Tim Rains, a director of Microsoft’s Trustworthy Computing group, revealed earlier this week that, “Between one-third and one-half” of all attacks detected and blocked by Microsoft’s security software from the beginning of July 2010 to the end of June 2011 were Java-based.” Microsoft’s anti-malware technologies blocked more than 27.5 million Java exploits over a 12-month period, many of which had been patched at least a year ago, Rains said.
Not only does this data support the idea that users are slow to apply patches but that many users never apply patches at all. The fact that hackers and cyber-terrorists continue to target vulnerabilities that have long been corrected speaks volumes on the number of users who are ignorant or indifferent to the dangers. Part of the reason Java based attacks have become so common is the fact that it is a nearly universal application across all platforms and devices. Oracle, Java’s parent company reports that that application currently runs on over 3 billion devices.
While many security experts advise against the installation of Java in a corporate environment at the very least regular updates need to be scheduled and user awareness of potential threats needs to be made a priority. Because of the nature of Java, attacks can come in the form of websites, email attachments and even hidden within other software installers. In most office places Java shouldn’t be a necessity for the majority of users, and if it’s not, always consider that the less software installed in a browser, the less likely an attack will be successful.
Because of the wide array of potential infection points and prevalence of Java across operating systems, it is advisable that system administrators and users should regularly update Java and be diligent about the updates. Additionally, as 64-bit operating systems become more common users and admins should pay extra attention as some systems may be running different versions of Java within a single environment.
– Richard Keene
IT Computer Support of New York
Design and Optimization Department