Solved

Java/virtual machine malware detection question


Hi,
 
I have a question relating to platforms such as Java where its programs are run from within a virtual machine. How would WSA detect any malware in this sort of configuration? Presumably the java executable itself is a permitted application; I'm assuming this doesn't override the normal monitoring/firewall blocking etc that WSA would perform?
 
Ta.
icon

Best answer by superssjdan 2 November 2012, 23:04

You would be correct.Wsa has you protected on many levels,but the first one that comes to mind would be Zero Day shield that would protect you from any java related exploits.If malware attempts to execute,WSA will catch it.The journaling feature in WSA is a lifesaver.If you wind up with an infection,WSA journaling feature enables it to roll back your system to it's pristine preinfection state.

View original

3 replies

Userlevel 7
Badge +13
You would be correct.Wsa has you protected on many levels,but the first one that comes to mind would be Zero Day shield that would protect you from any java related exploits.If malware attempts to execute,WSA will catch it.The journaling feature in WSA is a lifesaver.If you wind up with an infection,WSA journaling feature enables it to roll back your system to it's pristine preinfection state.
Userlevel 7
Badge +13
Also,your choice of browser will minimize your attack vectors.IE10 has come really great security features built in,and in Nss testing blocked over 99% of malicious malware downloads without any help from any a/v.Google is another good choice as well although in the same test only scored around 70%.Both still lightyears ahead of the competition.Keep in mind this is protection before your av even gets involved.
Userlevel 7
Ahyep.  Java is a VM, but it's also sandboxed.  Java itself has some decent security built in (or at least tries to).  The primary thing that Java "Infections" try to do are download and run a native code infection.  Most Java exploits are working to get native code to the processor, since the VM is actually relatively limited in access to the system.  Obviously when something native is brought in, WSA doesn't treat it like Java.  Also, yes, the firewall and other aspects of SecureAnywhere will still block Java VM items from doing malicious things in general.
 

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings