spikey in tn :
Paul Wagenseil :
spikey in tn :
Is this solely a Microsoft problem, or does JavaScript also have a key role that needs addressing?
Bad JavaScript makes this attack possible, but I don't think JavaScript is to blame.
Perhaps I didn't sufficiently differentiate between whether JavaScript was an innocent carrier or an active participant. Regardless of which ultimately proves to be the case, one thing is certain - JavaScript is in the middle, whether actively or passively, of far too many attacks of all kinds. To me it has proven to be a hacker's dream because of how well it serves their purposes.
read the article
"The flaw has to do with how the Microsoft malware-detection engine, shared by Microsoft Security Essentials and Windows Defender,
parses JavaScript, a common coding language used in web pages and other applications.
A malicious JavaScript command fed into the malware-detection engine's code analyzer in just the right way could affect the malware-detection engine itself. The JavaScript could arrive in a web page, instant message, tweet, email or any other format that would be monitored by antivirus software."