Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How I ditched the security risks and lived without Java, Reader, and F

09 Mar 2013   #1

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 
How I ditched the security risks and lived without Java, Reader, and F

Quote:
How I ditched the security risks and lived without Java, Reader, and Flash


Brad Chacos @BradChacos
Mar 8, 2013 3:00 AM

Adobe Flash, Adobe Reader, and Oracle's Java. All three are virtually ubiquitous on modern-day PCs, and all three provide handy-dandy functionality—functionality that, in the case of Flash and Java, can't be directly reproduced by a third-party solution. If we lived in a vacuum, it would be hard to argue that the trio doesn't deserve its spot on computers around the globe.

We don't live in a vacuum, though.

Here in the real world, widespread adoption of the software makes all three irresistible targets for hackers and malware peddlers. The attacks reached a fever pitch in the early months of 2013, with a flood of reports about Flash, Reader, and Java exploits. Three different articles about Java exploits hit PCWorld's homepage this past Monday and Tuesday alone, and Adobe issued three critical Flash updates in February.

But don't yank out that ethernet cable or wrap your desk in a Faraday cage just yet. You don't have to use Java, Flash, and Reader just because everyone else does. I spent more than a week without Reader, Java, Flash, and their respective browser plug-ins to see if it's possible to live without the software and not suffer massive migraines.

My results were mixed, but incredibly illuminating.
more


My System SpecsSystem Spec
.

10 Mar 2013   #2

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
"Die! Die! Why won't you die?... Why won't you die?"

Apologies to "V for Vendetta".

IMO, Flash and Java can't die soon enough.

I only run Java on a Windows 7 VM.

I use FF + NoScript to reduce my exposure to Flash nasties.
My System SpecsSystem Spec
10 Mar 2013   #3

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

Cheer up! Flash is now embedded in IE10 as if you could get away without it! Fortunately while 10 is on WaterFox the 64bit flavor of FF has been taking IE's place for some time now not liking IE9 to start with. Plus having multiple IE windows open at once lead to constant IE freeze ups despite a fresh install. WF however is generally right on the money only once in a blue moon seeing any stalls so far.

As for Java runtime the only time I can even remember downloading and installing that by choice and intentionally was with XP! At times I had to go back and track that down for some reason while WF uses an open source form of Flash Player and Shock Player not so Zero Day vulnerable as the IE version of Flash.

FireFox on the other hand has some other worries! You may want to reconsider that as a browser and swap out for the 64bit once you read this one! Windows XP and Firefox take 25-year lead in security flaws | PCWorld
My System SpecsSystem Spec
.


10 Mar 2013   #4

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 

I'm not particularly worried, since I run NoScript.

When I swapped from "XP and IE6" to "XP and FF + NoScript" (back in 2006), my malware attacks dropped to basically zero.
I've never had to do a malware-related reinstall since that time.

I notice the occasional Trojan in my AV quarantine.
I actually suspect that a lot of those are false positives.
However, I still have installers dating back to 2004 - 2005, so it's possible that they have always been infected.
My System SpecsSystem Spec
10 Mar 2013   #5

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

The av program here will sweep all drives and find trojans hidden in old XP downloads that were never opened. At one time that was all I was doing was literally trying out everything! Yet I rarely got hit by bugs or quickly removed them without ever having the need to reinstall any Windows due to any infection by bug or virus. And that includes one virus I let run intentionally which was only able to infect one file and quarantined by the free AVG back then.

What was funny earlier was trying to get Sumatra on and the firewall blocking something it saw as crapware! It was as if the installer was trying to stuff some unwanted IE tool bar on and was blocked preventing Sumatra from finishing up the install. I've had that reader on some time back and never ran into any "Now comes with bugs included".

Nitro and Foxit are on while I prefer Nitro since you can create new files as well as read any. Perfect PDF Reader is another but only opens one thing at a time as another alternate for Adobe.

And when trying to install it from the zip file is good only for 9x - ME! Well if you know someone still running one of those oldies or has a VM going... I was rather surprised to see any for those still being carried at a more recent site.

Yet I still have Adobe on and never seem to get hit with Zero Day bugs. I suspect those are targeted mostly at certain types of users more so then the average pc user would need to worry about.
My System SpecsSystem Spec
10 Mar 2013   #6

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
JavaScript?

Quote   Quote: Originally Posted by Night Hawk View Post
Yet I still have Adobe on and never seem to get hit with Zero Day bugs. I suspect those are targeted mostly at certain types of users more so then the average pc user would need to worry about.
Those users probably keep turning JavaScript back on.
My System SpecsSystem Spec
10 Mar 2013   #7

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

I wouldn't be surprised a bit if that turned out to be the case. Often people simply jump on every popup notification that a new update is available while it may otherwise be in a form hibernated state until awoken again and whamo the vulnerability is revealed.

Another thing that can also prevent a Zero Day bug without realizing it is how good the system protections are to begin with. If you have web filtering included in your av program or running a separate firewall with that type of filtering present you may not even be able to get onto a number of sites that are automatically flagged and blocked preventing any malicious script from running. You don't get "bug bombed" when you can't even get into the nest!
My System SpecsSystem Spec
10 Mar 2013   #8

Windows 7 Pro-x64
 
 

Java Script and Java are to different things. I don't have Java installed and I limit Flash to only a few sites that I frequent that need it for video. I don't allow "all" sites to use Flash. And I don't allow ANY site to use disk space. I got used to ignoring the yellow band that pops up or I just hit the X on it and ignore it. If I hit a site just browsing that doesn't work because of no Flash or blocking, more likely than not, it's probably full of third party ads and I don't need to see it anyway. Those third party ads are a doorway for malware.
My System SpecsSystem Spec
10 Mar 2013   #9

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

Well I won't go into what gets blocked but simply mention having an effective web filtering process will generally eliminate the need to worry about having Flash and Java present. For downloads from various sites that's when I may pick up a few things like crapware options laced in with some app being looked at.
My System SpecsSystem Spec
11 Mar 2013   #10

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
Modern PDF readers ...

Quote   Quote: Originally Posted by carwiz View Post
Java Script and Java are to different things.
Modern PDF readers can execute JavaScript commands.

This caused problems for Adobe a couple of years ago.
I bet you are not surprised to hear that.

Here's what the Foxit Reader Preferences look like:
How I ditched the security risks and lived without Java, Reader, and F-foxit-preferences-javascript.png


My System SpecsSystem Spec
Reply

 How I ditched the security risks and lived without Java, Reader, and F




Thread Tools



Similar help and support threads for2: How I ditched the security risks and lived without Java, Reader, and F
Thread Forum
Wi-Fi routers: More security risks than ever Security News
Solved Java Update-Now I get a security warning for programs that run java General Discussion
Solved Java 1.7 Security System Security
The Hidden Security Risks of P2P Traffic Security News
Java Security Risks System Security
Microsoft Blames Poor Development Practices For Security Risks Security News
Ditched Kaspersky for MSE System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:46 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33