What's the deal with Java today?

C

Chilli

Member
Reaction score
0
Location
British guy living in WA, USA
http://www.digitaltrends.com/comput...-in-java-experts-recommend-disabling-the-app/

So they say to disable the app... well that is going to cause more issues than it's worth right now for systems I maintain. Firewalls are pretty secure, so i think I'm fine, but I get a lot of home users wanting to know what to do.

Are all version prior to 7.10 an issue? Do we just wait till a fix is out or run an older version?

What are you doing about the Java issue today?
 
YeOldeStonecat said:
Not true...depends what the firewall is....as a firewall with UTM features (Unified Threat Management) can indeed prevent an issue by blocking sites and payloads and other stuff.
Click to expand...

UTM was a big word 6 years ago and yet we still see millions of people behind firewalls getting hacked, attacked or exploited.

UTM firewalls are no more safe that the very latest high quality antiviruses. I have Kaspersky Pure 2.0 here and I still can download some viruses without it waking up and warning me. I can still visit some sites that I know are bad but Kaspersky does not. Many companies like Sophos still warn that even though their UTM products are very good, nothing is 100% effective against the newest malware. Isn't the newest malware really what we are worried about ?

If you have a browser and go to a bad site these zero day exploits are very dangerous even with the latest firewalls (hardware or software).
 
NYJimbo said:
UTM firewalls are no more safe that the very latest high quality antiviruses. I have Kaspersky Pure 2.0 here and I still can download some viruses without it waking up and warning me. I can still visit some sites that I know are bad but Kaspersky does not. Many companies like Sophos still warn that even though their UTM products are very good, nothing is 100% effective against the newest malware. Isn't the newest malware really what we are worried about ?.
Click to expand...

Nowhere did I even attempt to claim that UTMs were 100% effective. Please point out where you think I made that claim....because I don't need any lecture about "no security is 100% effective".

However, I laugh out loud at your claim that "a UTM firewall is no more safe than the very latest".....because I'm a firm believer in "layering security".

You made the claim "a firewall is not going to help"

I disagreed....I stated "I disagree...some firewalls can prevent"....the word "can" is not a 100% effective claim.

The UTMs we use utilize 2 or 3 different AV programs (Kaspersky, Authentium, Clam)...plus a whole slew of other antispyware apps...plus a firewall that does DPI against emerging attack threats, plus a content filter that checks against a constantly updated list of known malware distribution sites (where the payloads usually come from after the initial attack)....

So combine those 2-3 different antivirus brands scanning all traffic at the edge.....with yet another antivirus brand at the desktop, such as Eset or EPS or whatever...and you have a good layered approach of all traffic being scanning by 3 or 4 antivirus engines plus a whole slew of other technology.

How can you sit there with a serious face and say that a UTM that adds 2-3 totally different scanning engines to the existing AV engine on the desktop can't help?

Every day I see the effectiveness of UTM edge appliances on our primary managed clients.....and can compare that to other clients of ours that don't have UTM appliances at the edge...yet they have the same "rest of the network setup"...same AV product..and they get hit left and right.

And "UTM being a big word 6 years ago"....if you're not encouraging business clients to use them.....wow, bummer for them.
 
Last edited:
If you have some UTM device/app that does all of that show me the end user with a firewall that has the same thing ? How much does this UTM cost that you speak of ? How many end users with firewalls do you think are set up with that kind of protection ?

Three days ago one of the law firms that I do hosting for got attacked with a zero access virus. They have a hardware firewall. I was called because they didnt know what the difference was between what we do and how they got infected. This kind of thing goes on all the time. I say a firewall is not going to help the average end user with java exploits and other exploits they will get by surfing or doing pulling email and you throw in these high end UTM things that you know most do not have.

Like I said, a firewall is not going to help against these kinds of things. If John Doe has a expensive UTM firewall with "2 or 3 different AV programs (Kaspersky, Authentium, Clam)...plus a whole slew of other antispyware apps...plus a firewall that does DPI against emerging attack threats, plus a content filter that checks against a constantly updated list of known malware distribution sites" then that is not the average firewall.
 
