Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: aVastSeaofSun on February 01, 2013, 12:28:46 AM
-
I am required to use Java runtime and applets.
For 2 days, I have had Avast running in real-time (version 6.0.1426 (I found the latest version slowed my computer significantly) If the latest version would help the java issue, I am open to updating.
Virus definitions are always updated daily.
The first scan found 3 exploits.
All were in Sun\Java\Deployment\cache\6.0\37\.... Threat: Java:CVE-2012-1723-YG [Expl]
The second scan found 3 exploits, in the same folder (the numbers after the "6.0" changed), and the Threat description filenames were the same.
If Avast found these viruses by a scan, why didn't it block them in real-time?
These scans were 2 days apart - can't Avast use the history in order to block a previously found virus type?
Would updating to the later version of Avast help?
-
Java is so bad, that it is really impossible to stop all of it, as Oracle has been negligent for far too long (I'm suprised they have not been sued yet)
We are having all of our clients remove Java completely off their systems, and then use Google Chrome and it's java emulator applet anytime Java is required. This is the only way to completely curtail todays Java vulnerabilitites, that I know of, except for unplugging.
-
If Avast found these viruses by a scan, why didn't it block them in real-time?
maybe you got them before avast had signature for it?
Sun\Java\Deployment\cache\6.0\
seems you are not using latest java version. http://www.java.com/en/download/index.jsp
-
Java is so bad, that it is really impossible to stop all of it, as Oracle has been negligent for far too long (I'm suprised they have not been sued yet)
We are having all of our clients remove Java completely off their systems, and then use Google Chrome and it's java emulator applet anytime Java is required. This is the only way to completely curtail todays Java vulnerabilitites, that I know of, except for unplugging.
Hi,
Will Google Chrome allow full functionality of Java?
-
If Avast found these viruses by a scan, why didn't it block them in real-time?
maybe you got them before avast had signature for it?
Sun\Java\Deployment\cache\6.0\
seems you are not using latest java version. http://www.java.com/en/download/index.jsp
If so, that could be the vulnerability. (I have my Java security set to prompt and multi-prompt me for each option. I only use Java for 2 applications, so I should be able to deny anything else that tries to run.)
The Java Console shows that the instaled version is Version 7, Update 11. When I click update, it says that this is the latest version/build.
Maybe there are parts of previous version still on my computer. I thought I had done a clean install of the current version.
In Add/Remove Programs, there is only Java 7-11.
Is there some more detailed process that will fully delete all Java files, so I can install 7-11 from scratch?
-
I just located a version 6 folder among the Java folders. Deleted and will see if this fixes the issue.
-
I run Java because I need it for a program; However, I have Java disabled in my browser which is when it is more vulnerable to exploit attacks while browsing the web.
http://www.java.com/en/download/help/disable_browser.xml
Is there some more detailed process that will fully delete all Java files, so I can install 7-11 from scratch?
While it is supposed to remove all traces of Java when you install a new version, I like to install it fresh. So I run JavaRa to remove any remnants of the old version.
http://singularlabs.com/software/javara/
Added: I was looking for the article. Never use Java automatic updates. Oracle installs deceptive software with automatic updates.
http://www.zdnet.com/a-close-look-at-how-oracle-installs-deceptive-software-with-java-updates-7000010038/
-
Also, auto-updates (or for that matter, manual update checks from within the app) are, or at least used to be, very late relative to when there's an update available. I gave up on letting Java check when I found that far too often, it was as much as 2 weeks after someone posted notification here in the Updates topic that Java itself found the update.
Now that the one and only site I regularly visit that used to require it has switched from Java to script, I've totally uninstalled Java from my system.