NOD32---Found infected .jar file, but only gave me "LEAVE" button

  • Thread starter Thread starter Thomas G. Marshall
  • Start date Start date
Virus Guy said:
Duane Arnold wrote:

(waaaay to much information).

Look. Just answer a simple question.

If Sun JRE version A has known vulnerabilities, and a user updates
their computer with JRE version B, is the computer still at risk when
web-surfing because it still has JRE version A installed?
Click to expand...

The implication from the Sun site is that up to version 1.5.0.6, the answer
is 'YES'!

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
David said:
From: "Adam Piggott" <[email protected]>

|
| - From my experience they also ship with malware on them so I'd avoid them
| like the plague anyway!

Dell makes quality platforms. However it is my opinion to NEVER take the default factory
configuration. Always wipe the computer and install the OS from scratch. This includes
other vendors.
Click to expand...

Now you tell me, Dave. I will never, ever buy another computer with
and OEM installation of the OS.

This doesn't address the Java problem, does it?

Introducing the Dell De-Crapifier…
(http://www.yorkspace.com/2006/04/38)

Dell De-Crapifier by Jason York
(http://www.yorkspace.com/wp-content/DellDe-Crapifier-1.0.au3)

Ron :)
 
Noel said:
The implication from the Sun site is that up to version 1.5.0.6,
the answer is 'YES'!
Click to expand...

Then why does Sun's JRE install package not remove previous versions
of itself?

How many users have updated their JRE, thinking that in doing so they
have mitigated or reduced the vulnerability of their systems to
web-based (java-based) malware?

PS:

On a default Win-98 installation, I believe that Java version 1.4.2 is
installed (Microsoft's version of JRE I guess). That version doesn't
show up in the add/remove program list. I don't know what (if any)
versions of JRE are found on a default installation of 2K or XP.

Question: On Win-98 systems, should the default 1.4.2 version of JRE
be uninstalled? Can it be?
 
Virus Guy said:
Duane Arnold wrote:

(waaaay to much information).

Look. Just answer a simple question.

If Sun JRE version A has known vulnerabilities, and a user updates
their computer with JRE version B, is the computer still at risk when
web-surfing because it still has JRE version A installed?
Click to expand...

The simple answer is yes due to older versions that must stay on the machine
due to any given version being executed at the Web server. All Web servers
are not running the same version JRE or .Net and the older versions must
stay on the machine.

It's as simple as that.

Boy, you try to educate someone that doesn't know how a something works
Java, .Net or otherwise and this is the response?

I thought you were a *computer man* with some technical expertise, my
mistake.

I hope I gave you or anybody else some kind of understanding as to what is
happening between the Web Server and the browser at the client machine with
the browser having very little or no control but to render the page. in a
Web session.

<snip>

Web solutions are based on what version of the Web runtime components
are being used in the development of the Web solution by the developer.

The bottom line is there are going to be multiple versions of the
runtime components on the client side.

<snip>

Duane :)
 
Duane said:
The simple answer is yes
Click to expand...

OK, thankyou.

Don't you think that's what 99.999% of SOHO computer users,
sys-admins, and IT departments and readers of this group need to know?
Boy, you try to educate someone that doesn't know how a
something works
Click to expand...

This is not a .NET or a Java forum.

Your expertise is even more valuable when you understand a question
and distill a useful, context-specific answer.
 
Virus Guy said:
Then why does Sun's JRE install package not remove previous versions
of itself?

How many users have updated their JRE, thinking that in doing so they
have mitigated or reduced the vulnerability of their systems to
web-based (java-based) malware?

PS:

On a default Win-98 installation, I believe that Java version 1.4.2 is
installed (Microsoft's version of JRE I guess). That version doesn't
show up in the add/remove program list. I don't know what (if any)
versions of JRE are found on a default installation of 2K or XP.

Question: On Win-98 systems, should the default 1.4.2 version of JRE
be uninstalled? Can it be?
Click to expand...

In a default Win98 NO version of Sun Java is installed - the MSJAVA client
is installed, which is a totally different kettle of fish!
The MSJAVA in Win 98 can be updated to the latest version (3810) or
uninstalled - the preferred solution is to uninstall it, since it hasn't
been supported by MS (after losing a lawsuit with Sun ) for years, and
presumably has vulnerabilities (which it's likely nobody bothers to exploit
any more).


