What are these mToolkit programs on my Dell laptop (Can I just remove them?)?

[lisa harkema]

Dell *does* provide a pure Windows XP CD - but you have to ask (and usually
pay) for it - like $10.

Oh. OK. Dell doesn't even say you can get a recovery disk (they say to
use the hard disk recover option) so I thought I was being clever by
asking for the 3-CD recovery set.

I'll give them a call again to see if they have a bare-bones Windows
XP CDROM. (Do they also provide the WinXP serial number or do I have
to save the one I already have on my system pre-installed?)

Lisa

 

[Shenan Stanley]

Oh. OK. Dell doesn't even say you can get a recovery disk (they say
to use the hard disk recover option) so I thought I was being
clever by asking for the 3-CD recovery set.

I'll give them a call again to see if they have a bare-bones Windows
XP CDROM. (Do they also provide the WinXP serial number or do I have
to save the one I already have on my system pre-installed?)

Should have a sticker on the machine itself...

 

[David H. Lipman]

From: "lisa harkema" <[email protected]>


|
| I have the following on my Dell laptop:
| C:\Program Files\Java\j2re1.4.2_03
|
| Does that mean I should remove it and re-install a newer Java?
| What does Java do for me anyway?
| I never execute any program called "Java" (sounds silly).
|
| What is Java and why do I need it if it's exploited anyway?
| All I do is look at web pages (I hate fancy moving web pages so I
| don't ever even install Flash or RealPlayer, yuck!).
|
| Do I really need this Java in the first place?
| Lisa

It sure does need to be removed ! That is know to vulnerable and is actively being
exploited.

As for needing Sun Java wellthat's a whole different story that I won't get into.
Java is an interpreter for specific content. Becuase Java runs the same on different
operating systems, any web site using Java will show the saem content no matter what the OS
or browser that is used.

Remove ALL versions of Sun Java and replace it with v5 update 9.

In the middle of the page...
http://java.sun.com/javase/downloads/index.jsp

"Java Runtime Environment (JRE) 5.0 Update 9"

 

[lisa harkema]

Should have a sticker on the machine itself...

It has a "Windows XP Home Edition" product key but not a CDROM key.
Dunno if that matters (my previous installations of WinXP required
both a product key and a CDROM key).

Lisa

 

[lisa harkema]

Remove ALL versions of Sun Java and replace it with v5 update 9.
http://java.sun.com/javase/downloads/index.jsp
"Java Runtime Environment (JRE) 5.0 Update 9"

OK. Following your advice verbatim, I went to:
http://java.sun.com/javase/downloads/index.jsp

And then went to the section titled:
Java Runtime Environment (JRE) 5.0 Update 9
The J2SE Runtime Environment (JRE)
allows end-users to run Java applications

And then clicked on the "DOWNLOADS" button:
https://sdlc5d.sun.com/ECom/EComActionServlet;jsessionid=64947C105675BCF77D9C4911876D3839

WHich, after forcing me to accept some kind of license
http://192.18.108.138/ECom/EComTick..._09-oth-JPR:2/jre-1_5_0_09-windows-i586-p.exe
Gave me the latest Java thingey.

I installed it but I really don't know what or why I installed it.

WHy would I (a normal person) need this Java download.
What happens if I don't have it?
(BTW, I have Java and Javascript turned off in my browser as I hate
anything but a normal web page and have no patience for rotating
images and things of that ilk).

Do I really need this Java thing (especially since I have it turned
off in my browser)?

Lisa

 

[David H. Lipman]

From: "lisa harkema" <[email protected]>

< snip >

|
| I installed it but I really don't know what or why I installed it.
|
| WHy would I (a normal person) need this Java download.
| What happens if I don't have it?
| (BTW, I have Java and Javascript turned off in my browser as I hate
| anything but a normal web page and have no patience for rotating
| images and things of that ilk).
|
| Do I really need this Java thing (especially since I have it turned
| off in my browser)?
|
| Lisa
|

What is MORE important was did you remove all the older versions ?

Is v5 update 9 the *ONLY* version now on your PC ?

 

[glee]

Oop. I already deleted some of them. And, YES, I DO have a wireless
card installed by the manufacturer. I'd better hold off on deleting
them I guess. I got rid of about half of them. I generally don't use
the wireless card but I do use it when I travel.
Lisa

Well, I don't have a Dell laptop to check on, so I can't say what, if any,
functionality or configuration may be affected. Have you contacted Dell Support
about the issue? Considering how many cleaning utilities may show those hidden and
unexplained items, it would behoove them to explain what they are and if they are
required for proper function, and if so, how to reinstall them without restoring the
whole system.

What model is the laptop, and how old? It may be that you can use the wireless
without those items. If they are needed, it may be that you can easily reinstall
them using the Application CD's that came with the system. Dell Support *should* be
able to tell you, though you may have to ask the first-tier support person to
escalate your call to a supervisor.

It would have been nice if they hadn't hidden the items in the first place, causing
this kind of confusion. I have an Acer laptop with integrated wireless. Since some
Acer's use the same wireless adapter as Dell, I am going to run CCleaner on the
laptop and see if it also shows such entries.

You can see in this copy of an Acer installation .ini file that the Intel Pro
wireless adapter installs the items you are seeing (just remove the "m" from the
beginning of the names and search the page for them):
http://72.14.209.104/search?q=cache...WlsSafe&hl=en&gl=us&ct=clnk&cd=1&client=opera

 

[Lew]

OK. Following your advice verbatim, I went to:
http://java.sun.com/javase/downloads/index.jsp

And then went to the section titled:
Java Runtime Environment (JRE) 5.0 Update 9
The J2SE Runtime Environment (JRE)
allows end-users to run Java applications

And then clicked on the "DOWNLOADS" button:
https://sdlc5d.sun.com/ECom/EComActionServlet;jsessionid=64947C105675BCF77D9C4911876D3839

WHich, after forcing me to accept some kind of license
http://192.18.108.138/ECom/EComTick..._09-oth-JPR:2/jre-1_5_0_09-windows-i586-p.exe
Gave me the latest Java thingey.

I installed it but I really don't know what or why I installed it.

WHy would I (a normal person) need this Java download.
What happens if I don't have it?
(BTW, I have Java and Javascript turned off in my browser as I hate
anything but a normal web page and have no patience for rotating
images and things of that ilk).

Do I really need this Java thing (especially since I have it turned
off in my browser)?

Lisa

Java is a programming language. Javascript is a different programming
language, despite the similarity of names.

There is a vulnerability in the interaction between Java and Javascript within
a browser that Sun patched in version 1.4.2_06 and later. It is not present in
version 1.5+. If you aren't even using Java there is no risk from it. If you
run Java but not Javascript there is no risk from it. The vulnerability only
occurs when running mini-programs in Java called "applets" in combination with
certain malicious Javascript scripts in the browser.

There are other Java exploits that require a Trojan (short for "Trojan
horse"), a program that has already loaded itself onto your computer, to have
replaced legitimate Java with a malicious version.

You do not need Java unless you want to run Java programs such as applets. If
you do not run these programs, Java is not an issue. If you run neither Java
nor Javascript the particular exploit won't bite you.

It is not a bad thing to replace Java 1.4 with Java 1.5 as the other poster
suggested. Meanwhile I doubt you have anything to fear. You should be much
more concerned with conventional viruses, Trojans and other malicious software
("malware") that does not use Java. Good antivirus, anti-spyware, firewall
and similar software is your protection.

Avoid panicking just because one person sounds a "sky is falling" alert.

I recommend that you confirm what I told you with your own research. ("Google
is your friend.") I am not a security expert and I only know what I've been
able to research so far.

- Lew

 

[David H. Lipman]

From: "Lew" <[email protected]>


|
| Java is a programming language. Javascript is a different programming
| language, despite the similarity of names.
|
| There is a vulnerability in the interaction between Java and Javascript within
| a browser that Sun patched in version 1.4.2_06 and later. It is not present in
| version 1.5+. If you aren't even using Java there is no risk from it. If you
| run Java but not Javascript there is no risk from it. The vulnerability only
| occurs when running mini-programs in Java called "applets" in combination with
| certain malicious Javascript scripts in the browser.
|
| There are other Java exploits that require a Trojan (short for "Trojan
| horse"), a program that has already loaded itself onto your computer, to have
| replaced legitimate Java with a malicious version.
|
| You do not need Java unless you want to run Java programs such as applets. If
| you do not run these programs, Java is not an issue. If you run neither Java
| nor Javascript the particular exploit won't bite you.
|
| It is not a bad thing to replace Java 1.4 with Java 1.5 as the other poster
| suggested. Meanwhile I doubt you have anything to fear. You should be much
| more concerned with conventional viruses, Trojans and other malicious software
| ("malware") that does not use Java. Good antivirus, anti-spyware, firewall
| and similar software is your protection.
|
| Avoid panicking just because one person sounds a "sky is falling" alert.
|
| I recommend that you confirm what I told you with your own research. ("Google
| is your friend.") I am not a security expert and I only know what I've been
| able to research so far.
|
| - Lew

Not totally accurate. You said "...It is not present in version 1.5+." V5 update 5 and
below have the vulnerability. The problem exists even if you have a vulnerable version and
a non-vulnerable version as the Exploit code will seek and find the vulnerable version of
Sun Java.

