Risk from Java? Browsers have different takes
Java’s history of vulnerabilities could explain different takes on vigilance from Chrome and Internet Explorer, writes Patrick Marshall. He also responds to questions about a “High Disk Usage” notice and annoying pop-up malware.
Special to The Seattle Times
Q: One site I use a lot — www.aviationweather.gov — has a new format. When I try to access its flight path tool (fpt.jnlp) using Chrome, I am advised that doing so puts my computer at risk; when I do the same thing using Internet Explorer, it works just fine.
According to the site’s FAQ, the problem has to do with Java, and I have the latest version. I prefer to use Chrome. Am I really putting my Windows 7 computer at risk?
— Bob Gardner
A: Let’s put it this way: Whenever your computer is connected to the Internet, it is at risk. Specifically, Java has been known to have serious vulnerabilities over the years and as they are patched, more seem to emerge.
Chrome is just being extra vigilant in warning you. In other words, the vulnerabilities are there whether you’re using Chrome, which warns you about them, or another browser that doesn’t.
Q: I am using a Gateway laptop with Windows 7 and which has 2 gigabytes of system memory and a 90-gigabyte hard drive with about 40GB free. I run the current Norton Antivirus, which is updated daily.
With some increasing frequency, I am getting a “High Disk Usage” notice that something called taskhost.exe is the cause. It does indeed take away a significant amount of operating ability and slows everything else down. Is this something to be concerned about?
— Larry Yarnell, Belfair
A: Taskhost.exe is a Windows process that other applications use to perform operations in Windows. So the process itself is legitimate.
That doesn’t mean, however, that the application calling on the process is something you want to have running. For example, it could be a virus or some malware that isn’t detected by an anti-virus program. Or it could be your anti-virus program itself. (Which is why you want to schedule anti-virus scans for times when your computer is idle.)
You may find clues by checking the Task Manager and the Resource Monitor to see what applications and processes are running when you have the problem.
Unfortunately, those tools can’t show you what specific application is accessing each instance of taskhost.exe.
And I also recommend periodically going to the Control Panel and opening the Programs and Features utility to see if software you don’t want has been installed. Very often, when you install something you want over the Internet, you are also installing other applications you might not want.
Q: Are you familiar with the “Voice 5” pop-up malware? I just had an experience that was both frustrating and educational.
The symptom is a pop-up ad from Voice 5 that asks you to participate in a survey. This very annoying pop-up occurred sporadically in Firefox when I clicked on something, anything, while browsing.
The tech at Malwarebytes walked me through a thorough removal process using specialized software that he had me download (kudos to Malwarebytes!). The details are too lengthy to describe here, but here are the important take-aways.
Malwarebytes tech support had me remove Comcast Caller ID software. The tech told me that he was suspicious that Caller ID was the culprit because (a) it has a pop-up feature, and (b) it was located in a folder that had the same name as the executable file “callerID.exe.”
Now for the frustrating part. I spent nearly an hour on a chat line with three different Xfinity-Comcast tech reps, and got absolutely nowhere. The voice-phone techs referred me to the Internet techs, who in turn referred me back to the voice techs. The Firefox online support system doesn’t provide an obvious path to inform them of this issue. Any thoughts?
— John A. Vitalich, Seattle
A: I haven’t been able to confirm a connection between the VoiceFive pop-ups and Comcast’s CallerID feature. Lots of users have had the malware from other sources.
Malwarebytes is aware of that particular critter, and simply running a scan with Anti-Malwarebytes has been reported to remove it.
It’s always easier to block malware than to remove it, however. That’s why I’d suggest if you find you pick up malware more than very rarely, spring for the Pro version, which monitors your system in real time.
I empathize with your frustration with Comcast and Firefox. But malware is a moving target that takes advantage of vulnerabilities wherever its authors can find them, and vendors may not be clear about whether it’s their vulnerability or someone else’s. That’s particularly the case with Web browsers, as users are frequently using browser add-ons (not written by the browser manufacturer) that introduce vulnerabilities.
Questions for Patrick Marshall may be sent by email to firstname.lastname@example.org or email@example.com, or by mail at Q&A/Technology, The Seattle Times, P.O. Box 70, Seattle, WA 98111. More columns at www.seattletimes.com/columnists.