Adobe & Java Make Windows Insecure (vulnerability study)

http://www.av-test.org/en/news/news-single-view/artikel//adobe-java-make-windows-insecure/

 

Indeed. That reminds me about one line I've read which said "The problem is not the web browsers, the problem is the plugins used by the web browsers". But Windows by itself already has holes, intentionally or unintentionally.

 

Interesting read. However this sentence makes me shudder :

"..The only protection solution remaining for XP users from April 2014 onwards is to install a good security suite!"

 

I'm glad this was posted, it helped explain the most common attacks without burying me in jargon and tech books. I'm not entirely sold on using less common alternatives such as PDF-Exchange though. I do agree that by doing so, a user is less of a low hanging fruit. But vulnerabilities might be less noticed as well, leading to the same amount of danger. I in no way agree that a security suite is going to help the XP situation. That operating system needs to have all updates blocked and users forced off of it in some manner.

 

The security suite suggestion is probably only one way to simplify it. Most people are not interested in trying out some exotic security apps. While some people will have to stay with XP, with they like it or not.

 

Another doomsday for XP article. The author doesn't seem to know the difference between java and javascript.

The vast majority of websites don't use java. Defending yourself against java malware is as simple as disabling it by default and allowing it for only those few sites that need it. As for javascript, browser extensions like NoScript can mitigate most javascript attacks, as can a web filtering proxy like Proxomitron. Security suites are of limited value against malicious javascript.

 

Although I doubt that I am an 'average' or 'typical' home computer user, I have had no problems at all since I uninstalled Oracle Java completely and I suspect that many others could do the same (unless they play online games of course!).

As for JavaScript, I use NoScript with Firefox (which hopefully should also stop some Flash problems) and run FF and Opera in Sandboxie as another layer of protection.

I stopped using IE many years ago but appreciate that it is probably still vulnerable, even if not actually being used. I switched from Adobe to Foxit Reader a long time ago and use it in its default 'secure' mode for the very few pdf documents I need to open.

 

On Palemoon and SeaMonkey, I use PrefBar to enable/disable java, flash, and browser plugins conveniently from the browsers toolbar. Prefbar is very customizable and works on most gecko browsers.

Other options for mitigating malicious flash content include the FlashBlock extension or using the click-to-play option for flash content.

I also dropped Adobe Reader but chose PDFXchange instead. I installed it without the browser plugin, preventing PDFs from being opened in the browser at all. This exploit from 2007 convinced me that integrating the browser and PDF player was a bad idea. There have been many more PDF exploits since then that were easily defeated by not opening PDFs in the browser.

Java and Adobe products holding the title of Windows biggest vulnerabilities is a comparatively recent event. Before these combined took that claim, Internet Explorer was Windows worst vulnerability. More patches were issued because of IE than anything else. Exploits for IE6 regularly resulted in remote code execution, often due to its integration into the desktop and the OS itself. Togg is correct in that IE is a vulnerability on XP and earlier systems even if you're not using it. On all but one OS, I removed Internet Explorer (and many other unneeded components) with XPLite and 98Lite. They're worth the price. I strongly suggest making a system backup first, especially if you're removing services and components in the "advanced components" section.