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1

and

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1

I'll repeat, the vulnerability is actively being exploited. Most well know is the Vundo
Trojan/Virtumonde Adware. Since the Vundo has recently morphed (again!) one can vsit a web
site, be infected and the anti virus software may not even catch the Exoploit nor the
subsequent infection. This certainly warrants more attention to the OPs other post about
"Webfldrs XP".

I also find it interesting that while the OP did NOT know anything about Java, she decided
to cross-post this to; comp.lang.java.programmer This is a vulnerability/security issue,
not a programming issue.

 

[lisa harkema]

| Do I really need this Java thing (especially since I have it turned
| off in my browser)?

What is MORE important was did you remove all the older versions ?
Is v5 update 9 the *ONLY* version now on your PC ?

Yes. Thank you for asking. I followed your instructions which said to
remove the old Java before installing the new Java.

Thank you for alerting me to the newer Java. I still don't know why I
need it in the first place but I'm glad to have the latest, I guess,
just in case the old one was compromised.

Of course, the new one will be compromised soon ... (and to think, I
remember something about someone saying Java was secure a decade ago).

Jeez. Whatever it is, it sure ain't secure!
Thanks for the advice,
Lisa

 

[lisa harkema]

Java is a programming language. Javascript is a different programming
language, despite the similarity of names.

There is a vulnerability in the interaction between Java and Javascript within
a browser that Sun patched in version 1.4.2_06 and later. It is not present in
version 1.5+. If you aren't even using Java there is no risk from it. If you
run Java but not Javascript there is no risk from it. The vulnerability only
occurs when running mini-programs in Java called "applets" in combination with
certain malicious Javascript scripts in the browser.

Oh my. Thank you Lew. I do very much appreciate the advice as to what
Java and Javascript are. I never knew. I just knew that I hate when my
web browser does funky things like spin the icons and other silly
browser tricks. I turn off all that flash, realmedia, java,
javascript, etc. stuff the moment I install a browser. So, I guess I
wasn't vulnerable in the first place.

Still, it's nice to know I have the latest Java installed now
(although that will have a vulnerability in a short while if history
is any judge). That's why I prefer to have as few items running on my
system as possible ... hence the desire to rid myself of these 'm'
progams that everyone seems to have running, by default (if they use
CCleaner to show the true list of running programs).

Thanks,
Lisa

 

[David H. Lipman]

From: "lisa harkema" <[email protected]>

| On Sun, 08 Oct 2006 16:59:55 GMT, "David H. Lipman"

|> Do I really need this Java thing (especially since I have it turned
|> off in my browser)? |

|
| Yes. Thank you for asking. I followed your instructions which said to
| remove the old Java before installing the new Java.
|
| Thank you for alerting me to the newer Java. I still don't know why I
| need it in the first place but I'm glad to have the latest, I guess,
| just in case the old one was compromised.
|
| Of course, the new one will be compromised soon ... (and to think, I
| remember something about someone saying Java was secure a decade ago).
|
| Jeez. Whatever it is, it sure ain't secure!
| Thanks for the advice,
| Lisa

It is NOT a case of the software being compromised. It is a case of a bug in older
versions. That bug is considered a vulnerability because one can exploit the vulnerability
to install software without your consent. There is NO evidence that the version 5 update 6
and above have this vulnerability.

 

[lisa harkema]

I also find it interesting that while the OP did NOT know anything about Java, she decided
to cross-post this to; comp.lang.java.programmer This is a vulnerability/security issue,
not a programming issue.

I removed the java programming group (it was a group I arbitrarily
found with the word "java" in it) and substituted a Microsoft security
group.

I did not know about this Java vulnerability. If I had, I would have
updated my java sooner even though I don't use it (on purpose,
anyway).

I do appreciate the warning as it seems I had the original Java
installed on my Dell so it was vulnerable (and likely exploited
already as I had to remove more than a few viruses and trojans
(whatever they are) when I installed spywareblaster and mcafee.

