Updates?
So we should regularly update our Java runtimes?
Yeah, right...
More than two in three exploits kits that attempt to inject malware into web surfers' computers were developed in Russia - and at least one in two exploit rather old vulnerabilities. Blackhole 2.0 is the most often used hacking toolkit - installed on websites to attack and take over visitors' computers - but it targets fewer …
This post has been deleted by its author
Or just not use the Java plugin.
It's amazing how many people are completely confused by the fact that having a "Java runtime" or a "Java JDK" does not imply that it will run Applets from the Internet unless the browser has been configured to do so or one runs JNLP files indiscriminately. Additionally, JVMs from some vendors may exhibit security problems, JVMs from other vendors may not.
In the December 2012 of IEEE Computer, Lee Garber (IEEE Computer Society’s senior news editor) writes about the Java (or rather, the Snoracle) Security wobbles and seems to be totally unsure about the difference between applet running and application running. He then cites Gary McGraw, chief technology officer of software-security consultancy Cigital (who he?) who proceeds to say:
“Java is beginning to show its age. There are many newer platforms that might be better from a security perspective, such as Ruby on Rails, HTML5, and .NET.”
Total confusion. Or lazyness. Or worse. RoR for running applets? .NET?? Securely??? I don't think so.
The first thing to do is to switch of the computer, unplug the phone line, disconnect the electricity, board up your doors then head down into the cellar.
Remove the shotgun from the cabinet, insert new catridge(s), put end of barrel into mouth and pull trigger.
There, no more problems ..... That's how to fool them damned ruskies............
Now isn't that a nice thought for a Monday morning...
( Statistically. I would think that you would be safer with the latest Java. even with its holes, than you would be with a 2 year old unpatched IE 6)....
a lot. but I continue to get thumbed down for pointing out the truth.
It's all a big scam. The AV companies don't write the viruses, but they sure do make a lot of money pushing pointless "fixes" to old viruses that are dead and buried, slowing down your computer, and NOT addressing the real threats of today. Half those virus definitions you care so much about are for old worms from the early 90s, like you would ever catch one anyway. Wake up.
I'd say its more like that annoying steering lock you put over your steering wheel. Its a pain to have to put it on and take it off, but your car looks less attractive to the thieves than one without it. They do the other cars but leave yours alone.
Or you could get something obscure that the thieves have difficulty selling on which makes you safer, but not invulnerable.
So no anti virus software has ever picked up any malware?
Good, on that basis everyone should remove it immediately, as you say it's not needed, and there have NEVER been any detections, ever!
I feel much safer.
Next week folks, remove seatbelts, air-bags and crumple zones from your cars as not crashing is the best method of defence.
Idiot.
Maybe so.
My own view is that while antivirus packages can stop some fo what attacks you, there are those packages that make your system slow and, in some cases, unusable because of all the extra crapware they bundle in with it. Added nag screens and popups that try to get you to "upgrade", pointless extra bits in the background that rarely do anything other than chew up resources, things that essentially duplicate what your software or OS do on their own...
While I like to have an A/V handy on my Windows system, I prefer to make sure that A/V is all it does.
I think you are having trouble telling the difference between hardware, the laws of physics, your crap car analogy, and software - which is completely different. Try and write a software seatbelt. You are obviously on drugs.
"Another solution would be to stop leaving bugs in software for people to exploit, but everyone makes mistakes in all industries "
True. But when we're talking about stuff like buffer overflows, that's not a mistake, that's rank, steaming incompetence that would be easily prevented by proper coding, or easily fixed after the event by proper design and documentation (as opposed to fixing the same conceptual fault through fifty million discrete patches released over severla years).
The prevalence of repeated security flaws with some products indicates that they were originally coded by clods who didn't build to any sensible design, and left behind no useful documentation.
I am not paid by any AV companies - it would be nice though!
My experience is different from yours - AV works well enough alongside all the other precautions I take.
Out of interest, do you have the same hatred for firewall and anti-spyware manufacturers, or is it only AV producers that are singled out?
Yes.
Firewalls are the dogs nuts, and also I give props to the guys maintaining the spam blacklists which are very effective. They are the real heroes. Everyone else is just trying to cash in on the perceived glory.
Anyone can surf the internet looking for viruses and call themselves a security researcher. It's the easiest job in the world.