Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Security question - or - curiousity

13 Jun 2013   #1
Cliff789

ASUS X79 DELUXE LGA 2011 Intel X79 SATA 6Gb/s USB 3.0 ATX
 
 
Security question - or - curiousity

Running Win 7 makes it easier to keep administrator permissions separate as compared to XP which was a bit of a PITA. So I just don't run as administrator.

And as a result I get a popup about once a day from Oracle asking if they can modify my HD with a JAVA update. This is of a piece with the Windows updates that have been part of MS's service for so very long. Microsoft doesn't even stop to ask if it's OK to futz with your computer - they just up and do it.

Now here is the thing that bugs me:
How is it that hackers have not figured out how to impersonate these services? Seems to me that this would be the holy grail.


My System SpecsSystem Spec
.
13 Jun 2013   #2
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

Windows Update can be set to NOT automatically install updates.
It can notify you of updates before installing.
Check your Windows Update settings.

I don't have JAVA, but I'd be surprised if there is an update about once a day.
Are you sure the update is successful, and it's not the same update being offered again?
My System SpecsSystem Spec
13 Jun 2013   #3
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

I don't have Java installed either and have not had any issues surfing the internet so if you don't know what Java is or does (like I don't) Please Uninstall it.
My System SpecsSystem Spec
.

13 Jun 2013   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You can try this

Quote:
Click the Windows "Start" button and select the "Control Panel" item found on the right side of the Start Menu.

Click within the search box located at the top-right corner of the resulting window and type "Java."

Click the "Java" item that appears in the list of search results. The Java Control Panel pops up on your screen within a few seconds.


Select the "Update" tab located near the top of the Java Control Panel window.


Uncheck the box labeled "Check for Updates Automatically."



Click the "Never Check" button when prompted.



Click "OK" to confirm your choice and close the Java Control Panel.
My System SpecsSystem Spec
13 Jun 2013   #5
Cliff789

ASUS X79 DELUXE LGA 2011 Intel X79 SATA 6Gb/s USB 3.0 ATX
 
 

Quote   Quote: Originally Posted by DavidW7ncus View Post
I'd be surprised if there is an update about once a day.
Are you sure the update is successful, and it's not the same update being offered again?
Google it, there's lots of people reporting it.
It may be a buggy install that keeps trying over and over again. I'll unistal the whole bloody thing and reinstall fresh But still the original question goes on addressed. What keeps hackers from mimicking those things? Massive individualized code on each operating system that only the mother ship knows? If the NSA gets hacked how come they don't?
My System SpecsSystem Spec
13 Jun 2013   #6
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

I can't answer why things like the MS Update process/service is not hacked - I'm not a hacker...
I wouldn't be surprised if hackers do try...
If that ever happens, things will be MUCH worse imho, if we can't trust getting Windows updates securely/reliably.
I would guess MS has put a lot of effort into making sure their update process is secure...

Are you sure you need JAVA?
I removed it and have found no website I must use that requires it...
My System SpecsSystem Spec
13 Jun 2013   #7
pallesenw

Windows
 
 

There is cryptography involved. So it is not easily hacked.
My System SpecsSystem Spec
14 Jun 2013   #8
bobafetthotmail

Win 7 Pro 64-bit 7601
 
 

Quote   Quote: Originally Posted by Cliff789 View Post
How is it that hackers have not figured out how to impersonate these services? Seems to me that this would be the holy grail.
"Automatic software updates" just mean that the software installs a component in your PC that periodically initates a secure connection to its own download server.
This goes on without you knowing, but it's all stuff inside your PC that connects to its download server and asks "is this the last version?"

Goes without saying that you can disable this madness by either the program's own options (java has its own entry in Control Panel, icon view, the same for flash, and windows update can be set to not download automatically updates) or by removing manually entries of the update-checking components from startup, step 2 of this tutorial.

Being internet what it is, hacking something like this could theoretically happen in three broad ways:

-something (read: malware) modifies the address that the update-checking component uses to ask its questions and download stuff and redirects it to a malware server.

-someone intercepts the connection while en-route and swaps its stuff instead of the updates

-someone hacks the update server

Now, the first possibility is kinda stupid, as any malware that can do that would be perfectly capable of downloading whatever it wants on its own without screwing up other programs in the first place.
Quite a few advanced ones do have such "features", and update themselves from other infected PCs if their malware's "version" was newer.

Second is possible but horribly complex to pull off as the would-be hacker would have to exploit less-secure areas of the network between you and the download server. Which usually means hacking the wifi network you are connected to, or physically tampering with network infrastructure. Either is doable but risky, and does not allow a big-enough spread of the malware to make it worthwhile.

The last is possible but again complex to pull off. Any serious server admin are expecting this kind of tampering, and usually the download server is impregnable to such attacks. After all it just does have to answer a couple questions and upload stuff, it's not that hard to lock it down.
Yes, you can force it to crash or do the usual denial-of-service attacks, but there is no way of stealing its IP address to make a shadow server in the meantime.
My System SpecsSystem Spec
Reply

 Security question - or - curiousity




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Security question
Can I please have some advice on this bit of software. Is it good or bad Etc??:tip: many thanks. HitmanPro.Alert CryptoGuard - SurfRight
System Security
Security Question
I am trying to devise a layered security approach for my PC. I wrote in about this a while back but some of the programs were messing with my PC so I uninstalled them. I recently found ZoneAlarm Free Antivirus + Firewall. I currently have Trend Micro Titanium Maximum Security 2013 installed. I like...
System Security
Security question
I am running a Win 7 64 ( updated ) router for firewall, 7 fw, LUA, MSE, Malwrebytes free, Hitman pro free, Sandboxie free delete contents upon closing , and use Chrome for my browser. I only use this computer for surfing, and was wondering how likely it would be to get hacked or infected other...
System Security
How/Why do most people start smoking? (A Poll For Curiousity)
I am not in anyway promoting the use of tobacco this is purely for my own personal education/curiosity. Without telling everyone on the forums my life's story I'll skip to the point. Why/how did or would you/someone start smoking? Keep in mind I was born in 1990 so I don't know much...
Chillout Room
security question
ive been using windows 7 for a while now. just wana know how to protect my inentity on the net?? every time i go to icq or any chat every one knows wat country im form and wat internet service i use and what os i use . how do i hide my self from ppl like that??? its becomming anoying now.
System Security
Just out of idle curiousity.....
With an OEM copy of windows 7 can you install it to 2 drives in the same computer?
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:38.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App