Re: Microsoft Anti-Spy War Protection
- From: "jg" <junk@xxxxxxxx>
- Date: Thu, 16 Feb 2006 08:35:22 -0700
thanks -
from what I read, not all 1.4.2.x nor all 1.3x are vulnerable - there are
update to them make them more secure
Anytime there is reflection API, there is some risk of exploitation. I won't
rule out the potential risk in dotnet either. it takes only a misstep
somewhere in development and or implementation to result in security risk.
"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote in message
news:%23xWNKJsMGHA.3064@xxxxxxxxxxxxxxxxxxxxxxx
jg wrote:
Hello David
I would like a bit more the vulnerability of JRE prior to 1.5.
See http://secunia.com/advisories/18760/ for more info.
I have client that has applications that work only with earlier
version of JRE. . They are not about to rewrite to 1.5x anytime
soon. Worse, they also have some application from the government
bundled with some earlier JRE.
What is the best way for me to protect them? Getting rid of older
version of JRE and rewriting is not an option right now
Download and install the version specific fixes at the above link. If at
all possible you should be using the latest version of Java. I have seen
many computers with spyware installed via java exploits during the past
month.
Kerry
.
- Follow-Ups:
- Re: Microsoft Anti-Spy War Protection
- From: Kerry Brown
- Re: Microsoft Anti-Spy War Protection
- References:
- Re: Microsoft Anti-Spy War Protection
- From: David H. Lipman
- Re: Microsoft Anti-Spy War Protection
- From: jg
- Re: Microsoft Anti-Spy War Protection
- From: Kerry Brown
- Re: Microsoft Anti-Spy War Protection
- Prev by Date: Re: what is so special today at Microsfot - there seem to be only 1 support person at the newgroup
- Next by Date: Re: Microsoft Anti-Spy War Protection
- Previous by thread: Re: Microsoft Anti-Spy War Protection
- Next by thread: Re: Microsoft Anti-Spy War Protection
- Index(es):
Relevant Pages
|
