update
      me"...and most average users don't pay any attention to things like that.
      Then after you click on it, you have to say yes, please install the update.
      Then it disappears for a short time. Then it pops up in the system tray and
      says "hey, now I'm ready to install that update you just let me download".
      Then when you click on it (again, if the user does so) it comes up and goes
      through a typical full install looking process...you know the ones, ok, yes,
      sure ok, yep, next, yep, ok, whatever...finish. Perhaps easy...but still
      cumbersome...and far from automatic...which is what it takes for probably
      90% of the average users out there to actually do an update. Not talking
      about the knowledgeable folks such as frequent this forum...think about your
      mother or grandmother for a minute...are they likely to notice and act on
      that process?

      Wesley


      -----Original Message-----

      Actual external-access security holes IN THE JVM...the JVM which, by the
      way, doesn't do any network communication unless the program it's running
      opens a socket...seriously?

      It amounts to clicking two buttons on any release of Linux less than
      maybe five years old. It even tells you when updates are needed. I
      honestly hope I never meet the dolt for whom this is "far from easy".
    • Dave
      ... You don t. There are three settings:- 1. As you describe 2. Download then prompt. This is what I have on mine. 3. Download and install. Modern windows
      Message 2 of 17 , May 16, 2013
      • 0 Attachment
        On 16/05/2013 02:25, Wesley Furr wrote:
        > In doing reading about some of the malware that is out there that I've run
        > across (we're talking Windows systems here), it has been noted that several
        > of the serious ones often use Java as an attack vector. I'm honestly not a
        > Java expert...but presumably it summons the java browser plugin and then
        > takes advantage of it that way...and all that takes is to get them to visit
        > a malware-ridden web page.
        >
        > Again, I'm talking about Windows. To update in Windows, you have to
        > actually click the pop-up in the system tray that says "please update
        > me"...and most average users don't pay any attention to things like that.
        > Then after you click on it, you have to say yes, please install the update.
        You don't. There are three settings:-

        1. As you describe
        2. Download then prompt. This is what I have on mine.
        3. Download and install. Modern windows systems set this by default. For
        most "users" this is sensible. Recent versions set this as a default

        However Java has its own updater which has similar options. These days I
        run with Java disabled in the browser. It doesn't seem to break much...

        Dave
        G4UGM
      Your message has been successfully submitted and would be delivered to recipients shortly.