Re: Microsoft Anti-Spy War Protection



thanks -
from what I read, not all 1.4.2.x nor all 1.3x are vulnerable - there are
update to them make them more secure

Anytime there is reflection API, there is some risk of exploitation. I won't
rule out the potential risk in dotnet either. it takes only a misstep
somewhere in development and or implementation to result in security risk.

"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote in message
news:%23xWNKJsMGHA.3064@xxxxxxxxxxxxxxxxxxxxxxx
jg wrote:
Hello David
I would like a bit more the vulnerability of JRE prior to 1.5.


See http://secunia.com/advisories/18760/ for more info.


I have client that has applications that work only with earlier
version of JRE. . They are not about to rewrite to 1.5x anytime
soon. Worse, they also have some application from the government
bundled with some earlier JRE.

What is the best way for me to protect them? Getting rid of older
version of JRE and rewriting is not an option right now


Download and install the version specific fixes at the above link. If at
all possible you should be using the latest version of Java. I have seen
many computers with spyware installed via java exploits during the past
month.

Kerry




.



Relevant Pages

  • Re: Microsoft Anti-Spy War Protection
    ... Anytime there is reflection API, there is some risk of exploitation. ... I would like a bit more the vulnerability of JRE prior to 1.5. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Microsoft Anti-Spy War Protection
    ... there is only one PC with SDK for tech support use only. ... there is some risk of exploitation. ... I would like a bit more the vulnerability of JRE prior to 1.5. ... If at all possible you should be using the latest version of Java. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: ODLotD
    ... street and beaten by an angry mob for writing.. ... Please do kill-file me. ... There's no risk of me changing my handle anytime soon. ...
    (rec.sport.football.college)
  • Re: NOD32---Found infected .jar file, but only gave me "LEAVE" button
    ... If Sun JRE version A has known vulnerabilities, ... updates their computer with JRE version B, ... still at risk when web-surfing because it still has JRE ...
    (alt.comp.anti-virus)
  • Re: Trojan-Downloader.Java.Agent.c
    ... | against a specific version of the JRE. ... | they recommend keeping them? ... There are secutity hioles, vulnerabilities, in older versions and there is code (and I have ... Laeving old versions leaves your PC, and your data, "at risk". ...
    (alt.comp.anti-virus)