In association with heise online

29 August 2012, 16:53

The H Update Check closes because of vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

No More Java icon The H has offered The H Update Check as an online service to help users check their currently installed software. But the online service uses Java to establish what version numbers installed software has. With the serious vulnerability in Java that is currently placing systems at risk, The H has decided not to encourage users to install Java to run the Update Check. In fact The H recommends that users uninstall Java as soon as possible or at least disable it in their browsers. Users can check if their browser has Java enabled with this test page.

Known vulnerabilities in programs are one of the biggest threats to any PC. They are already used, routinely, to install trojans that steal banking information, for example. With the Update Check, systems could have some of the most important and frequently abused programs rapidly checked to ensure they were up to date and where they were not, users could get links to quickly update those programs.

But at the start of this week a highly critical vulnerability in Java was discovered for which the only current protection is disabling Java. The vulnerability affects all browsers using a plugin for the current Java 7 on all operating systems. The anti-virus vendor F-Secure has already sighted suitable modules for the commercial BlackHole exploit kit. Ambitious criminals can use the kit to assemble attacks, without any HTML or programming knowledge, that could compromise a visiting users system with malware. Therefore it should be expected that there will soon be a larger wave of infections. There is no recent security update from Oracle which would close the hole; in fact, Oracle have yet to acknowledge the flaw.

Since the Update Check required the use of Java, and given the current circumstances, the only reasonable conclusion was to disable the Update Check for now. An alternative is the Secunia Personal Software Inspector which is free, runs locally on users' PCs, recognises far more software than the online version and actively helps update installed software.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-1678815
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit