Home arrow Java arrow Java Too Insecure, Says Microsoft Researcher
JAVA

Java Too Insecure, Says Microsoft Researcher


Microsoft Malware Protection Center researcher Matt Oh has been sounding the alarm about Java-based malware. He says that the situation is continuing to get worse. The problem goes far beyond Windows, too.

Author Info:
By: Terri Wells
Rating: 5 stars5 stars5 stars5 stars5 stars / 2
August 06, 2012

print this article
SEARCH DEVARTICLES

Microsoft Malware Protection Center researcher Matt Oh has been sounding the alarm about Java-based malware. He says that the situation is continuing to get worse. The problem goes far beyond Windows, too.

Infoworld broke the story. You can also read Matt Oh's own blog post. In fact, I recommend that you do, as it tells you how to protect yourself from Java-based malware.

Oh is concerned about type-confusion vulnerabilities. He notes that we've seen an increase over the past few months in malware abusing that kind of vulnerability, citing both the old CVE-2012-0507 one, and a new one, labeled CVE-2102-1723. Infoworld's Woody Leonhard refers to these as sandbox breaches. “If malware authors can jump out of the Java/JRE sandbox, they can take control of a system, whether it's running Windows, Mac OS X, or Unix. A single Java vulnerability...can result in successful exploits that bypass the operating systems defenses simply because they're running in Java,” Leonhard explained.

How do you defend against this vulnerability? Oh recommends that you update JRE, and disable it whenever possible. In fact, if you don't use Java at all, you should uninstall the JRE completely. Leonhard tells his readers to go even further: get your users off of JRE/JVM. “If you have a product that requires JRE, migrate it. If your business plans call for JRE apps, modify them. If you or your dev team programs client apps that require JRE, it's time to expand your skill set.”

Do you use JRE? Have you experienced security issues as a result? Share your experiences in the comments. 

 


DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

All Java Tutorials
More By Terri Wells


blog comments powered by Disqus
JAVA ARTICLES

- Java Too Insecure, Says Microsoft Researcher
- Google Beats Oracle in Java Ruling
- Deploying Multiple Java Applets as One
- Deploying Java Applets
- Understanding Deployment Frameworks
- Database Programming in Java Using JDBC
- Extension Interfaces and SAX
- Entities, Handlers and SAX
- Advanced SAX
- Conversions and Java Print Streams
- Formatters and Java Print Streams
- Java Print Streams
- Wildcards, Arrays, and Generics in Java
- Wildcards and Generic Methods in Java
- Finishing the Project: Java Web Development ...

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2014 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials