Discovering Java Security Holes, Upgrade Now!

February 6th, 2005

I was compiling some Java code which includes some unit tests early this morning and my newly installed Norton AntiVirus 2005 kept on warning me that a Trojan was being detected and it was trying to connect to Java 1.4.0. I found this was odd since I am running Java 1.4.2_04. I dug around and found that the Windows Environment Variables for JAVA_HOME and PATH were still referencing an existing 1.4.0 installation. I was annoyed that the Java installers were not smart enough to update these values, so I took care of it manually.

I had Norton AntiVirus installed only because recently my supposedly secure PC was overcome by Spyware. My usage on the machine is limited to 3 activities: playing Halo, coding Java with IDEA and browsing a few websites with Firefox. It is a Windows 2000 box and I do not use MSIE or Outlook. I was baffled on how the Spyware got onto my machine. I actually use my iBook for most mail and web activity. Occasionally I will open up Windows Media files but I scanned all the media files on the machine with Norton AntiVirus and it was clean of known exploits. Then I was given a tip that I had to upgrade the Java Runtime due to a security exploit for Java applets in web browsers, including Firefox. Secunia reports 2 advisories on the problem: one and two. These exploits affect Java 1.3.x and 1.4.x runtimes and SDKs. Everyone should upgrade now.

I actually logged out of my normal account and back in with my special user account which I use to delete files which are normally locked due to running processes in my normal account. I then uninstalled pretty much any Java Runtime or SDK. I left an old Java 1.3.1 installation which I just use for legacy programming and not referenced by any Environment Variables.

I have since installed the Java 1.4.2_07 SDK and the Java 5 JRE/SDK and set the Environment Variables to use them.

Apparently the security hole allows malicious software to eliminate the barriers raised by the sandbox to prevent access to the host system. The software can then download anything and install it. For my problem Norton AntiVirus found some Spyware which actually connects to a remote FTP server and downloads more Spyware. I tried to use the free Spybot: Search & Destroy software to eliminate it but it kept on coming. I had to break down and purchase the North AntiVirus software. So far so good.

« One Year of Blogging
Eight Legs Podcast: Spyware and Anti-virus »

Comments are closed.

This entry was posted on Sunday, February 6th, 2005 at 1:09 pm and is filed under java. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.