Thanks for the heads up - will double check my typing next time I visit.

Thanks for the warning....

Let me test it on my MAC...

I just tried it and it did not install a virus - BUT I do not have Java installed.

NEVER install Java on your computer, and always disable it if you somehow have it.

Check here if you have Java, if you do, kill it.

https://www.java.com/en/download/installed.jsp

Let me test it on my Linux...

As far as I can tell, Java is only used to install malware on computers .

This is ridiculous advise that no one should follow. Every single trading institution, bank, and most governmental municipalities use Java applets on their pages as do tons of cots software. What you need to be cognizant of is WHAT site you are on and whether or not the Java app is properly signed by which company and if the signing matches the company domain.

Sticking your head in the sand isn't a valid method of security. At all.

You might as well go remove:

Flash,
Adobe reader,
Shockwave,
Chrome plugin execution,
Firefox plugin execution,
Nss-api,
Npapi,
Etc. as they all have identical if not more attack vectors.

Java at least provides not one, not two, but 3 confirmation requests before running an application and denies by default if the app isn't at least running a valid SSL certificate.

If you don't know what you are running, Java or not isn't going to fix that.

It was fine on my ZX81.

rd

Even your other favorite security risk, Adobe Flash, will soon be no longer.

People are generally not computer experts and will make mistakes like typing in the wrong url.

Normal people: Make sure you kill off Java- Virtual Virus Machine. (if some porno website says you need the Java plug-in, go to xhamster.com instead.....)

Completely incorrect. Please don't speak authoritatively. "Normal" people can read. You aren't giving people enough credit. Java isn't the largest purveyor of viruses. Far far far from it.

Also since Windows 7 and the proper implementation of UAC (which I'm sure you disabled too) aside from the massive amounts of warnings and big red X's you get from an unsigned app and the fact it won't even execute on an improper url, UAC prevents browser based file execution unless you explicitly allow it with yet another massive prompt. So basically what you are telling people is don't cross the street at all in lieu of just watching for the "don't walk" sign.

Living in a bubble isn't a valid mechanism for security especially since the number of vectors for entry ahead of Java are in the hundreds. The amount of sites that use Java validly are in the hundreds of thousands whereas the number using it maliciously is probably 1% of that. Maybe you just browse some sketchy material?

If you are apt to take Vids advice I recommend you go back to using a piece of slate, hammer, and chisel because that's the only way you will be able to communicate without fear .

Here's a simple solution that I use:

I have Firefox installed with "NoScript" plug-in. It only runs javascript on sites that I OK.

So, Pinside is OK'd, but google-analytics.com is NOT (which pinside uses).

That also means if I go to a new website, the javascript is off by default, until I OK it.

Having java (and other plug-ins with known vulnerabilities) installed and active is like leaving your front door to your house unlocked. Sure, in some suburban areas or cow towns you can do that, but in some place like the middle of detroit, it's probably quite unsafe.

Better to lock down the hatches and not have to worry about anything getting inside in the first place.

I havent really seen any financial institutors use java/flash/Shockwave plug-ins in at least a decade.

(Also, note there is a huge difference between Java and javascript. Ham is to hamster as java is to javascript)

https://en.wikipedia.org/wiki/Java_(software_platform)

https://en.wikipedia.org/wiki/JavaScript

This is interesting as I played around with that site and it appears to mimmic pinball life very well!

I even went to order something. I went to log in, obviously using fake username and password, fully expecting it to say "you logged in!" and snarf up my username/password for some additional attack... but it said the pair was incorrect.

Then again, it may have snarfed up my fake username/password and just said it was wrong. I hope it did as my username was a nasty message to them.

Just to throw it out there, Malwarebytes is a good program to run if you think you may have any nasty bugs! Even if you don't think you do run it you might be shocked what it finds! Oh and it's free.

I went to it and it redirected me to a DirecTV site. The rates look favorable! I'm all in!!

I don't even remember the last time I entered a url directly into the address bar, I just type the site name into my google toolbar search box and then click on it. After the first time, I can then enter just the first few letters into the address bar and press return.

I went to the misspelled address from a safe machine and it's definitely malware clickbait. It's got a loop that throws up alert pop-ups over and over, plays warnings, tells you to call a number, etc....

It's actually almost an impossible page to close without killing the browser process.

The abuse email for the host can be reached at: [email protected]

I'd recommend dropping them an email letting them know the site is being used to propagate malware. I emailed, but the more that do will help.

An example email would be:

Hello, I am writing to let you know that one of the domains you are hosting, pinballife.com, is attempting to infect visitors with malware and viruses. Could you please investigate and shut it down if you find it in violation of your TOS? Thanks!

What was the contract length?

The computer has already been destroyed. It was a virtual machine running in Azure.

That's what's amazing! Apparently it's as long as I want! Can't believe my luck

NFL full access included?

Forget your fear, just uninstall Java.

I have not had Java installed in 2 years. Every normal website works fine.

The few sites I've seen that want the Java Plug-in installed, I skip.

When I went to the fake url for Pinballife.com, nothing happened. No redirecting, no malware installed, no fake pop-up telling me that Windows has detected a virus and do I want to clean it. Nothing.....and that's a good thing.

Even the Department of Homeland Security has told users to uninstall Java way back in 2013 - it is a needless security risk.

