Jump to content

Only 9 of 22 virus scanners block Java exploit

raygun

By raygun
in News & Opinion

 Share

Recommended Posts

raygun

raygun

Posted
Posted

Only-9-of-22-virus-scanners-block-Java-exploit-1696462.htmlh-online.com:

According to an analysis conducted by the AV-Comparatives test lab on behalf of The H's associates at heise Security, less than half of the 22 anti-virus programs tested protect users against the currently circulating Java exploit that targets a highly critical vulnerability in Java version 7 Update 6.

 

Two versions of the exploit were tested: the basic version that was largely based on the published proof of concept and started the notepad instead of the calculator, and, for the second variant, heise Security added a download routine that writes an EXE file to disk from the internet. The test system was Windows XP that, except in the case of Avast, Microsoft and Panda, had the full versions of the security suites installed. For Avast, Microsoft and Panda, the researchers used the free versions of the products.

 

Only 9 of the 22 tested products managed to block both variants of the exploit (Avast Free, AVG, Avira, ESET, G Data, Kaspersky, PC Tools, Sophos and Symantec). Twelve virus scanners were found to be unsuccessful (AhnLab, Bitdefender, BullGuard, eScan, F-Secure, Fortinet, GFI-Vipre, Ikarus, McAfee, Panda Cloud Antivirus, Trend Micro and Webroot). Microsoft's free Security Essentials component at least managed to block the basic version of the exploit.

 

snip

Link to comment
Share on other sites
raygun

raygun

Posted
  • Author
Posted

It was brought to the Internet’s attention on Monday that Java was susceptible to a pretty nasty exploit that could see a user’s PC infected with malware. It was later revealed this morning that Java knew about the exploit since April, but was holding off on a patch until the regularly scheduled update in October. Fortunately, the urgency of the situation has forced their hand.

 

Oracle issued a security alert today that addresses the three vulnerabilities that were discovered in Java back in April by Security Explorations. The vulnerability, if exploited, would allow a hacker to take control over a user’s computer and steal confidential information. It also had the potential to add any number of PCs to a botnet for other illegal actions.

 

Oracle’s security alert does give us a bit more information in regards to what versions of Java are affected. The previous reports said that it was only Java 7 that was affected, but Oracle says that Java 6 update 34 and before are also affected by the exploit.

 

snip

 

http://www.webpronews.com/oracle-finally-patches-huge-java-exploit-2012-08

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
  • 1716274980
×
×
  • Create New...