Security question - or - curiousity

[Cliff789]

Running Win 7 makes it easier to keep administrator permissions separate as compared to XP which was a bit of a PITA. So I just don't run as administrator.

And as a result I get a popup about once a day from Oracle asking if they can modify my HD with a JAVA update. This is of a piece with the Windows updates that have been part of MS's service for so very long. Microsoft doesn't even stop to ask if it's OK to futz with your computer - they just up and do it.

Now here is the thing that bugs me:
How is it that hackers have not figured out how to impersonate these services? Seems to me that this would be the holy grail.

 

[DavidE]

Windows Update can be set to NOT automatically install updates.
It can notify you of updates before installing.
Check your Windows Update settings.

I don't have JAVA, but I'd be surprised if there is an update about once a day.
Are you sure the update is successful, and it's not the same update being offered again?

 

[ThrashZone]

I don't have Java installed either and have not had any issues surfing the internet so if you don't know what Java is or does (like I don't) Please Uninstall it.

 

[Jacee]

You can try this

Click the Windows "Start" button and select the "Control Panel" item found on the right side of the Start Menu.

Click within the search box located at the top-right corner of the resulting window and type "Java."

Click the "Java" item that appears in the list of search results. The Java Control Panel pops up on your screen within a few seconds.


Select the "Update" tab located near the top of the Java Control Panel window.


Uncheck the box labeled "Check for Updates Automatically."



Click the "Never Check" button when prompted.



Click "OK" to confirm your choice and close the Java Control Panel.

 

[Cliff789]

I'd be surprised if there is an update about once a day.
Are you sure the update is successful, and it's not the same update being offered again?

Google it, there's lots of people reporting it.
It may be a buggy install that keeps trying over and over again. I'll unistal the whole bloody thing and reinstall fresh But still the original question goes on addressed. What keeps hackers from mimicking those things? Massive individualized code on each operating system that only the mother ship knows? If the NSA gets hacked how come they don't?

 

[DavidE]

I can't answer why things like the MS Update process/service is not hacked - I'm not a hacker...
I wouldn't be surprised if hackers do try...
If that ever happens, things will be MUCH worse imho, if we can't trust getting Windows updates securely/reliably.
I would guess MS has put a lot of effort into making sure their update process is secure...

Are you sure you need JAVA?
I removed it and have found no website I must use that requires it...

 

[pallesenw]

There is cryptography involved. So it is not easily hacked.

 

[bobafetthotmail]

How is it that hackers have not figured out how to impersonate these services? Seems to me that this would be the holy grail.

"Automatic software updates" just mean that the software installs a component in your PC that periodically initates a secure connection to its own download server.
This goes on without you knowing, but it's all stuff inside your PC that connects to its download server and asks "is this the last version?"

Goes without saying that you can disable this madness by either the program's own options (java has its own entry in Control Panel, icon view, the same for flash, and windows update can be set to not download automatically updates) or by removing manually entries of the update-checking components from startup, step 2 of this tutorial.

Being internet what it is, hacking something like this could theoretically happen in three broad ways:

-something (read: malware) modifies the address that the update-checking component uses to ask its questions and download stuff and redirects it to a malware server.

-someone intercepts the connection while en-route and swaps its stuff instead of the updates

-someone hacks the update server

Now, the first possibility is kinda stupid, as any malware that can do that would be perfectly capable of downloading whatever it wants on its own without screwing up other programs in the first place.
Quite a few advanced ones do have such "features", and update themselves from other infected PCs if their malware's "version" was newer.

Second is possible but horribly complex to pull off as the would-be hacker would have to exploit less-secure areas of the network between you and the download server. Which usually means hacking the wifi network you are connected to, or physically tampering with network infrastructure. Either is doable but risky, and does not allow a big-enough spread of the malware to make it worthwhile.

The last is possible but again complex to pull off. Any serious server admin are expecting this kind of tampering, and usually the download server is impregnable to such attacks. After all it just does have to answer a couple questions and upload stuff, it's not that hard to lock it down.
Yes, you can force it to crash or do the usual denial-of-service attacks, but there is no way of stealing its IP address to make a shadow server in the meantime.