|
Posted by Bit Twister on December 11, 2007, 7:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
On Tue, 11 Dec 2007 23:43:34 -0000, george wrote:
> my machine is about a year old, it runs java 1.5;
That's stupid. You need to always install the latest security updates.
Black hats create/release malware around 48 hours after exploit
patches are released. They are out hunting unpatched systems.
java is 1.6.something. What is worse, java update does not remove old
install code automatically. You have to get in there and delete the
old install manually. :(
> how could I possibly have byteverify in the first place? Whatever peoples
> oppinions are on Norton security, it is still one of market leaders and as
> such you'd expect it to prevent you getting this old trojan?
Heheheheh, AV vendors have been dropping old signatures in an attempt
to not bog down the system.
As for AV protection, vendors have to catch the malware, test their
scanner/filter, migrate the change to production and you need to
update your AV engine/database. Big window of importunity for infection.
You might want to check detection times for just the latest malware at
http://www.commtouch.com/Site/ResearchLab/VirusLab/recent_activity.asp
|
|
Posted by Sebastian G. on December 11, 2007, 7:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Bit Twister wrote:
> On Tue, 11 Dec 2007 23:43:34 -0000, george wrote:
>
>> my machine is about a year old, it runs java 1.5;
>
> That's stupid. You need to always install the latest security updates.
Why do you think his system is not up-to-date? Sun Java VM 1.5 and even the
1.4 is still supported, and security updates get delivered. (Thus, he should
be at 1.5 Update 10).
> java is 1.6.something.
Indeed, the security improvements in Java 1.6 should be considered to
provide good resilence against future attacks.
> What is worse, java update does not remove old
> install code automatically. You have to get in there and delete the
> old install manually. :(
Which is true, but not relevant for this case.
> As for AV protection,
Virus scanners can't provide protection, by design.
|
|
Posted by Sebastian G. on December 11, 2007, 7:27 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Right - my machine is about a year old, o/s windows xp, it runs java 1.5;
> how could I possibly have byteverify in the first place?
Trivial: Visit a website containing something like <object
data="http://someserver.org/somepath/somefilename.class"
type="application/java" width="0" height="0"></object>. This will make
somefilename.class end up in
- your webbrowser's cache
- your webbrowser's plugin temporary directory
- your java applet cache, unless you have deactivated caching
> Whatever peoples oppinions are on Norton security, it is still
> one of market leaders
Who cares for the winner of the paralympics of security solutions? Unless
you want your system to get hosed, you should never install such a software.
> and as such you'd expect it to prevent you getting this old trojan?
Why should I try preventing my webbrowser from caching data? I fucking don't
care what it is as long as is doesn't get executed.
>
>
|
| Similar Threads | Posted | | WS Trojan Scanner | March 30, 2005, 7:14 am |
| Strange behavior ... New trojan? | May 6, 2004, 7:57 am |
| trojan horse Canada | December 1, 2004, 8:07 pm |
| World Cup email is a Trojan | May 30, 2006, 3:27 pm |
| Re: Trojan from using VNC Viewer Software | April 2, 2007, 5:38 am |
| Help me,my computer maybe at risk with some trojan. | April 9, 2008, 12:43 pm |
| Trojan hides in 'Amazon' email | May 30, 2006, 3:31 pm |
| Fake Microsoft emails hide Trojan spy | May 30, 2006, 3:25 pm |
| TROJAN-HORSE ATTACKS INCREASING, HITTING U.S., WORLDWIDE | June 25, 2005, 3:59 pm |
| Uninstalled anti-trojan s/w still preventing access for basic operations? | October 24, 2005, 1:05 pm |
|
XML site map