My home PC is running XP HE OS. Recently, I wanted to join into some Yahoo!
chat rooms my brother frequents. He lives about 400 miles from me, and it
would be a fun way to keep in touch. I found that I needed to have Java
installed to use the chat rooms. I clicked on the link supplied via Yahoo!,
and it took me to a MS website page. There, I found a message that MS had
recently lost a lawsuit vs. Sun Microsystems(?), and could no longer supply
the Virtual Machine. They intend to create a substitute utility using the
..NET technology, but for the moment the visitors would have to go to the Sun
site & get the Java from Sun.

I clicked on the link I found on the MS page, went to the Sun website, & did
an automated download/install of the JAVA 2 RUNTIME ENVIRONMENT. It went
very smoothly, with no hitches that I could discern. I went offline &
rebooted my system. Got back online, and visited Yahoo! again. To my
disgruntlement, I still couldn't use the chat rooms. I haven't figured out
why, yet.

The trouble showed up later, while surfing and snooping around on the web. I
clicked on a link, and POOF! The Java Runtime loaded itself and ran an
applet. The applet in question was a data-mining applet, which tried to dump
my memory contents, history, etc. online to the applet owner. I quickly shut
down the browser, went offline, & rebooted the machine. I don't think they
got very much, since I'm currently limited to a 28K connection in this
remote location.

I examined my custom Internet Options settings, and made sure all the
Java-related stuff was disabled. I ran Norton's Antivirus 2000 & Ad-Aware
(both, are updated to current par). Found nothing via either one. Went back
online. A short while later, it happened again - SPY ATTACK!!! I quickly
got offline, etc. Examining the Internet Options closely, I discovered that
there was a new item found via the "Advanced" tab, controlling use of Java.
I unchecked it, hoping that had been the culprit causing such a security
breach.

Going back online again, I checked and re-checked that new setting to make
sure it was still disabled (and, all the other related settings, too). It
was & they were. However, after a while of surfing - POOF! There was the
Java Runtime activating itself, and running a data-mining applet for the
current website! I again quickly got offline, etc.

It was at this point, that I uninstalled the JAVA 2 RUNTIME ENVIRONMENT. I
did it via the Control Panel "Add/Remove Programs" utility. It seemed to go
smoothly; without a hitch. Almost immediately, though, when I began to use
the system in a normal manner again, a new disfunction showed up. It was
linked to usage of Windows Explorer - clicking on opening a folder would
cause a new window to open (I have the settings set for re-using the same
window). This new window was maximed into Full Screen mode. I know this,
because I could see a new no-name window indicator in the taskbar at the
bottom of the screen, immediately before the taskbar vanished. It was
complete and utterly blank, lacking any details or controls. The only escape
was to trigger the Task Manager via Ctrl-Alt-Del, and shut down the Windows
Explorer task. Then, it all seemed normal agian. However, NOTE: In the Task
Manager, the only window which was listed as active was the original window
I'd been using.

This disfunction didn't happen every time. It didn't even happen that
often - it seemed upredictable, and also unavoidable. The solution, which
I've done today, was to roll back the OS to the last auto checkpoint found
BEFORE the checkpoint where the JAVA 2 RUNTIME ENVIRONMENT was installed. I
think this has solved the problem; at least, the disfunction hasn't recurred
yet. I'll know in a week or so, whether this was a truly enduring repair to
prevent that disfunction.

I'd like to recommend that MS creat an OS patch designed to seal the
security breach caused by the JAVA 2 RUNTIME ENVIRONMENT. This patch should
be designed for application AFTER the Java utility has been installed, and
labelled in BIG LETTERS, that this is the case. Naive as I am, it seems to
me that the security breach is the direct result of MS losing the lawsuit -
Sun isn't constrained now, re. what it does w/ the Runtime Environment,
because the competition no longer can compete. The only option for those who
want Java, is to shop at the company store - and, the price has become
exorbitant now that the competition was knocked out of the market; i.e., all
who use Java must allow data mining of their private computer's contents.
The best solution seems to me to be an OS patch designed to seal that
security breach after it's been created. You can't seal the breach
beforehand, because that leaves the option of programming OS alterations to
occur during installation of the Runtime Environment; i.e., they might be
able to disable the patch during the installation process, or create their
security breach via a different method which side-steps the existant patch.
So, it needs to be a "fix" applied to fine-tune & limit what the Runtime
Environment is allowed to do, applied after installation has been completed.

I'm rather ****ed off, that the only way to have JAVA for the chatrooms is
to leave such a gaping security hole while I'm online. I heartily recommend
to all who read this message, that they don't attempt to install & use the
JAVA 2 RUNTIME ENVIRONMENT. In fact, pass the word & let others know they're
at risk too. I think doing so constitutes a social service. As you can see,
I've done my part via taking the time to write it all out & post this. Now,
do yours.


JLF

jlfonline wrote:

> I clicked on the link I found on the MS page, went to the Sun
> website, & did an automated download/install of the JAVA 2 RUNTIME
> ENVIRONMENT.
>
> The trouble showed up later, while surfing and snooping around on the
> web. I clicked on a link, and POOF! The Java Runtime loaded itself
> and ran an applet. The applet in question was a data-mining applet,
> which tried to dump my memory contents, history, etc. online to the
> applet owner. I quickly shut down the browser, went offline, &
> rebooted the machine. I don't think they got very much, since I'm
> currently limited to a 28K connection in this remote location.

What makes you think the same problem would not have occured with the MS
Java VM (which some of us have installed)?

What are your security settings for the Internet Zone? Are Java applets
allowed to roam free?

What was the link? I use the Sun J2SE, and I'd love to check it out.
(Let me guess... you can't provide a link... "It was just something I
came across; I can't find it now."

--
Rid yourself of web annoyances: <http://www.admuncher.com>
Reliable partitioning and imaging: <http://www.terabyteunlimited.com>
STOP 0x0000007F: THAT_WASNT_SUPPOSED_TO_HAPPEN

Can I option the movie rights for your post?

BTW, Java works great for me. No spyware of any kind.

Mike Mulligan

"jlfonline" > wrote in message
...
> My home PC is running XP HE OS. Recently, I wanted to join into some
Yahoo!
> chat rooms my brother frequents. He lives about 400 miles from me, and it
> would be a fun way to keep in touch. I found that I needed to have Java
> installed to use the chat rooms. I clicked on the link supplied via
Yahoo!,
> and it took me to a MS website page. There, I found a message that MS had
> recently lost a lawsuit vs. Sun Microsystems(?), and could no longer
supply
> the Virtual Machine. They intend to create a substitute utility using the
> .NET technology, but for the moment the visitors would have to go to the
Sun
> site & get the Java from Sun.
>
> I clicked on the link I found on the MS page, went to the Sun website, &
did
> an automated download/install of the JAVA 2 RUNTIME ENVIRONMENT. It went
> very smoothly, with no hitches that I could discern. I went offline &
> rebooted my system. Got back online, and visited Yahoo! again. To my
> disgruntlement, I still couldn't use the chat rooms. I haven't figured out
> why, yet.
>
> The trouble showed up later, while surfing and snooping around on the web.
I
> clicked on a link, and POOF! The Java Runtime loaded itself and ran an
> applet. The applet in question was a data-mining applet, which tried to
dump
> my memory contents, history, etc. online to the applet owner. I quickly
shut
> down the browser, went offline, & rebooted the machine. I don't think they
> got very much, since I'm currently limited to a 28K connection in this
> remote location.
>
> I examined my custom Internet Options settings, and made sure all the
> Java-related stuff was disabled. I ran Norton's Antivirus 2000 & Ad-Aware
> (both, are updated to current par). Found nothing via either one. Went
back
> online. A short while later, it happened again - SPY ATTACK!!! I quickly
> got offline, etc. Examining the Internet Options closely, I discovered
that
> there was a new item found via the "Advanced" tab, controlling use of
Java.
