A few days ago a seemingly urgent report passed before me. According to these reports, there was an exploit that could be used with Java 7 to break into computer systems. Yesterday I disabled Java on both the computers we use regularly. Today I did a little research and discovered that the Java 7 0-day vulnerability was blocked by SonicWALL. In fact, SonicWALL identified this vulnerability on November 1, 2012 and added the signature to their firewall list. It turned out that our SonicWALL TZ200W had been protecting us all along and we didn’t even know it.
Background
I first ran across this in an e-mail that pointed me to BeyondTrust.com. From there, it was easy to find other references. For example, CERT says this:
Java in Web Browser: Disable Now!
Hi, it’s Will and Art here. We’ve been telling people to disable Java for years. In fact, the first version of the Securing Your Web Browser document from 2006 provided clear recommendations for disabling Java in web browsers. However, after investigating the Java 7 vulnerability from August, I realized that completely disabling Java in web browsers is not as simple as it should be.
Luckily, Oracle has since added a new option in the Java control panel applet to disable Java in the browser. If you haven’t already done so, now is the time to disable Java in the browser.
Surprise, another serious Java vulnerability (VU#625617, CVE-2013-0422), similar in some ways to the last serious Java vulnerability (VU#636312, CVE-2012-4681), has been discovered. Self-quoting from last time:
We strongly recommend disabling Java support in web browsers—and also applying any and all Java security updates.
Is installing the [7u7] update necessary? Yes. Is it sufficient? No.
Not much has changed. Like CVE-2012-4681, this new vulnerability doesn’t involve memory corruption, so EMET and other runtime mitigation techniques won’t help you. Java is cross platform, accessible via web browsers, and has architectural soft spots related to reflection, SecurityManager, and the Java sandbox. The Next Generation Java Plug-in (used by default) runs out-of-process, so web browser sandboxing andInternet Explorer Protected Mode are out of the way. These are some of the reasons that make Java an attractive target for attack. And that’s why (self-quoting again):
We strongly recommend disabling Java support in web browsers. And leave it off.
As mentioned earlier, Java 7u10 now provides a one-click option to disable Java in web browsers along with some other security enhancements. This is a huge improvement over the previous situation, especially forInternet Explorer.
We have confirmed that VU#625617 can be used to reliably execute code on Windows, OS X, and Linux platforms. And the exploit code for the vulnerability is publicly available and already incorporated into exploit kits. This should be enough motivation for you to turn Java off. How can you determine whether you need Java in your browser? Turn it off and see how many web sites break. If the web works fine, then leave it off. You may be pleasantly surprised (and safer as a result).
Conclusion
A few months back SonicWALL was bought by Dell. We have been nervous about this somewhat odd pairing. We are encouraged by the prompt action the company took in recognizing and blocking this new threat.
SonicWALL TZ-200
This device is not cheap. The SonicWALL website lists the base price as $495. If you want wifi, add another $100. But SonicWALL is really in the subscription business. Basic protection, called the “Comprehensive Gateway Security Suite Bundle,” costs $330 for one year. Substantial discounts are available for multi-year contracts: $490 for two years and $605 for three. I recommend starting with a one-year contract. SonicWALL offers free trials of some other options. For us, the most attractive option is probably the Comprehensive Anti-Spam Service ($225 for one year, multi-year discounts available). You can click here to see the complete menu.
But discounts are available through SonicWALL authorized dealers. We bought ours from Pacific Computer Supply in Mountain View. Search their site for TZ200. And remember the prices quoted generally are for a bundle of hardware and various security services.
The Dell™ SonicWALL™ TZ 200 Series integrates Unified Threat Management with critical business continuity features to provide a powerful branch office and small business security platform. The TZ 200 provides critical failover capabilities for optimal uptime, with support through USB 3G and analog modem failover as well as multi WAN failover. Sophisticated anti-spam capabilities further add to the protection provided by Unified Threat Management (UTM) services, delivering a powerful and efficient security solution to distributed enterprises, small- to medium-sized businesses (SMBs), retail locations and managed service providers.
SonicWALL’s headquarters are in San Jose. On Twitter they are @sonicwall. Other contact information
2001 Logic Drive San Jose, CA 95124-3452 |
T +1 888.557.6642 Toll-Free T +1 408.745.9600 F +1 408.745.9300 |