Re: Microsoft Anti-Spy War Protection



thanks -
from what I read, not all 1.4.2.x nor all 1.3x are vulnerable - there are
update to them make them more secure

Anytime there is reflection API, there is some risk of exploitation. I won't
rule out the potential risk in dotnet either. it takes only a misstep
somewhere in development and or implementation to result in security risk.

"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote in message
news:%23xWNKJsMGHA.3064@xxxxxxxxxxxxxxxxxxxxxxx
jg wrote:
Hello David
I would like a bit more the vulnerability of JRE prior to 1.5.


See http://secunia.com/advisories/18760/ for more info.


I have client that has applications that work only with earlier
version of JRE. . They are not about to rewrite to 1.5x anytime
soon. Worse, they also have some application from the government
bundled with some earlier JRE.

What is the best way for me to protect them? Getting rid of older
version of JRE and rewriting is not an option right now


Download and install the version specific fixes at the above link. If at
all possible you should be using the latest version of Java. I have seen
many computers with spyware installed via java exploits during the past
month.

Kerry




.