Microsoft Patches Fatal Flaw in Windows Antivirus Software

Status
Not open for further replies.

Paul Wagenseil

Senior Editor
Apr 11, 2014
692
1
4,940


Bad JavaScript makes this attack possible, but I don't think JavaScript is to blame.
 

spikey in tn

Distinguished
May 14, 2009
2
0
18,510


Perhaps I didn't sufficiently differentiate between whether JavaScript was an innocent carrier or an active participant. Regardless of which ultimately proves to be the case, one thing is certain - JavaScript is in the middle, whether actively or passively, of far too many attacks of all kinds. To me it has proven to be a hacker's dream because of how well it serves their purposes.
 

rgd1101

Don't
Moderator


read the article
"The flaw has to do with how the Microsoft malware-detection engine, shared by Microsoft Security Essentials and Windows Defender, parses JavaScript, a common coding language used in web pages and other applications.
A malicious JavaScript command fed into the malware-detection engine's code analyzer in just the right way could affect the malware-detection engine itself. The JavaScript could arrive in a web page, instant message, tweet, email or any other format that would be monitored by antivirus software."
 

Paul Wagenseil

Senior Editor
Apr 11, 2014
692
1
4,940


That's a viable argument, but JavaScript isn't half as dangerous as Java, which REALLY is at the middle of too many attacks of all kinds. You should really disable Java in the browser unless you absolutely need it.

 
Status
Not open for further replies.