> I unchecked it, hoping that had been the culprit causing such a security
> breach.
>
> Going back online again, I checked and re-checked that new setting to make
> sure it was still disabled (and, all the other related settings, too). It
> was & they were. However, after a while of surfing - POOF! There was the
> Java Runtime activating itself, and running a data-mining applet for the
> current website! I again quickly got offline, etc.
>
> It was at this point, that I uninstalled the JAVA 2 RUNTIME ENVIRONMENT. I
> did it via the Control Panel "Add/Remove Programs" utility. It seemed to
go
> smoothly; without a hitch. Almost immediately, though, when I began to use
> the system in a normal manner again, a new disfunction showed up. It was
> linked to usage of Windows Explorer - clicking on opening a folder would
> cause a new window to open (I have the settings set for re-using the same
> window). This new window was maximed into Full Screen mode. I know this,
> because I could see a new no-name window indicator in the taskbar at the
> bottom of the screen, immediately before the taskbar vanished. It was
> complete and utterly blank, lacking any details or controls. The only
escape
> was to trigger the Task Manager via Ctrl-Alt-Del, and shut down the
Windows
> Explorer task. Then, it all seemed normal agian. However, NOTE: In the
Task
> Manager, the only window which was listed as active was the original
window
> I'd been using.
>
> This disfunction didn't happen every time. It didn't even happen that
> often - it seemed upredictable, and also unavoidable. The solution, which
> I've done today, was to roll back the OS to the last auto checkpoint found
> BEFORE the checkpoint where the JAVA 2 RUNTIME ENVIRONMENT was installed.
I
> think this has solved the problem; at least, the disfunction hasn't
recurred
> yet. I'll know in a week or so, whether this was a truly enduring repair
to
> prevent that disfunction.
>
> I'd like to recommend that MS creat an OS patch designed to seal the
> security breach caused by the JAVA 2 RUNTIME ENVIRONMENT. This patch
should
> be designed for application AFTER the Java utility has been installed, and
> labelled in BIG LETTERS, that this is the case. Naive as I am, it seems to
> me that the security breach is the direct result of MS losing the
lawsuit -
> Sun isn't constrained now, re. what it does w/ the Runtime Environment,
> because the competition no longer can compete. The only option for those
who
> want Java, is to shop at the company store - and, the price has become
> exorbitant now that the competition was knocked out of the market; i.e.,
all
> who use Java must allow data mining of their private computer's contents.
> The best solution seems to me to be an OS patch designed to seal that
> security breach after it's been created. You can't seal the breach
> beforehand, because that leaves the option of programming OS alterations
to
> occur during installation of the Runtime Environment; i.e., they might be
> able to disable the patch during the installation process, or create their
> security breach via a different method which side-steps the existant
patch.
> So, it needs to be a "fix" applied to fine-tune & limit what the Runtime
> Environment is allowed to do, applied after installation has been
completed.
>
> I'm rather ****ed off, that the only way to have JAVA for the chatrooms is
> to leave such a gaping security hole while I'm online. I heartily
recommend
> to all who read this message, that they don't attempt to install & use the
> JAVA 2 RUNTIME ENVIRONMENT. In fact, pass the word & let others know
they're
> at risk too. I think doing so constitutes a social service. As you can
see,
> I've done my part via taking the time to write it all out & post this.
Now,
> do yours.
>
>
> JLF
>
>
>

