JRE 1.4.2_003 and Trojan.ByteVerify

L

Lukas Bradley

I recently installed the newest JDK and JRE 1.4.2_003 for development
purposes and client applet support. When surfing around the web for a
NON-pornographic video, I happened upon a particular site that
apparently started an Applet.

Immediately, Norton 2003 Anti-Virus caught a ZIP within C:\Documents and
Settings\lbradley\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar named
plugin.jar-3aafe450-3b041b4c.zip (this may have been renamed by the
browser, IE). The virus was identified as Trojan.ByteVerify. More
information is located here:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html

My question is WHY hasn't the JRE for my browser been fixed to not allow
the runtime security PermissionSet to be circumvented? Even though the
above is defined as a Microsoft security alert, I am no longer using the
Microsoft VM.

Lukas
 
A

Andrew Thompson

"Lukas Bradley" ...
|
| I recently installed the newest JDK and JRE 1.4.2_003 for development
| purposes and client applet support. When surfing around the web for a
| NON-pornographic video, I happened upon a particular site

What URL?

| apparently started an Applet.
....
|
http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.h
tml
|
| My question is WHY hasn't the JRE for my browser been fixed to not allow
| the runtime security PermissionSet to be circumvented?

If you are using the MS VM, it was never fixed.*
If you are using the Sun VM, it was never broken.

* The fix is to use the Java Plug-In

|...Even though the
| above is defined as a Microsoft security alert, I am no longer using the
| Microsoft VM.

Check the settings and ensure you
are actually _using_ the Sun VM.

Some of the people who install the
latest MS are lucky enough to get
their OS Component - IE, without
the broken VM at all.

The best fix is probably to get yourself
Mozilla/Opera ..or Linux. ;-)
 
J

Jezuch

Lukas said:
My question is WHY hasn't the JRE for my browser been fixed to not allow
the runtime security PermissionSet to be circumvented? Even though the
above is defined as a Microsoft security alert, I am no longer using the
Microsoft VM.
Click to expand...

I think there's no need to panic. When the VM downloads the code, it writes
it to disk *before* executing; NAV then picks it up and alerts that there's
a virus inside. That's pretty normal, I'd say :)
--
Ecce Jezuch
"Cry, if you want to cry if it helps you see if it clears your eyes
Hate, if you want to hate if it keeps you safe if it makes you brave
Pray, if you want to pray if you like to kneel if you like to lay"
- C. Cornell
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

question on recent Java virus affecting JRE/applets 2
Windows integration of the JRE and JDK 13
Applets and Multiple JRE Versions 2
Problem with JRE 1
Very Urgent Requirement!! End Client(Financial)Desktop engineer with JRE 0
do Firefox and chrome support JDK 7 U 10 for applets? Unable to runapplets 9
JAVA 2 JRE and Applets 17
Problem with Java Control Panel and Firefox 7

Members online

Total: 27 (members: 1, guests: 26)
Robots: 329

Forum statistics

Threads
473,755
Messages
2,569,535
Members
45,007
Latest member
obedient dusk

Latest Threads

Top