Lisa

 

[David H. Lipman]

From: "lisa harkema" <[email protected]>


|
| I removed the java programming group (it was a group I arbitrarily
| found with the word "java" in it) and substituted a Microsoft security
| group.
|
| I did not know about this Java vulnerability. If I had, I would have
| updated my java sooner even though I don't use it (on purpose,
| anyway).
|
| I do appreciate the warning as it seems I had the original Java
| installed on my Dell so it was vulnerable (and likely exploited
| already as I had to remove more than a few viruses and trojans
| (whatever they are) when I installed spywareblaster and mcafee.
|
| Lisa

What blows my mind is that this vulnerability has been known about for almost 2 years by Sun
and was first publicy noted by Sun on Feb 7, '06 but Dell still is shipping systems with
this vulnerable version installed.

 

[Brandon McCombs]

Oh my. Thank you Lew. I do very much appreciate the advice as to what
Java and Javascript are. I never knew. I just knew that I hate when my
web browser does funky things like spin the icons and other silly
browser tricks. I turn off all that flash, realmedia, java,
javascript, etc. stuff the moment I install a browser. So, I guess I
wasn't vulnerable in the first place.

Still, it's nice to know I have the latest Java installed now
(although that will have a vulnerability in a short while if history
is any judge). That's why I prefer to have as few items running on my
system as possible ... hence the desire to rid myself of these 'm'
progams that everyone seems to have running, by default (if they use
CCleaner to show the true list of running programs).

Thanks,
Lisa

If you knew what you were doing and were really concerned you wouldn't
keep anything on the laptop that came with it since companies like Dell
think people need a bunch of useless programs pre-installed in order to
take advantage of their computer. If you reinstalled and reformatted
the drive then you would know exactly what is on the computer and you
wouldn't have to worry about removing things but only adding them as you
see fit.

 

[Malke]

From: "lisa harkema" <[email protected]>


|
| I removed the java programming group (it was a group I arbitrarily
| found with the word "java" in it) and substituted a Microsoft
| security group.
|
| I did not know about this Java vulnerability. If I had, I would have
| updated my java sooner even though I don't use it (on purpose,
| anyway).
|
| I do appreciate the warning as it seems I had the original Java
| installed on my Dell so it was vulnerable (and likely exploited
| already as I had to remove more than a few viruses and trojans
| (whatever they are) when I installed spywareblaster and mcafee.
|
| Lisa

What blows my mind is that this vulnerability has been known about for
almost 2 years by Sun and was first publicy noted by Sun on Feb 7, '06
but Dell still is shipping systems with this vulnerable version
installed.

Not only that, David - I just ran into a client's box that is running an
ancient version of Java within an HP Toolbox. I had uninstalled Java
before cleaning it up so I was most surprised to see javaw.exe running.
When I tracked it down, it came from this HP printer Toolbox running
Java 1.3.something! No way to deal with that, so I left it. Sheesh.

Malke

 

[Kerry Brown]

Not only that, David - I just ran into a client's box that is running
an ancient version of Java within an HP Toolbox. I had uninstalled
Java before cleaning it up so I was most surprised to see javaw.exe
running. When I tracked it down, it came from this HP printer Toolbox
running Java 1.3.something! No way to deal with that, so I left it.
Sheesh.

Malke

I have tracked down more weird, intermittent problems to HP software than
any other manufacturer. It's gotten so bad that if a system is experiencing
weird problems one of my first troubleshooting steps is to uninstall all HP
devices and software.

 

[glee]

I have tracked down more weird, intermittent problems to HP software than any
other manufacturer. It's gotten so bad that if a system is experiencing weird
problems one of my first troubleshooting steps is to uninstall all HP devices and
software.

I have been running into the same thing, Kerry. I didn't see it so much with HP
software (for printers etc) in the late 1990's, but since about 2000 it has gotten
worse, IMHO.

 

[glee]

Unfortunately, my Acer notebook uses a different wireless adapter and does not have
any of the items you see, either in ARP or in CCleaner's list.

I still think asking Dell Support might eventually clear up the functions. It
appears they are utilities rather than actual drivers so there may be no harm in
deleting them......but with no personal contact with these apps, I can't say.

 

[David H. Lipman]

From: "Malke" <[email protected]>


| Not only that, David - I just ran into a client's box that is running an
| ancient version of Java within an HP Toolbox. I had uninstalled Java
| before cleaning it up so I was most surprised to see javaw.exe running.
| When I tracked it down, it came from this HP printer Toolbox running
| Java 1.3.something! No way to deal with that, so I left it. Sheesh.
|
| Malke

There is updated information on Sun Java vulnerabilities that could be the reason that JRE
v5 updates 7 and 8 were pulled so quickly...

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1