Login  |  Register  |  Contact

Java Moving from Ridiculous to Surreal

Adam Gowdiak in [SE-2012-01] An issue with new Java SE 7 security features:

That said, recently made security “improvements” to Java SE 7 software don’t prevent silent exploits at all. Users that require Java content in the web browser need to rely on a Click to Play technology implemented by several web browser vendors in order to mitigate the risk of a silent Java Plugin exploit.

This was via Ed Bott who has also been covering the deceptive installs included with nearly all Java updates:

  • When you use Java’s automatic updater to install crucial security updates for Windows , third-party software is always included. The two additional packages delivered to users are the Ask Toolbar and McAfee Security Scanner.
  • With every Java update, you must specifically opt out of the additional software installations. If you are busy or distracted or naive enough to trust Java’s “recommendation,” you end up with unwanted software on your PC.

I have checked, and (so far) I cannot correlate kitten deaths with Java installs, so we’ve got that going for us.

Which is nice.

—Rich

No Related Posts
Previous entry: Marketers take the path of least resistance | | Next entry: The Inside Story of SQL Slammer

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

Name:

Email:

Remember my personal information

Notify me of follow-up comments?