Sun have refused to comment on the reasons why they fail to uninstall
earlier versions of the software - one can only assume that it's either
because they're inept, or because they don't give a fig about heir users'
security.


--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
The simple answer is yes due to older versions that must stay on the
machine due to any given version being executed at the Web server. All
Web servers are not running the same version JRE or .Net and the older
versions must stay on the machine.
Click to expand...


Not so - 'good' Java apps will work in the latest version of Java available
on any machine.
The ones that don't, are ones that either don't fully comply with the
specification, or are attempting to utilise undocumented functionality or
exploits!

With .NET, the difference between v1.1 and v2 is significant - it's more
than just an update, and could almost be considered a different platform,
hence the need to keep both on the system if you're running software that
needs each.



--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
From: "Ron Lopshire" <[email protected]>


|
| Now you tell me, Dave. I will never, ever buy another computer with
| and OEM installation of the OS.
|
| This doesn't address the Java problem, does it?
|
| Introducing the Dell De-Crapifier…
| (http://www.yorkspace.com/2006/04/38)
|
| Dell De-Crapifier by Jason York
| (http://www.yorkspace.com/wp-content/DellDe-Crapifier-1.0.au3)
|
| Ron :)

I recently was given a IBM ThinkPad T60 with a Biometric finger device.
What a pain that notebook was ! First there was a modification to LSA that made adding the
notebook to the Domain more than difficult.

Second was the Biometric finger device interfered with Smart Card Domain Authentication. It
defaulted to wanting Finger indentification and when a Smart Card was inserted it would not
ask for the PIN.

If it wasn't a one-shot deal, I would have wiped it and installed the OS and apps from
scratch and then created a Ghost image. Hopefully I won't get another T60 but if I do....
:-)
 
Noel said:
In a default Win98 NO version of Sun Java is installed - the
MSJAVA client is installed (...)
The MSJAVA in Win 98 can be updated to the latest version (3810)
or uninstalled - the preferred solution is to uninstall it (...)
Click to expand...

Just to complete this thread, I believe the following instructions
will remove the MS Java VM that is installed on Win NT4/9x machines:

- Click Start, Run and enter:
- RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall

You may (or will) see a message saying "If this component is
uninstalled, Microsoft Internet Explorer will not be able to
download files from the World Wide Web. Do you want to
uninstall the Microsoft VM?"

- Click Yes to confirm the uninstall, and restart your system
when it's complete.

- Delete the following folders if they are still present:
c:\windows\java
c:\windows\inf\java.pnf
c:\windows\system32\jview.exe
c:\windows\system32\wjview.exe

- Click Start, Run and enter regedit to start the Registry
Editor. Browse to the following keys, highlight and
delete them:

HKEY_LOCAL_MACHINE\Software\Microsoft\Java VM
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\AdvancedOptions\JAVA_VM

* For Windows NT4 and Windows 2000, replace c:\windows with c:\winnt.
* For Windows 95, 98, 98SE and ME, replace c:\windows\system32 with
c:\windows\system
 
Virus Guy said:
OK, thankyou.

Don't you think that's what 99.999% of SOHO computer users,
sys-admins, and IT departments and readers of this group need to know?


This is not a .NET or a Java forum.

Your expertise is even more valuable when you understand a question
and distill a useful, context-specific answer.
Click to expand...

But in order to know something on how to protect one's self in information
passed in a Web session between the browser and the Web server is in
understanding how the session works.

A Web session is very vulnerable if the session is not using HTTPS, because
it's a stateless session between the client machine and the Web server. And
that traffic is intercepted and spoofed by a hacker or someone eavesdropping
on the traffic in the sessions.

Duane :)
 
Noel Paton said:
Not so - 'good' Java apps will work in the latest version of Java
available on any machine.
The ones that don't, are ones that either don't fully comply with the
specification, or are attempting to utilise undocumented functionality or
exploits!
Click to expand...

I don't doubt it. I don't use Java in Web solutions.
With .NET, the difference between v1.1 and v2 is significant - it's more
than just an update, and could almost be considered a different platform,
hence the need to keep both on the system if you're running software that
needs each.
Click to expand...