Mike Mulligan wrote:
| Can I option the movie rights for your post?
|
| BTW, Java works great for me. No spyware of any kind.
|
| Mike Mulligan
|
| "jlfonline" > wrote in message
| ...
|| My home PC is running XP HE OS. Recently, I wanted to join into some
|| Yahoo! chat rooms my brother frequents. He lives about 400 miles
|| from me, and it would be a fun way to keep in touch. I found that I
|| needed to have Java installed to use the chat rooms. I clicked on
|| the link supplied via Yahoo!, and it took me to a MS website page.
|| There, I found a message that MS had recently lost a lawsuit vs. Sun
|| Microsystems(?), and could no longer supply the Virtual Machine.
|| They intend to create a substitute utility using the .NET
|| technology, but for the moment the visitors would have to go to the
|| Sun site & get the Java from Sun.
||
|| I clicked on the link I found on the MS page, went to the Sun
|| website, & did an automated download/install of the JAVA 2 RUNTIME
|| ENVIRONMENT. It went very smoothly, with no hitches that I could
|| discern. I went offline & rebooted my system. Got back online, and
|| visited Yahoo! again. To my disgruntlement, I still couldn't use the
|| chat rooms. I haven't figured out why, yet.
||
|| The trouble showed up later, while surfing and snooping around on
|| the web. I clicked on a link, and POOF! The Java Runtime loaded
|| itself and ran an applet. The applet in question was a data-mining
|| applet, which tried to dump my memory contents, history, etc. online
|| to the applet owner. I quickly shut down the browser, went offline,
|| & rebooted the machine. I don't think they got very much, since I'm
|| currently limited to a 28K connection in this remote location.
||
|| I examined my custom Internet Options settings, and made sure all the
|| Java-related stuff was disabled. I ran Norton's Antivirus 2000 &
|| Ad-Aware (both, are updated to current par). Found nothing via
|| either one. Went back online. A short while later, it happened again
|| - SPY ATTACK!!! I quickly got offline, etc. Examining the Internet
|| Options closely, I discovered that there was a new item found via
|| the "Advanced" tab, controlling use of Java. I unchecked it, hoping
|| that had been the culprit causing such a security breach.
||
|| Going back online again, I checked and re-checked that new setting
|| to make sure it was still disabled (and, all the other related
|| settings, too). It was & they were. However, after a while of
|| surfing - POOF! There was the Java Runtime activating itself, and
|| running a data-mining applet for the current website! I again
|| quickly got offline, etc.
||
|| It was at this point, that I uninstalled the JAVA 2 RUNTIME
|| ENVIRONMENT. I did it via the Control Panel "Add/Remove Programs"
|| utility. It seemed to go smoothly; without a hitch. Almost
|| immediately, though, when I began to use the system in a normal
|| manner again, a new disfunction showed up. It was linked to usage of
|| Windows Explorer - clicking on opening a folder would cause a new
|| window to open (I have the settings set for re-using the same
|| window). This new window was maximed into Full Screen mode. I know
|| this, because I could see a new no-name window indicator in the
|| taskbar at the bottom of the screen, immediately before the taskbar
|| vanished. It was complete and utterly blank, lacking any details or
|| controls. The only escape was to trigger the Task Manager via
|| Ctrl-Alt-Del, and shut down the Windows Explorer task. Then, it all
|| seemed normal agian. However, NOTE: In the Task Manager, the only
|| window which was listed as active was the original window I'd been
|| using.
||
|| This disfunction didn't happen every time. It didn't even happen that
|| often - it seemed upredictable, and also unavoidable. The solution,
|| which I've done today, was to roll back the OS to the last auto
|| checkpoint found BEFORE the checkpoint where the JAVA 2 RUNTIME
|| ENVIRONMENT was installed. I think this has solved the problem; at
|| least, the disfunction hasn't recurred yet. I'll know in a week or
|| so, whether this was a truly enduring repair to prevent that
|| disfunction.
||
|| I'd like to recommend that MS creat an OS patch designed to seal the
|| security breach caused by the JAVA 2 RUNTIME ENVIRONMENT. This patch
|| should be designed for application AFTER the Java utility has been
|| installed, and labelled in BIG LETTERS, that this is the case. Naive
|| as I am, it seems to me that the security breach is the direct
|| result of MS losing the
| lawsuit -
|| Sun isn't constrained now, re. what it does w/ the Runtime
|| Environment, because the competition no longer can compete. The only
|| option for those who want Java, is to shop at the company store -
|| and, the price has become exorbitant now that the competition was
|| knocked out of the market; i.e., all who use Java must allow data
|| mining of their private computer's contents. The best solution seems
|| to me to be an OS patch designed to seal that security breach after
|| it's been created. You can't seal the breach beforehand, because
|| that leaves the option of programming OS alterations to occur during
|| installation of the Runtime Environment; i.e., they might be able to
|| disable the patch during the installation process, or create their
|| security breach via a different method which side-steps the existant
|| patch. So, it needs to be a "fix" applied to fine-tune & limit what
|| the Runtime Environment is allowed to do, applied after installation
|| has been completed.
||
|| I'm rather ****ed off, that the only way to have JAVA for the
|| chatrooms is to leave such a gaping security hole while I'm online.
|| I heartily recommend to all who read this message, that they don't
|| attempt to install & use the JAVA 2 RUNTIME ENVIRONMENT. In fact,
|| pass the word & let others know they're at risk too. I think doing
|| so constitutes a social service. As you can see, I've done my part
|| via taking the time to write it all out & post this. Now, do yours.
||
||
|| JLF