I've never understood anyone debating an AIO AV suite with a true hardware firewall or UTM. There is no comparison. I love Kaspersky, love it! However, it does not have active intrusion prevention and detection. It does not have proxy capabilities to secure a network without putting load on the machine. Untangle, ClearOS, Sonicwall, Cisco, Barracuda, Juniper, etc. There is a reason these companies are in business. Malicious sites are analyzed and blocked at the head of the network. This means the traffic is killed before the machine even touches the trouble. Not so with software. There is no way to be 100% secure unless you disconnect from the internet, stop using any kind of external media devices, and pretty much go Battlestar Galactia and kill any network connections. Of this, there is no question. However, I can tell you this much: The only person to have called me about this issue is a home business owner who is exceptionally paranoid about everything.

For you techs who think that $40 Belkin router and an AIO security suite is plenty security for your business clients, I urge you to think again. I can't tell you how many customers we've taken on because some "tech" told them that cheap router and Norton are all they need on their networks. I'm sure stonecat will tell you the same thing.
 
This thread has gone completely off track... can we get back to the original topic? How bad is the Java issue, should we be contacting our customers about this, and can we agree on what is the best course of action?
 
DocGreen said:
This thread has gone completely off track... can we get back to the original topic? How bad is the Java issue, should we be contacting our customers about this, and can we agree on what is the best course of action?
Click to expand...

My plan is to sweep through all our business clients as soon as the Java patch gets released....as of today I still only see 7.10. Hopefully we'll see 7.11 real soon.

We'll have to hope that antivirus companies have updated their definitions to be able to detect the latest variants of Blackhole, RedKit, Nuclear Pak..and other exploit kits that circulate underground throughout the malware distribution bad guys.

We've been through these zero day java exploits before...the last big on was back in August of last year. They happen at least once a year...often more. This one is just getting more media exposure than before.
 
DocGreen said:
So you think this is more media hype than anything? I heard Microsoft is recommending users uninstall Java...
Click to expand...

We've lived through this before.....this isn't as "sudden and new" as it's being made out to be. The same level of threat potential occurred last August with a zero day java exploit. It did make it's rounds throughout IT info avenues....however it didn't make it as wide in mainstream media as this. Yet...it really quite literally was the same thing...zero day Java exploit, and the "underground kits" were updated to exploit this and exploit it hard...and we saw a big increase in malware infected machines making it across our benches.

Sun was slow in releasing an update, just as now.

This time around, if Microsoft is stating to disable Java...they're probably sick of taking the blame for a faulty OS and they're trying to deflect this time.

All I know is, I can't go around disabling Java....most of my clients (just about all) are businesses, and it would stop much of their line of business software from running.

For those of your that cater to home users, if you disable Java..how long do think it will remain disabled on their computers...til they go enable it out of frustration from some site(s) they go to not working. Or they'll just nag your phones with "how do I get it working again.....such 'n such won't work!"
 
That was my first reaction... how can you disable Java with so much being dependant on Java to run?? You would think Sun would run a tighter ship considering they are in EVERYTHING... computers, phones, tv's, cars... everything!
 
DocGreen said:
That was my first reaction... how can you disable Java with so much being dependant on Java to run?? You would think Sun would run a tighter ship considering they are in EVERYTHING... computers, phones, tv's, cars... everything!
Click to expand...

When reading up on this article when the news broke....I stumbled on some article stating that Oracle knew about this particular vulnerability at least 6 months ago.

Agreed....I would think they would run a tighter ship.
 
YeOldeStonecat said:
When reading up on this article when the news broke....I stumbled on some article stating that Oracle knew about this particular vulnerability at least 6 months ago...
Click to expand...

That's insane, irresponsible, and shameful... almost sounds like Java is being developed and maintained by the government. :rolleyes:
 
You must log in or register to reply here.

Similar threads

G
[REQUEST] Sync Windows Outlook Calendar with iPhone 12
Replies
10
Views
1K
Sky-Knight
Sky-Knight
YeOldeStonecat
Gaming rig...help with client computer with vid card issues.
2
Replies
25
Views
3K
Rosco
Rosco
Appletax
[SOLVED] Intel Rapid Restore Driver Causes BSOD - DRIVER_POWER_STATE_FAILURE
Replies
3
Views
1K
Appletax
Appletax
HCHTech
What's the deal with Acumera firewalls?
Replies
2
Views
719
YeOldeStonecat
YeOldeStonecat
Appletax
How to deal with RGB fans in gaming PC?
Replies
8
Views
2K
Appletax
Appletax
Back
Top