Why not installing updates is risky: Java exploits run rampant

Why not installing updates is risky: Java exploits run rampant

Every user knows that they should install the updates available for their software and operating systems. However, just because they understand that they should install these patches doesn’t mean they actually do.

Oftentimes, it is a question of time and convenience – taking a few moments to install an update sidetracks the user from carrying out the tasks they set forth to complete in the first place. However, not installing those upgrades could prove dangerous to the user, as well as for their personal information. This is especially critical in the workplace, where an exploit could allow a cybercriminal to access a whole host of sensitive company information.

Thankfully, there is a solution that makes installing Windows updates throughout office workstations simple. Faronics’ Deep Freeze allows administrators to easily automate updates, enabling them to be downloaded even if a machine is frozen. Moreover, with their cloud-based product, Software Updater, you can centrally manage and apply updates for a growing list of popular applications.

Top exploit: Java
A recent report shows that, while hackers target a number of systems with their malware, the top aim is now to exploit vulnerabilities within Java. Researchers found that approximately half of all exploits discovered during December 2013 were focused on Java. The second runner up was Adobe Reader, a previous favorite for hackers. However, now that the platform has bolstered its security, only 22 percent of exploits target it. The rest of the uncovered exploits were aimed at Internet Explorer, Google Chrome and other platforms.

Experts have noted that malware authors look for two main characteristics when targeting a specific program with an exploit: distribution and ease. Hackers seek a system that is widely utilized to allow for the largest number of infected victims possible, as well as one that isn’t too complex to attack.

Trusteer, the company that released the report, noted that Java now represents a high-risk program that could lead a company to fall victim to an advanced attack.

“[Java] has numerous vulnerabilities that can be exploited to deliver malware and compromise users’ machines,” Trusteer stated in a blog post. “Once on the endpoint, it is extremely difficult to prevent its malicious execution.”

Blocked by Internet Explorer
Due to its security risks, Microsoft recently issued an update for Internet Explorer that allows users to block old versions of Java. The newly added feature is called “out-of-date ActiveX control blocking.”

“For the initial release, this new feature takes dead aim at the single most dangerous ActiveX control of all: Java,” noted ZDNet contributor Ed Bott. “Through the years, Java has been a favorite target of malware writers, who know that Windows PCs and Macs are likely to be running an outdated Java version.”

Simplifying updates
Although some experts will recommend completely removing Java or not installing it in the first place, in some cases, this is not possible. Java is a useful program that some companies need to leverage for their technology processes. However, by keeping Java and all other software up-to-date, the chances of being hit with an exploit are dramatically reduced.

This is where a solution like Faronics’ Deep Freeze and Software Updater becomes so valuable. Instead of manually updating every workstation in an office, administrators can leverage this tool to make update automation as simple as possible. This ensures that updates are installed as needed and security is in place to prevent malware exploits. Best of all, employees need not worry about installing these updates themselves.

Deep Freeze also comes with other tools on board to enhance enterprise security, including the ability to better protect the master boot record from rootkit injections. Furthermore, its Customization Code prevents any unauthorized access by individuals without the proper credentials to launch or control a workstation protected by Deep Freeze.

About The Author

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.