"unprecedented wave of java exploits" - SageTV, what do we do?

[korben_dallas]

Microsoft Malware Protection Center

I have seen these java exploits first-hand, and let me tell you they are no joke. They can get around UAC, and they can get around security products. Once installed, they prevent execution of task manager, registry editor, the command prompt.. pretty much anything you need to attempt to clean them. They install malware all over the place, setup listeners and browser proxies. I even saw one that corrupted Symantec Endpoint.

Running as an un-privileged user is helpful but will not stop the install if you get exploited. You'll have to logon as an Admin and clean with up-to-the-minute security product.

Blocking java applets in browser options is the only option I see, unless SageTV can give us guidance on keeping Java updated?

[bcjenkins]

Why is this SageTV's worry? If you don't want your machine to get infected, don't use it for anything but SageTV or switch to Linux

B

[rsteele]

As far as I can tell these exploits are when using Java embedded in a browser; i.e., using applets--especially those of unknown origin. SageTV isn't based on applets, though it does use Java under the hood.

Rich

[CollinR]

Same stuff would happen if you browsed the web on your cable box, just keep SageTV as a single use appliance and you have much less to worry about.

[stuckless]

Quote:

Originally Posted by korben_dallas

Blocking java applets in browser options is the only option I see, unless SageTV can give us guidance on keeping Java updated?

This may go without saying... but given how prevalent browser attacks are...I'd recommend never running java applets, activex controls, or flash. If you must, then I'd use something like NoScript, so that you can control which sites you 'trust' to run code on your computer.

[stanger89]

That's what I do.

[greggerm]

I run Java v1.6.x on my desktop station and it handles the Sage Client just fine. It remains updated.

I probably have the Sage-installed 1.4.x on my WHS box, but being literally just a server, there's zero web browsing on that machine. The homepage for the machine is Windows Update, so the likelihood of a problem there is minimal.

(All home machines are behind a physical firewall)

Although it pays to pay attention to these threats, just make sure you have mitigating controls or behaviors in play to prevent them from being a big concern.

-Greg

[korben_dallas]

I do not browse from my SageTV server.

However, my SageTV Client is on my main workstation, where I spend the vast majority of time in my browser. Unfortunately, my all online school schedule requires both java for programming as well as java (and flash) through the browser. Disabling either (or running something like noscript) is simply not an option.

[stuckless]

Quote:

Originally Posted by korben_dallas

I do not browse from my SageTV server.

However, my SageTV Client is on my main workstation, where I spend the vast majority of time in my browser. Unfortunately, my all online school schedule requires both java for programming as well as java (and flash) through the browser. Disabling either (or running something like noscript) is simply not an option.

You may misunderstand the purpose of NoScript... basically you grant access to some sites to run java and flash, but not all sites. So your school sites would be able to execute java and flash, but other sites would not. Now if it turns out that your school sites are the source of the java expliot, then you're screwed