Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How I ditched the security risks and lived without Java, Reader, and F

09 Mar 2013   #1
Night Hawk

Windows 7 Ultimate x64, W10 Preview - Second remote tower Windows 7 Pro x64
 
 
How I ditched the security risks and lived without Java, Reader, and F

Quote:
How I ditched the security risks and lived without Java, Reader, and Flash


Brad Chacos @BradChacos
Mar 8, 2013 3:00 AM

Adobe Flash, Adobe Reader, and Oracle's Java. All three are virtually ubiquitous on modern-day PCs, and all three provide handy-dandy functionality—functionality that, in the case of Flash and Java, can't be directly reproduced by a third-party solution. If we lived in a vacuum, it would be hard to argue that the trio doesn't deserve its spot on computers around the globe.

We don't live in a vacuum, though.

Here in the real world, widespread adoption of the software makes all three irresistible targets for hackers and malware peddlers. The attacks reached a fever pitch in the early months of 2013, with a flood of reports about Flash, Reader, and Java exploits. Three different articles about Java exploits hit PCWorld's homepage this past Monday and Tuesday alone, and Adobe issued three critical Flash updates in February.

But don't yank out that ethernet cable or wrap your desk in a Faraday cage just yet. You don't have to use Java, Flash, and Reader just because everyone else does. I spent more than a week without Reader, Java, Flash, and their respective browser plug-ins to see if it's possible to live without the software and not suffer massive migraines.

My results were mixed, but incredibly illuminating.
more


My System SpecsSystem Spec
.

10 Mar 2013   #2
lehnerus2000

Windows 7 Ultimate SP1 (64 bit), Linux Mint 17.1 MATE (64 bit)
 
 
"Die! Die! Why won't you die?... Why won't you die?"

Apologies to "V for Vendetta".

IMO, Flash and Java can't die soon enough.

I only run Java on a W7 VM.

I use FF + NoScript to reduce my exposure to Flash nasties.
My System SpecsSystem Spec
10 Mar 2013   #3
Night Hawk

Windows 7 Ultimate x64, W10 Preview - Second remote tower Windows 7 Pro x64
 
 

Cheer up! Flash is now embedded in IE10 as if you could get away without it! Fortunately while 10 is on WaterFox the 64bit flavor of FF has been taking IE's place for some time now not liking IE9 to start with. Plus having multiple IE windows open at once lead to constant IE freeze ups despite a fresh install. WF however is generally right on the money only once in a blue moon seeing any stalls so far.

As for Java runtime the only time I can even remember downloading and installing that by choice and intentionally was with XP! At times I had to go back and track that down for some reason while WF uses an open source form of Flash Player and Shock Player not so Zero Day vulnerable as the IE version of Flash.

FireFox on the other hand has some other worries! You may want to reconsider that as a browser and swap out for the 64bit once you read this one! Windows XP and Firefox take 25-year lead in security flaws | PCWorld
My System SpecsSystem Spec
.


10 Mar 2013   #4
lehnerus2000

Windows 7 Ultimate SP1 (64 bit), Linux Mint 17.1 MATE (64 bit)
 
 

I'm not particularly worried, since I run NoScript.

When I swapped from "XP and IE6" to "XP and FF + NoScript" (back in 2006), my malware attacks dropped to basically zero.
I've never had to do a malware-related reinstall since that time.

I notice the occasional Trojan in my AV quarantine.
I actually suspect that a lot of those are false positives.
However, I still have installers dating back to 2004 - 2005, so it's possible that they have always been infected.
My System SpecsSystem Spec
10 Mar 2013   #5
Night Hawk

Windows 7 Ultimate x64, W10 Preview - Second remote tower Windows 7 Pro x64
 
 

The av program here will sweep all drives and find trojans hidden in old XP downloads that were never opened. At one time that was all I was doing was literally trying out everything! Yet I rarely got hit by bugs or quickly removed them without ever having the need to reinstall any Windows due to any infection by bug or virus. And that includes one virus I let run intentionally which was only able to infect one file and quarantined by the free AVG back then.

What was funny earlier was trying to get Sumatra on and the firewall blocking something it saw as crapware! It was as if the installer was trying to stuff some unwanted IE tool bar on and was blocked preventing Sumatra from finishing up the install. I've had that reader on some time back and never ran into any "Now comes with bugs included".

Nitro and Foxit are on while I prefer Nitro since you can create new files as well as read any. Perfect PDF Reader is another but only opens one thing at a time as another alternate for Adobe.

