Java whitelisting and blacklisting

Discussion in 'other security issues & news' started by MrBrian, Feb 12, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Introduction to Java Jar format: Malware in a Jar

    1. Inside the browser:
    Upcoming Exception Site List in 7u51 (easier method)
    Oracle adds long-awaited whitelisting capabilities to Java (harder method)
    Introducing Deployment Rule Sets (harder method)
    Take control of Java on your network (harder method)
    How Hard Is It To Blacklist A Java Applet?
    How do I disable Java in my web browser?

    2. Outside the browser:
    Cannot prevent JAR file execution using group policy
    Multi-Stage Exploit Attacks for More Effective Malware Delivery

    Since I use Java only for programs that run elevated as admin, I plan to use AppLocker to block the Java .exes themselves for all users except full admins. The same can be done in Software Restriction Policies, since SRP has an option to exclude administrators.

    See also: Oracle reveals plans for Java security improvements
     
    Last edited: Feb 12, 2014
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Tested, works :D. That plugs a big hole in my anti-executable policy.
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If you're disallowing Java executables by policy, note that the Java installer can install Java .exes in \windows subfolder(s) also. I have 3 in \windows\syswow64.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Last edited: Feb 12, 2014
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Those who want to use Software Restriction Policies to restrict Java but can't because your edition of Windows doesn't include an editor for it can instead use Software Policy.
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Last edited: Feb 16, 2014
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.