My OperaThis topic has been closed. No new entries allowed.
Reason: Please make sure that thread titles are descriptive and relevant to the thread content
You need to be logged in to post in the forums. If you do not have an account, please sign up first.
Major security issue
Hi all,I 've been a fanatic Opera user since version 6. I 've just registered on the site and I am posting this, because today, I am considering to stop using Opera and this makes me very sad.
The reason: It 's twice I 've almost got hacked by what seems to be an Opera exploit on the wild.
What happened the first time:
The exploit triggered without any user action after the offending page loaded. It launched Java. Windows defended kicked in and blocked a trojan. Hopefully, infection didn't happen.
What happened the second time (on a site with professional WP themes!):
The exploit triggered without any user action after the offending page loaded. It launched Java. No Windows Defender to save me this time!!!
From Microsoft 's Process Explorer tool, I see that a p2launch.exe was a child process of Opera and it spawned as a child Java. I tried to kill the Opera process and spawns and I got a blue screen of death (Vista). Hopefully, infection unsuccesful.
This, to me, means progression. What will happen the third time?
And the worst for me, I see no fix, no security discussion. Perhaps I am just blind and it 's already solved, but I am using the 3386 snapshot when the latest is the 90.
Very frustrated.
--
About Opera
Version 10.54
Build 3386
Platform Win32
System Windows NT 6.0
Java is not Opera, it is used via Opera, at the instruction of the website, but it is a completely separate programming environment, with its own set of vulnerabilities, just like Flash and Acrobat does. There is generally nothing Opera can do to protect your system against such attacks.
Make sure that your system's Java installation, and any other plugin installation you have, is up to date.
Regarding your possible infection, unless your local security suite can handle it, you may need to get technical help to get rid of it. Make sure you have a backup of all your files.
Make sure that your system's Java installation, and any other plugin installation you have, is up to date.
Regarding your possible infection, unless your local security suite can handle it, you may need to get technical help to get rid of it. Make sure you have a backup of all your files.
Sincerely,
Yngve N. Pettersen
Yngve N. Pettersen
You are probably right yngve.
What bugs me a lot is that the .exe was a direct child of Opera and Java was a child of that exe (according to process explorer). On the other hand, there seems to be a very recent Java exploit ciculating, so it 's probably that. It seems I overreacted.
Back to Opera.
What bugs me a lot is that the .exe was a direct child of Opera and Java was a child of that exe (according to process explorer). On the other hand, there seems to be a very recent Java exploit ciculating, so it 's probably that. It seems I overreacted.
Back to Opera.
That's why it is advisable to DISable all the plugins and other gimmickry in Opera by default - and SELECTIVELY enable the barest minimum of features on a per-site basis.
Also:
1) never, NEVE-NEVER work as an administrator - do all your everyday internet activity as a LUA - the nonadministrative, least privilege user account
2) have the proper Software Restriction Policies installed
Also:
1) never, NEVE-NEVER work as an administrator - do all your everyday internet activity as a LUA - the nonadministrative, least privilege user account
2) have the proper Software Restriction Policies installed
Opera v12.16b1860 on winXP-SP3 (EeePC900)
experimenting with the PaleMoon v24.3.1 (an optimised FireFox clone)
experimenting with the PaleMoon v24.3.1 (an optimised FireFox clone)
Java is one of the worst protected software packages today. The best is to delete Java completely from your system because only a pour 5% of the websites uses it and from that 5% you don't really need it. If a browser needs Java than the browser is Vulnerable! Disable it or use a different browser.
Originally posted by LinuxAndGo:
(...) The best is to delete Java completely from your system because only a pour 5% of the websites uses it and from that 5% you don't really need it. (...)
Java (JRE) is not only used by websites, but mainly to run standalone applications written in Java programming language. If you know you never run such applications, then of course you can remove it from your system.
I miss the pre-Java-plugin era when it was possible to disable Java without disabling all plugins with it.
If you can't uninstall Java for some reason you could write a little batch that exchanges the plugin-ignore.ini by another one that has the java plugin as blocked plugin in it, then do a little toolbar button magic to start the batch and you've got the old "enable/disable Java" back.
I don't know if that would work, I've no Java installed anymore, so I don't know how Opera would react if it will remain stable when you exchange these files as long as it runs ...
If you can't uninstall Java for some reason you could write a little batch that exchanges the plugin-ignore.ini by another one that has the java plugin as blocked plugin in it, then do a little toolbar button magic to start the batch and you've got the old "enable/disable Java" back.
I don't know if that would work, I've no Java installed anymore, so I don't know how Opera would react if it will remain stable when you exchange these files as long as it runs ...