jlfonline wrote:
| My home PC is running XP HE OS. Recently, I wanted to join into some
| Yahoo! chat rooms my brother frequents. He lives about 400 miles from
| me, and it would be a fun way to keep in touch. I found that I needed
| to have Java installed to use the chat rooms. I clicked on the link
| supplied via Yahoo!, and it took me to a MS website page. There, I
| found a message that MS had recently lost a lawsuit vs. Sun
| Microsystems(?), and could no longer supply the Virtual Machine. They
| intend to create a substitute utility using the .NET technology, but
| for the moment the visitors would have to go to the Sun site & get
| the Java from Sun.
|
| I clicked on the link I found on the MS page, went to the Sun
| website, & did an automated download/install of the JAVA 2 RUNTIME
| ENVIRONMENT. It went very smoothly, with no hitches that I could
| discern. I went offline & rebooted my system. Got back online, and
| visited Yahoo! again. To my disgruntlement, I still couldn't use the
| chat rooms. I haven't figured out why, yet.
|
| The trouble showed up later, while surfing and snooping around on the
| web. I clicked on a link, and POOF! The Java Runtime loaded itself
| and ran an applet. The applet in question was a data-mining applet,
| which tried to dump my memory contents, history, etc. online to the
| applet owner. I quickly shut down the browser, went offline, &
| rebooted the machine. I don't think they got very much, since I'm
| currently limited to a 28K connection in this remote location.
|
| I examined my custom Internet Options settings, and made sure all the
| Java-related stuff was disabled. I ran Norton's Antivirus 2000 &
| Ad-Aware (both, are updated to current par). Found nothing via either
| one. Went back online. A short while later, it happened again - SPY
| ATTACK!!! I quickly got offline, etc. Examining the Internet Options
| closely, I discovered that there was a new item found via the
| "Advanced" tab, controlling use of Java. I unchecked it, hoping that
| had been the culprit causing such a security breach.
|
| Going back online again, I checked and re-checked that new setting to
| make sure it was still disabled (and, all the other related settings,
| too). It was & they were. However, after a while of surfing - POOF!
| There was the Java Runtime activating itself, and running a
| data-mining applet for the current website! I again quickly got
| offline, etc.
|
| It was at this point, that I uninstalled the JAVA 2 RUNTIME
| ENVIRONMENT. I did it via the Control Panel "Add/Remove Programs"
| utility. It seemed to go smoothly; without a hitch. Almost
| immediately, though, when I began to use the system in a normal
| manner again, a new disfunction showed up. It was linked to usage of
| Windows Explorer - clicking on opening a folder would cause a new
| window to open (I have the settings set for re-using the same
| window). This new window was maximed into Full Screen mode. I know
| this, because I could see a new no-name window indicator in the
| taskbar at the bottom of the screen, immediately before the taskbar
| vanished. It was complete and utterly blank, lacking any details or
| controls. The only escape was to trigger the Task Manager via
| Ctrl-Alt-Del, and shut down the Windows Explorer task. Then, it all
| seemed normal agian. However, NOTE: In the Task Manager, the only
| window which was listed as active was the original window I'd been
| using.
|
| This disfunction didn't happen every time. It didn't even happen that
| often - it seemed upredictable, and also unavoidable. The solution,
| which I've done today, was to roll back the OS to the last auto
| checkpoint found BEFORE the checkpoint where the JAVA 2 RUNTIME
| ENVIRONMENT was installed. I think this has solved the problem; at
| least, the disfunction hasn't recurred yet. I'll know in a week or
| so, whether this was a truly enduring repair to prevent that
| disfunction.
|
| I'd like to recommend that MS creat an OS patch designed to seal the
| security breach caused by the JAVA 2 RUNTIME ENVIRONMENT. This patch
| should be designed for application AFTER the Java utility has been
| installed, and labelled in BIG LETTERS, that this is the case. Naive
| as I am, it seems to me that the security breach is the direct result
| of MS losing the lawsuit - Sun isn't constrained now, re. what it
| does w/ the Runtime Environment, because the competition no longer
| can compete. The only option for those who want Java, is to shop at
| the company store - and, the price has become exorbitant now that the
| competition was knocked out of the market; i.e., all who use Java
| must allow data mining of their private computer's contents. The best
| solution seems to me to be an OS patch designed to seal that security
| breach after it's been created. You can't seal the breach beforehand,
| because that leaves the option of programming OS alterations to occur
| during installation of the Runtime Environment; i.e., they might be
| able to disable the patch during the installation process, or create
| their security breach via a different method which side-steps the
| existant patch. So, it needs to be a "fix" applied to fine-tune &
| limit what the Runtime Environment is allowed to do, applied after
| installation has been completed.
|
| I'm rather ****ed off, that the only way to have JAVA for the
| chatrooms is to leave such a gaping security hole while I'm online. I
| heartily recommend to all who read this message, that they don't
| attempt to install & use the JAVA 2 RUNTIME ENVIRONMENT. In fact,
| pass the word & let others know they're at risk too. I think doing so
| constitutes a social service. As you can see, I've done my part via
| taking the time to write it all out & post this. Now, do yours.
|
|
| JLF

"jlfonline" > wrote:

> The trouble showed up later, while surfing and snooping around on
> the web. I clicked on a link, and POOF! The Java Runtime loaded
> itself and ran an applet. The applet in question was a data-mining
> applet, which tried to dump my memory contents, history, etc.
> online to the applet owner. I quickly shut down the browser, went
> offline, & rebooted the machine. I don't think they got very much,
> since I'm currently limited to a 28K connection in this remote
> location.

I find this entire story had to believe. Please provide the URL of the
web page that loaded the applet that tried to dump your "memory
contents, history, etc. online to the applet owner." How do you know
that is what it was doing? I'd like to examine the URL and applet
myself to see if it really does what you describe.

Guy

I guess the link in question just opened a scary window saying "Your memory
and history being dumped!" (all your base are belong to us)...

"Guy Scharf" > wrote in message
...
> "jlfonline" > wrote:
>
> > The trouble showed up later, while surfing and snooping around on
> > the web. I clicked on a link, and POOF! The Java Runtime loaded
> > itself and ran an applet. The applet in question was a data-mining
> > applet, which tried to dump my memory contents, history, etc.
> > online to the applet owner. I quickly shut down the browser, went
> > offline, & rebooted the machine. I don't think they got very much,
> > since I'm currently limited to a 28K connection in this remote
> > location.
>
> I find this entire story had to believe. Please provide the URL of the
> web page that loaded the applet that tried to dump your "memory
> contents, history, etc. online to the applet owner." How do you know
> that is what it was doing? I'd like to examine the URL and applet
> myself to see if it really does what you describe.
>
> Guy

The link being provided by Yahoo! is:
http://java.sun.com/getjava/download.html .

=================================


"jlfonline" > wrote in message
...
> My home PC is running XP HE OS. Recently, I wanted to join into some
Yahoo!
> chat rooms my brother frequents. He lives about 400 miles from me, and it
> would be a fun way to keep in touch. I found that I needed to have Java
> installed to use the chat rooms. I clicked on the link supplied via
Yahoo!,
> and it took me to a MS website page. There, I found a message that MS had
> recently lost a lawsuit vs. Sun Microsystems(?), and could no longer
supply
> the Virtual Machine. They intend to create a substitute utility using the
> .NET technology, but for the moment the visitors would have to go to the
Sun
> site & get the Java from Sun.
>
> I clicked on the link I found on the MS page, went to the Sun website, &
did
> an automated download/install of the JAVA 2 RUNTIME ENVIRONMENT. It went
> very smoothly, with no hitches that I could discern. I went offline &
> rebooted my system. Got back online, and visited Yahoo! again. To my
> disgruntlement, I still couldn't use the chat rooms. I haven't figured out
> why, yet.
>
> The trouble showed up later, while surfing and snooping around on the web.
I
> clicked on a link, and POOF! The Java Runtime loaded itself and ran an
> applet. The applet in question was a data-mining applet, which tried to
dump
> my memory contents, history, etc. online to the applet owner. I quickly
shut
> down the browser, went offline, & rebooted the machine. I don't think they
> got very much, since I'm currently limited to a 28K connection in this
> remote location.
>
> I examined my custom Internet Options settings, and made sure all the
> Java-related stuff was disabled. I ran Norton's Antivirus 2000 & Ad-Aware
> (both, are updated to current par). Found nothing via either one. Went
back
> online. A short while later, it happened again - SPY ATTACK!!! I quickly
> got offline, etc. Examining the Internet Options closely, I discovered
that
> there was a new item found via the "Advanced" tab, controlling use of
Java.
> I unchecked it, hoping that had been the culprit causing such a security
> breach.
>
> Going back online again, I checked and re-checked that new setting to make
> sure it was still disabled (and, all the other related settings, too). It
> was & they were. However, after a while of surfing - POOF! There was the
> Java Runtime activating itself, and running a data-mining applet for the
> current website! I again quickly got offline, etc.
>
> It was at this point, that I uninstalled the JAVA 2 RUNTIME ENVIRONMENT. I
> did it via the Control Panel "Add/Remove Programs" utility. It seemed to
go
> smoothly; without a hitch. Almost immediately, though, when I began to use
> the system in a normal manner again, a new disfunction showed up. It was
> linked to usage of Windows Explorer - clicking on opening a folder would
> cause a new window to open (I have the settings set for re-using the same
> window). This new window was maximed into Full Screen mode. I know this,
> because I could see a new no-name window indicator in the taskbar at the
> bottom of the screen, immediately before the taskbar vanished. It was
> complete and utterly blank, lacking any details or controls. The only
escape
> was to trigger the Task Manager via Ctrl-Alt-Del, and shut down the
Windows
> Explorer task. Then, it all seemed normal agian. However, NOTE: In the
Task
> Manager, the only window which was listed as active was the original
window
> I'd been using.
>
> This disfunction didn't happen every time. It didn't even happen that
> often - it seemed upredictable, and also unavoidable. The solution, which
> I've done today, was to roll back the OS to the last auto checkpoint found
> BEFORE the checkpoint where the JAVA 2 RUNTIME ENVIRONMENT was installed.
I
> think this has solved the problem; at least, the disfunction hasn't
recurred
> yet. I'll know in a week or so, whether this was a truly enduring repair
to
> prevent that disfunction.
>
> I'd like to recommend that MS creat an OS patch designed to seal the
> security breach caused by the JAVA 2 RUNTIME ENVIRONMENT. This patch
should
> be designed for application AFTER the Java utility has been installed, and
> labelled in BIG LETTERS, that this is the case. Naive as I am, it seems to
> me that the security breach is the direct result of MS losing the
lawsuit -
> Sun isn't constrained now, re. what it does w/ the Runtime Environment,
> because the competition no longer can compete. The only option for those
who
> want Java, is to shop at the company store - and, the price has become
> exorbitant now that the competition was knocked out of the market; i.e.,
all
> who use Java must allow data mining of their private computer's contents.
> The best solution seems to me to be an OS patch designed to seal that
> security breach after it's been created. You can't seal the breach
> beforehand, because that leaves the option of programming OS alterations
to
> occur during installation of the Runtime Environment; i.e., they might be
> able to disable the patch during the installation process, or create their
> security breach via a different method which side-steps the existant
patch.
> So, it needs to be a "fix" applied to fine-tune & limit what the Runtime
> Environment is allowed to do, applied after installation has been
completed.
>
> I'm rather ****ed off, that the only way to have JAVA for the chatrooms is
> to leave such a gaping security hole while I'm online. I heartily
recommend
> to all who read this message, that they don't attempt to install & use the
> JAVA 2 RUNTIME ENVIRONMENT. In fact, pass the word & let others know
they're
> at risk too. I think doing so constitutes a social service. As you can
see,
> I've done my part via taking the time to write it all out & post this.
Now,
> do yours.
>
>
> JLF
>
>
>

I don't know what's going on with your system, but the
problem is not in the JRE runtime.

Regards


Scruffy Eagle wrote:
> The link being provided by Yahoo! is:
> http://java.sun.com/getjava/download.html .
>
> =================================
>
>
> "jlfonline" > wrote in message
> ...
>
>>My home PC is running XP HE OS. Recently, I wanted to join into some
>
> Yahoo!
>
>>chat rooms my brother frequents. He lives about 400 miles from me, and it
>>would be a fun way to keep in touch. I found that I needed to have Java
>>installed to use the chat rooms. I clicked on the link supplied via
>
> Yahoo!,
>
>>and it took me to a MS website page. There, I found a message that MS had
>>recently lost a lawsuit vs. Sun Microsystems(?), and could no longer
>
> supply
>
>>the Virtual Machine. They intend to create a substitute utility using the
>>.NET technology, but for the moment the visitors would have to go to the
>
> Sun
>
>>site & get the Java from Sun.
>>
>>I clicked on the link I found on the MS page, went to the Sun website, &
>
> did
>
>>an automated download/install of the JAVA 2 RUNTIME ENVIRONMENT. It went
>>very smoothly, with no hitches that I could discern. I went offline &
>>rebooted my system. Got back online, and visited Yahoo! again. To my
>>disgruntlement, I still couldn't use the chat rooms. I haven't figured out
>>why, yet.
>>
>>The trouble showed up later, while surfing and snooping around on the web.
>
> I
>
>>clicked on a link, and POOF! The Java Runtime loaded itself and ran an
>>applet. The applet in question was a data-mining applet, which tried to
>
> dump
>
>>my memory contents, history, etc. online to the applet owner. I quickly
>
> shut
>
>>down the browser, went offline, & rebooted the machine. I don't think they
>>got very much, since I'm currently limited to a 28K connection in this
>>remote location.
>>
>>I examined my custom Internet Options settings, and made sure all the
>>Java-related stuff was disabled. I ran Norton's Antivirus 2000 & Ad-Aware
>>(both, are updated to current par). Found nothing via either one. Went
>
> back
>
>>online. A short while later, it happened again - SPY ATTACK!!! I quickly
>>got offline, etc. Examining the Internet Options closely, I discovered
>
> that
>
>>there was a new item found via the "Advanced" tab, controlling use of
>
> Java.
>
>>I unchecked it, hoping that had been the culprit causing such a security
>>breach.
>>
>>Going back online again, I checked and re-checked that new setting to make
>>sure it was still disabled (and, all the other related settings, too). It
>>was & they were. However, after a while of surfing - POOF! There was the
>>Java Runtime activating itself, and running a data-mining applet for the
>>current website! I again quickly got offline, etc.
>>
>>It was at this point, that I uninstalled the JAVA 2 RUNTIME ENVIRONMENT. I
>>did it via the Control Panel "Add/Remove Programs" utility. It seemed to
>
> go
>
>>smoothly; without a hitch. Almost immediately, though, when I began to use
>>the system in a normal manner again, a new disfunction showed up. It was
>>linked to usage of Windows Explorer - clicking on opening a folder would
>>cause a new window to open (I have the settings set for re-using the same
>>window). This new window was maximed into Full Screen mode. I know this,
>>because I could see a new no-name window indicator in the taskbar at the
>>bottom of the screen, immediately before the taskbar vanished. It was
>>complete and utterly blank, lacking any details or controls. The only
>
> escape
>
>>was to trigger the Task Manager via Ctrl-Alt-Del, and shut down the
>
> Windows
>
>>Explorer task. Then, it all seemed normal agian. However, NOTE: In the
>
> Task
>
>>Manager, the only window which was listed as active was the original
>
> window
>
>>I'd been using.
>>
>>This disfunction didn't happen every time. It didn't even happen that
>>often - it seemed upredictable, and also unavoidable. The solution, which
>>I've done today, was to roll back the OS to the last auto checkpoint found
>>BEFORE the checkpoint where the JAVA 2 RUNTIME ENVIRONMENT was installed.
>
> I
>
>>think this has solved the problem; at least, the disfunction hasn't
>
> recurred
>
>>yet. I'll know in a week or so, whether this was a truly enduring repair
>
> to
>
>>prevent that disfunction.
>>
>>I'd like to recommend that MS creat an OS patch designed to seal the
>>security breach caused by the JAVA 2 RUNTIME ENVIRONMENT. This patch
>
> should
>
>>be designed for application AFTER the Java utility has been installed, and
>>labelled in BIG LETTERS, that this is the case. Naive as I am, it seems to
>>me that the security breach is the direct result of MS losing the
>
> lawsuit -
>
>>Sun isn't constrained now, re. what it does w/ the Runtime Environment,
>>because the competition no longer can compete. The only option for those
>
> who
>
>>want Java, is to shop at the company store - and, the price has become
>>exorbitant now that the competition was knocked out of the market; i.e.,
>
> all
>
>>who use Java must allow data mining of their private computer's contents.
>>The best solution seems to me to be an OS patch designed to seal that
>>security breach after it's been created. You can't seal the breach
>>beforehand, because that leaves the option of programming OS alterations
>
> to
>
>>occur during installation of the Runtime Environment; i.e., they might be
>>able to disable the patch during the installation process, or create their
>>security breach via a different method which side-steps the existant
>
> patch.
>
>>So, it needs to be a "fix" applied to fine-tune & limit what the Runtime
>>Environment is allowed to do, applied after installation has been
>
> completed.
>
>>I'm rather ****ed off, that the only way to have JAVA for the chatrooms is
>>to leave such a gaping security hole while I'm online. I heartily
>
> recommend
>
>>to all who read this message, that they don't attempt to install & use the
>>JAVA 2 RUNTIME ENVIRONMENT. In fact, pass the word & let others know
>
> they're
>
>>at risk too. I think doing so constitutes a social service. As you can
>
> see,
>
>>I've done my part via taking the time to write it all out & post this.
>
> Now,
>
>>do yours.
>>
>>
>>JLF
>>
>>
>>
>
>
>

On Sat, 18 Oct 2003 17:55:17 -0500, Scruffy Eagle wrote:

> The link being provided by Yahoo! is:
[huge snippage]

I have both the MS and the Sun JVM's installed. Have not seen the behavior
described with either one of those. To me it sounds like the author
mistakenly attributed the spyware like activity to Sun's JRE. It is more
likely that they installed a bit of spyware around the same time as the JRE.
Using System Restore, removed the undiscovered spyware at the same
time it removed the remnants of their JRE installation.

--
Sharon F
MS MVP - Windows Shell/User