To Customer Support To Customer Support
Solved

Java/virtual machine malware detection question

  • 2 November 2012
  • 3 replies
  • 53 views
J
Rank
Hi,
 
I have a question relating to platforms such as Java where its programs are run from within a virtual machine. How would WSA detect any malware in this sort of configuration? Presumably the java executable itself is a permitted application; I'm assuming this doesn't override the normal monitoring/firewall blocking etc that WSA would perform?
 
Ta.
icon

Best answer by superssjdan 2 November 2012, 23:04

View original

3 replies

superssjdan
Rank
Userlevel 7
Badge +13
You would be correct.Wsa has you protected on many levels,but the first one that comes to mind would be Zero Day shield that would protect you from any java related exploits.If malware attempts to execute,WSA will catch it.The journaling feature in WSA is a lifesaver.If you wind up with an infection,WSA journaling feature enables it to roll back your system to it's pristine preinfection state.
WSA 9.0.29.62,Macrium Reflect Paid, Diskeeper 18,AMD Ryzen 7 3700X - 32GB 3000mhz Memory - AMD Radeon RX 5700 XT - 2TB HDD + 1 TB Samsung M.2 970 EVO SSD
superssjdan
Rank
Userlevel 7
Badge +13
Also,your choice of browser will minimize your attack vectors.IE10 has come really great security features built in,and in Nss testing blocked over 99% of malicious malware downloads without any help from any a/v.Google is another good choice as well although in the same test only scored around 70%.Both still lightyears ahead of the competition.Keep in mind this is protection before your av even gets involved.
WSA 9.0.29.62,Macrium Reflect Paid, Diskeeper 18,AMD Ryzen 7 3700X - 32GB 3000mhz Memory - AMD Radeon RX 5700 XT - 2TB HDD + 1 TB Samsung M.2 970 EVO SSD
Kit
Userlevel 7
Ahyep.  Java is a VM, but it's also sandboxed.  Java itself has some decent security built in (or at least tries to).  The primary thing that Java "Infections" try to do are download and run a native code infection.  Most Java exploits are working to get native code to the processor, since the VM is actually relatively limited in access to the system.  Obviously when something native is brought in, WSA doesn't treat it like Java.  Also, yes, the firewall and other aspects of SecureAnywhere will still block Java VM items from doing malicious things in general.
 
Kit - Prior Webroot Quality Assurance / Prior Webroot Escalation Engineer

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.