Looking for a new home for your blog, albums, mail and forums after my.opera closes at march 1, 2014?
Visit https://vivaldi.net - the new community set up by Jon S. v. Tetzchner and several former Opera employees. Many of us are already there and some of the employees too
Visit https://vivaldi.net - the new community set up by Jon S. v. Tetzchner and several former Opera employees. Many of us are already there and some of the employees too
Originally posted by QuHno:
I don't know if that would work, I've no Java installed anymore, so I don't know how Opera would react if it will remain stable when you exchange these files as long as it runs ...
plugin-ignore.ini is only read on startup. So, if you change something in it, Opera won't see the change until you restart Opera.
I feared that it might be so.
An option like with the toolbar.ini to "force" a reload of the ini would be welcome, or better: The possibility to switch off selected plug-ins on-the-fly, as several people wished in several other threads ind the my.opera forums. The on demand option seems to be a little bit clumsy as it seems to put people with installed Java at an unnecessary risk that didn't exist before in Opera. So IMHO it is if not an Opera problem but a problem generated by Operas changed approach to Java.
... sorry for this OT comment, just my 2ct.
An option like with the toolbar.ini to "force" a reload of the ini would be welcome, or better: The possibility to switch off selected plug-ins on-the-fly, as several people wished in several other threads ind the my.opera forums. The on demand option seems to be a little bit clumsy as it seems to put people with installed Java at an unnecessary risk that didn't exist before in Opera. So IMHO it is if not an Opera problem but a problem generated by Operas changed approach to Java.
... sorry for this OT comment, just my 2ct.
Looking for a new home for your blog, albums, mail and forums after my.opera closes at march 1, 2014?
Visit https://vivaldi.net - the new community set up by Jon S. v. Tetzchner and several former Opera employees. Many of us are already there and some of the employees too
Visit https://vivaldi.net - the new community set up by Jon S. v. Tetzchner and several former Opera employees. Many of us are already there and some of the employees too
I'm a bit late on this topic but I feel I have to say something about it.
For many years I used Opera in several computers and operating systems (going from Windows 98 to Windows 7).
Being a carefull person concerning what I touch or not, specially online, I managed to never have any issues with any virus, trojans, or even simple spyware.
To my surprise, recently I have found myself dealing with some unknown programs running on my PC (by "some" I mean 2, so far) without my intervention at all. The first one locked himself in the system and faked as a warning about some illegal software on my PC (which I never even heard of). The second one went to my temp folder disguised as "smss.exe" and tried to open some webpages. When this happened I was simply using Opera, looking into some webpages (who didn't seem to be malicious at all). I keep my system clean so this was really weird how simply browsing the web in the most secure browser I know of, could get me into trouble I didn't look for.
I eventually managed to find out that Java was doing it. I wasn't aware that it could download and execute code in the user's system. If that was possible already, why it only happened recently with Opera? I had no issues before, and I'm still a fan of this browser.
Isn't there a way to avoid Java running other EXEs trough the browser?
For many years I used Opera in several computers and operating systems (going from Windows 98 to Windows 7).
Being a carefull person concerning what I touch or not, specially online, I managed to never have any issues with any virus, trojans, or even simple spyware.
To my surprise, recently I have found myself dealing with some unknown programs running on my PC (by "some" I mean 2, so far) without my intervention at all. The first one locked himself in the system and faked as a warning about some illegal software on my PC (which I never even heard of). The second one went to my temp folder disguised as "smss.exe" and tried to open some webpages. When this happened I was simply using Opera, looking into some webpages (who didn't seem to be malicious at all). I keep my system clean so this was really weird how simply browsing the web in the most secure browser I know of, could get me into trouble I didn't look for.
I eventually managed to find out that Java was doing it. I wasn't aware that it could download and execute code in the user's system. If that was possible already, why it only happened recently with Opera? I had no issues before, and I'm still a fan of this browser.
Isn't there a way to avoid Java running other EXEs trough the browser?
That's why you should always keep your installed applications, including Java, up to date. Go to http://java.com/ to download the latest version
Originally posted by AbilioKID:
I wasn't aware that it could download and execute code in the user's system.
There have been several vulnerabilities in Java that let malicious apps escape the sandbox without the user being warned.
Originally posted by AbilioKID:
. If that was possible already, why it only happened recently with Opera
Perhaps because you used it when you visited the infected site?
Originally posted by AbilioKID:
Isn't there a way to avoid Java running other EXEs trough the browser?
Keep it up to date, and when there are known but unfixed problems that allow such problems, take precautions.
The same applies to any other plugin you have installed, too.
Sincerely,
Yngve N. Pettersen
Yngve N. Pettersen
Forums » General Opera topics » Security and privacy in Opera