..Net is backwards compatible with its older versions. So any thing that was
done in .Net 1.1 should work in 2.0. The ECMA and ISO who control the .NET
Framework (MS doesn't own it) to run across platforms and to be used by
multiple languages other than what MS has on the table is not going to allow
that.

A .Net application can specially indicate what version of the .Net
Framework it's going to use and will look for that version.on the machine.
There are 3 versions of the .NET Framework that I know about version 1.0,
1.1 and 2.0.

Duane :)
 
Duane Arnold said:
I don't doubt it. I don't use Java in Web solutions.


.Net is backwards compatible with its older versions. So any thing that
was done in .Net 1.1 should work in 2.0. The ECMA and ISO who control the
.NET Framework (MS doesn't own it) to run across platforms and to be used
by multiple languages other than what MS has on the table is not going to
allow that.

A .Net application can specially indicate what version of the .Net
Framework it's going to use and will look for that version.on the machine.
There are 3 versions of the .NET Framework that I know about version 1.0,
1.1 and 2.0.
Click to expand...


..NET 1.1 Applications will NOT necessarily run on .NET 2.0 - and .NET 2 apps
will not run on .NET 1.x (although if of limited scope they may) - which is
the reason that you have to have both versions installed.
There is NO enforced backward compatibility betwen major versions - although
..NET 1.0 apps will run on .NET 1.1, since that was an update to 1.0, not a
total revision.

I believe that there are no plans for backward compatibility in v3 of .NET,
either.

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
Noel Paton said:
.NET 1.1 Applications will NOT necessarily run on .NET 2.0 - and .NET 2
apps will not run on .NET 1.x (although if of limited scope they may) -
which is the reason that you have to have both versions installed.
There is NO enforced backward compatibility betwen major versions -
although .NET 1.0 apps will run on .NET 1.1, since that was an update to
1.0, not a total revision.

I believe that there are no plans for backward compatibility in v3 of
.NET, either.
Click to expand...

No, you don't understand what I am talking about. .NET not only runs for Web
solutions but it runs Windows Desktop solutions, NT services and console
application and many other application solutions. The core of .NET is not
changing that much so it should be a none version issue with a control or
fratures that was written in version 1.1 as opposed to the same features
being used in 2.0 or 3.0 for that matter.

Granted that there are features in v2.0 that are not in v1.0 or v1.1 and if
a developer wants to use those features, then he or she must go to the
latest version to use them. But that doesn't not mean that a control or
frature the was written using v1.x will not work in v 2.0

Now, if the feature or control has changed interfaces between 1.1 and 2.0,
then that feature or control must be converted to use the latest. That's
what I mean in backwards compatibility.

There is no way a company using .Net solutions is going to stand for total
change of its solutions because of a version change. A vast majority of the
..NET features are backwards compatible, just like VB.NET is some aspects is
still backwards compatible with VB 6 code and it doesn't have to be
converted to VB.NET in order for the code to be executed in a VB.NET
solution.

MS has already has been down that path of knowing what not to due when it
went from VS 5 languages to VS 6 languages and all controls on the forms
that were in version 5 had to be rewritten to work in version 6 by the
developer and I am sure it was an uproar about that, as I was pissing and
scramming about it with other developers.

Duane :)
 
Now, if the feature or control has changed interfaces between 1.1 and 2.0,
then that feature or control must be converted to use the latest. That's
what I mean in backwards compatibility.
Click to expand...

Exactly - and that's where .NET2.0 'fails' - there is NO ensured backwards
compatibility
because a lot of things changed between v1.x and v2.x...which is why you
still have to have both installed! (which is what I've been saying all
along!)
There is no way a company using .Net solutions is going to stand for total
change of its solutions because of a version change. A vast majority of
the .NET features are backwards compatible, just like VB.NET is some
aspects is still backwards compatible with VB 6 code and it doesn't have
to be converted to VB.NET in order for the code to be executed in a VB.NET
solution.
Click to expand...

It WAS accepted - because many devs realised that the benefits of the
upgrade far outweighed the hassle involved in re-writing the limited amount
of .NET stuff that was available at the time - and there were, IIRC, easy
methods of semi-automating the port from v1.x to v2. ( I don't code - so
have no details!)
Like they say - never buy the first model car....it'll have more gremlins
than every follow-on model put together!
--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Noel said:
The MSJAVA in Win 98 can be updated to the latest version (3810) or
uninstalled - the preferred solution is to uninstall it, since it
hasn't been supported by MS (after losing a lawsuit with Sun ) for
years, and presumably has vulnerabilities (which it's likely nobody
bothers to exploit any more).
Click to expand...

I still see plenty of new malicious web pages that include Microsoft's Java
VM in their list of things to try to exploit, so my advice would be to
remove it as soon as you can!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)

iD8DBQFEw7P+7uRVdtPsXDkRAhwDAJwJW0Lzy3I5RF1Ihr0FyWVRK+QVpQCfYjFH
cpd304lhjHRvk6KEuBs8bHg=
=nOPE
-----END PGP SIGNATURE-----
 
Noel Paton said:
Exactly - and that's where .NET2.0 'fails' - there is NO ensured backwards
compatibility
because a lot of things changed between v1.x and v2.x...which is why you
still have to have both installed! (which is what I've been saying all
along!)


It WAS accepted - because many devs realised that the benefits of the
upgrade far outweighed the hassle involved in re-writing the limited
amount of .NET stuff that was available at the time - and there were,
IIRC, easy methods of semi-automating the port from v1.x to v2. ( I don't
code - so have no details!)
Like they say - never buy the first model car....it'll have more gremlins
than every follow-on model put together!
Click to expand...

Well, I'll find out as the company I started at is in transition between
..Net 1.1 to version 2.0, only in concept thinking. Maybe, that's why they
have sent a couple of developers to school. In the meantime, it's hard
enough getting them to realize that the company Web Framework that was put
together by the .NET architect, a trainee .Net architect that quit but
downloaded everything from MS as is and used it unchanged. ;-), to use the
..NET Framework is a piece of trash and they need to be moving to a less
complicated company Framework.

Maybe, I can catch them in transition and take them away from this 7 logical
tier 3 physical tier solution to a to or 3 logical tier and 2 physical tier
solution.

I already have gotten rid of three logical tiers in this proto type
application I am doing that this other *clown* convinced them that they
needed and they wouldn't change while he and his partners in crime were
there. Now, they are gone and the other developers and business analysis are
saying good bye and don't come back to those who wouldn't listen to there is
something wrong with that damn Company Framework.

Unfortunately, the company the others went to that didn't have .Net is going
to get a dosage of what they did at the previous job. Believe me, if you
saw this you wouldn't believe it, as it's horrible. It's so bad that the
..NET IDE debugger and or IIS will terminate itself at the development
machine with all them convinced that it was a workstation problem and it's
not a workstation problem. I think I am now on the road to showing them it's
the piece of trash company Framework that's the problem, even though some
already knew this but couldn't prove it! :)

Duane :)
 
Adam Piggott said:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



I still see plenty of new malicious web pages that include Microsoft's
Java
VM in their list of things to try to exploit, so my advice would be to
remove it as soon as you can!
Click to expand...

I doubt that - what you may well be seeing is vulnerabilities involving
JavaScript - which is totally different!
Any examples??

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
David H. Lipman said something like:
Dell makes quality platforms. However it is my opinion to NEVER take the
default factory configuration. Always wipe the computer and install the
OS
from scratch. This includes other vendors.
Click to expand...


It doesn't take someone as clinically paranoid as I to be suspect of
installations done by an outside party. In any case, I like reclaiming the
partition that Dell likes to use for their "diagnostics".



--
Very old classic: Three men check into a hotel: the
room is $25 for the night. They each hand the bellhop
$10 and ask him to bring back the change. When the
bellhop returns with the $5 change, the men figure it's
easiest math to give $1 back to each of them and leave
$2 to the bellhop as a tip. Now each man paid $9 for
a total of $27. The bellhop got $2, that makes $29.
What happened to the last $1?
Answer (rot13): Unir gb or pnershy ubj lbh nqq guvf hc.
Gur guerr zra cnvq $27 gbgny, BHG BS JUVPU $2 jrag gb
gur oryyubc.
 
Back
Top