And when trying to install it from the zip file is good only for 9x - ME! Well if you know someone still running one of those oldies or has a VM going... I was rather surprised to see any for those still being carried at a more recent site.

Yet I still have Adobe on and never seem to get hit with Zero Day bugs. I suspect those are targeted mostly at certain types of users more so then the average pc user would need to worry about.
My System SpecsSystem Spec
10 Mar 2013   #6
lehnerus2000

Windows 7 Ultimate SP1 (64 bit), Linux Mint 17.1 MATE (64 bit)
 
 
JavaScript?

Quote   Quote: Originally Posted by Night Hawk View Post
Yet I still have Adobe on and never seem to get hit with Zero Day bugs. I suspect those are targeted mostly at certain types of users more so then the average pc user would need to worry about.
Those users probably keep turning JavaScript back on.
My System SpecsSystem Spec
10 Mar 2013   #7
Night Hawk

Windows 7 Ultimate x64, W10 Preview - Second remote tower Windows 7 Pro x64
 
 

I wouldn't be surprised a bit if that turned out to be the case. Often people simply jump on every popup notification that a new update is available while it may otherwise be in a form hibernated state until awoken again and whamo the vulnerability is revealed.

Another thing that can also prevent a Zero Day bug without realizing it is how good the system protections are to begin with. If you have web filtering included in your av program or running a separate firewall with that type of filtering present you may not even be able to get onto a number of sites that are automatically flagged and blocked preventing any malicious script from running. You don't get "bug bombed" when you can't even get into the nest!
My System SpecsSystem Spec
10 Mar 2013   #8
carwiz

Windows 7 Pro-x64
 
 

Java Script and Java are to different things. I don't have Java installed and I limit Flash to only a few sites that I frequent that need it for video. I don't allow "all" sites to use Flash. And I don't allow ANY site to use disk space. I got used to ignoring the yellow band that pops up or I just hit the X on it and ignore it. If I hit a site just browsing that doesn't work because of no Flash or blocking, more likely than not, it's probably full of third party ads and I don't need to see it anyway. Those third party ads are a doorway for malware.
My System SpecsSystem Spec
10 Mar 2013   #9
Night Hawk

Windows 7 Ultimate x64, W10 Preview - Second remote tower Windows 7 Pro x64
 
 

Well I won't go into what gets blocked but simply mention having an effective web filtering process will generally eliminate the need to worry about having Flash and Java present. For downloads from various sites that's when I may pick up a few things like crapware options laced in with some app being looked at.
My System SpecsSystem Spec
11 Mar 2013   #10
lehnerus2000

Windows 7 Ultimate SP1 (64 bit), Linux Mint 17.1 MATE (64 bit)
 
 
Modern PDF readers ...

Quote   Quote: Originally Posted by carwiz View Post
Java Script and Java are to different things.
Modern PDF readers can execute JavaScript commands.

This caused problems for Adobe a couple of years ago.
I bet you are not surprised to hear that.

Here's what the Foxit Reader Preferences look like:
-foxit-preferences-javascript.png


My System SpecsSystem Spec
Reply

 How I ditched the security risks and lived without Java, Reader, and F




Thread Tools





Similar help and support threads
Thread Forum
Disable adobe reader from showing up from java process
Hi all, Im been here before but I have to create new username for new email. My old email no longer valid I would like to ask something about adobe reader. Me and my team are currently as a technical IT team for web-base-system. So our current user are sometime producing reports from any...
Software
Wi-Fi routers: More security risks than ever
Read more at: Wi-Fi routers: More security risks than ever | Security & Privacy - CNET News
Security News
Java Update-Now I get a security warning for programs that run java
Updated Java to v7 Update 11, websites that use java are coming up with a security warning asking if I want to run this application? It says: An application from the location below is requesting permission to run. Location: www.time.gov/.../java Then I have to click "Run" so the program will...
General Discussion
The Hidden Security Risks of P2P Traffic
Source A Guy
Security News
Java Security Risks
Hi, Jacee and Corinne like to remind us to make sure our Java is updated if we really feel we can't do without it. I came across this interesting article by Ed Bott, and one particular paragraph stood out for me: And also:...
System Security
Microsoft Blames Poor Development Practices For Security Risks
Ah, Ye ole mitigation technologies thingy Good idea to use EMET and properly configure it? http://www.sevenforums.com/tutorials/133386-enhanced-mitigation-experience-toolkit-emet.html Yea, yea I think it is.:D This whole thingy is just one reason while Windows 7 is a lot more secure...
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 22:35.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App