-

Flash is next. Kiss that sonobitch goodbye and good riddance !!!!!!!!!!!!!!!!!!!11

Haha. Now you are being ridiculous. Linux is a great OS as long as you use a desktop environment.

Funny, I just spent two hours the other day at my mothers house fixing her laptop.

Why? Because she got the infamous pop up "Your computer is infected, do not shut down or close this window or you will loose yours files!!!" And of course it had a number to call to remove that nasty virus,,,,,,,..

I found out two days later AFTER she had called the number AFTER she let them on her machine for a few hours to 'clean' her machine AFTER they con'd her into $199 for 1 year warranty on their work.

I had her contact her bank and cancel her credit card. Luckily they caught and stopped the charge from 'James' out of some company in India.

Reason she caught the virus written but the folks who clean viruses,,, my sister updated her to Win 10 and never reinstalled Norton. /facepalm

FWIW, I've always had Java installed (need it for some work I do), never been burnt, never had to reformat a hardrive... Just just gots to not be stupid.

Gee how convenient for this virus warning to pop up AND include a place to call to fix it!!!

I just get a VIRUS FOUND bullshit page with a SCAN NOW button on the bottom. Like I'm going to click it. What am I? Some sort of dumbass? Now if it had been labelled "Do not click" then I probably would have.

That's the social engineering aspect to many of the scams.

You are in a hurry to finish that spreadsheet, presentation or paper. Your computer puts a big stress upon you, suddenly being locked up. Then almost by magic, the solution pops up, right in front of your eyes.

-

Same as when people get the phone call that they skipped jury duty and now the county is issuing a warrant for their arrest.

Scammer: This is Sheriff Kickass with the Dale County sheriff department, is this Joe Average?
Joe: Yes. What can I help you with?
Scammer: It is my duty to inform you that a bench warrant has been issued for your arrest for not reporting to jury duty.
J: But....I...never got any notice!!!!
S: Sorry, you chose to ignore two notices, now you get to appear before the judge, but on the other side of the table. Maximum penalty is 15 days in jail and or $1500 fine.
J: What???? I never got a single notice. I was out of town for a few weeks and my neighbor was collecting my mail. Maybe she lost it or something, she's 90 years old !!!! Maybe my wife thought it was junk mail.....!!!!
S: Sorry, you should not have ignored the law.
J: I ALWAYS go to jury duty when chosen. There must be some crazy mistake!
S: Well, you have attended jury duty in the past?
J: Yes, absolutely.
S: Hmmm...let me see if I can manually update your jury status....OK.....Yep....here it is....Let me verify your information....date of birth?
J: 1/15/1960
S: Current address?
J: 666 Mockingbird Lane
S: Social Security number?
J: 492-11-1113
S: Finally for security verification, your mother's maiden name?
J: Smith.
S: OK, Joe, I've changed your Jury status to active again. You should expect a new notice of duty in the next few weeks. I suggest you take it seriously this time.
J: Yes, sir. I'll report the moment I get it. Thank You so much!!!!!!!!

^ true story how a guy at work got his identity stolen. He got stressed out, then was flustered enough to give out all his personal information without resistance.

I couldn't get it to work on my Apple but I did find that hamster porn site.

Global warming my arse, they need to find these folks and shave their nuts and shellac them, then cover them in honey and tied them squat over a fire ant hill. But thats just me...

This is one of the most ridiculous/uneducated/incorrect statements I've ever heard. Java is a platform that runs apps from the Java programming language and they're not all malware. Generally, you're a good source of knowledge. But I guess computer software and operations isn't one of your known topics.

To the OP: I have typed that in many times by accident and have never caught a virus from that page. I have Java installed and use chrome as a browser not internet explorer / edge.

Obviously I was being sarcastically outrageous.

But almost all web based malware is installed through Java.

Java is crap, just uninstall it.

Chrome got rid of it 6 months ago, did anybody miss it?

Will all of the exploits for java he isnt far off. Perhaps he was being a bit facetious. Not sure if I have it installed on the old *nix. Not really a use for it in the browser any more, those days are long past us.

Sorry you work with stupid people.

I'm not sure which of these is funnier--the original joke, or the fact the the joke got completely missed.

Every one, huh?

But you feel free to go ahead and do so.

Alas, finally some good advice.

Yup I got one of those a couple of weeks age, just laughed and dumped it.

Next, in his infinite knowledge will say leg levelers cant be painted and will ruin your carpet.

https://pinside.com/pinball/forum/topic/will-painted-levelers-permanently-stain-your-carpet-lets-find-out-together

Yeah, when he told me about his "Close call with being arrested for skipping Jury Duty" I was like WTF, let's call the Sheriff's office and see why a sheriff's time is being used for a job that could be done by a $7 a hour temp worker.

Needless to say, no one at the Sheriff office knew anything about it.

About a month latter it was on TV about how many people had been taken by the scam.

Well, "O-din, Pinside member" (if that is your REAL name), experts claim hamster porn is the #1 malware vector today.

Jury Duty is a scam to begin with. You've got judges and lawyers making 6 figures, you've got someone being sued for millions of dollars, and they want to pay you what, $15 a day? I'm calling BS on that!

Yeah, that was another classic.

The master had spoken.

Thanks for the advice. I will get busy removing all those virus enablers, along with Java of course.

Oh wait, is it that time again?

torches-and-pitchforks.jpg

Which computer do you use then?