Java and Adobe Flash, oh my!
Sunday, June 20, 2010 at 5:56AM 
With all the talk about Java and Adobe Flash allowing malware into our systems, I figured it might be time to comment. Let's start by framing out the discussion to get a better understanding of what's actually going on with this crazy Internet of ours. The Internet is just like the world around you and it's filled with people with good and bad intentions. Some programs are written to defend you against the bad guys. Some programs are written by the bad guys themselves and meant to cause damage or steal your data. The current latest, greatest, most popular applications are used by both the good and the bad guys. Whenever an application becomes very popular and the masses flock to it, malicious hackers tend to focus on that application and look for vulnerabilities. Windows is attacked more often than the Mac or Linux mostly because of the shear number of computers running Windows. Unless a Mac or Linux computer is a very high value target, hackers are typically not interested in hacking the computer. Most new web-based attacks are "drive by" attacks aimed at un-patched Windows computers that are missing the latest Windows and third party updates. Some new attacks have the potential to infect or compromise multiple operating systems through common third party applications like Java, Adobe Flash Player and Adobe Reader . So, is there a way to defend against attacks on your Computers? There is currently no perfect solution that will defend against all attacks while you are still connected to the Internet. Can you help prevent an attack against your computer? Yes, you can do regular updates on your computer and use a current Anti-Malware application. You need to do your operating system updates and you need to make sure you have all your third party applications up to date. The following links will help update your computer and defend against the onslaught of creative hackers and sometimes inept programmers that make up our beloved Internet.
Check your version of Java http://java.com/en/download/help/testvm.xml
Check your version of Adobe Flash http://www.adobe.com/software/flash/about/
Check your Browser Plugins http://www.mozilla.com/en-US/plugincheck/
Update Checker http://www.h-online.com/security/services/Scan-Now-885585.html
Before you go, check out some of our other links.
Free Stuff and Great Deals /deals/
Follow Me on Twitter http://twitter.com/scccpj
Follow me on Facebook https://www.facebook.com/clarkcomputerconsulting
Use the following link to get an extra 250MB of storage when you sign up for Dropbox.https://www.getdropbox.com/referrals/NTEyODQxMjE5
Have a blessed day, be safe :-)
Reader Comments (2)
I think it's also worth mentioning that *any* scripting you allow to run in your browser can be used as an attack vector. If you're concerned about Java or Flash opening a security hole in your machine, then you really shouldn't be running with JavaScript enabled, either but I hardly ever see people mention that. XSS is a huge threat, and JS by its nature is the most common vector for it.
Cross Site Scripting is a well known problem that is being addressed by most modern browsers and also plug-ins like NoScript. Unfortunately even with scripting disabled, the only way to be completely safe is to actually not be online at all. Most of the content on Rootaid.com is here to help the average end user who spends most of their time browsing sites like Facebook, Gmail and Twitter. These users would rather not use the internet than use the graphically crippled internet with scripting disabled. The reality is that most modern sites are using Flash , Silverlight, Java, Ajax etc etc to display the rich content wanted by most normal end users. Alternatives like HTML 5 exist and are starting to provide rich content comparable to Adobe Flash and Quicktime but as long as your computer is connected to the web you are still open to attack. Security professionals on business critical machines should indeed be browsing with scripting disabled. Turning off scripting will make your browsing experience safer but so will keeping all your applications updated. Everything is incremental, doing updates, using OpenDNS, running a current AV product etc etc.