Jump to content
Guest BudFoxx

Why You Need to Disable Java NOW (not Javascript)

Recommended Posts

Guest BudFoxx
Posted

If you have a web browser with a Java add-on (not javascript) and there are few who don't - You really need to consider taking this action. If you use a Mac, Apple has you covered. However if you have a jailbroken iphone, then you too, are at risk. Don't ignore this simple fix. The latest Oracle Java patch released today, still has serious security risks and vulnerabilities.

For some reason the embed informal links with the article did not carryover, so it might be more helpful to read the article via the accredited link at the end of this post.

By Will Oremus

Posted Monday, Jan. 14, 2013, at 11:49 AM ET

The last time hackers found a hole in Java’s browser plugin so bad that it sparked a warning from Homeland Security—which was less than five months ago, mind you—I wrote that you should “probably disable Java on your browser right now.” If you read that post and took action, then you were free to breathe easy this past weekend, when yet another critical Java zero-day vulnerability left hundreds of millions of Internet users potentially vulnerable to malware attacks. If you didn’t, well, now’s your chance.

The latest security flaws, which were widely publicized last week, once again gave cyber-crooks the ability to use Java applications to take control of your computer if you visited a hacked website. Oracle—which inherited Java when it bought Sun Microsystems in 2010—issued an emergency update on Sunday that attempts to patch the holes.

That might sound like a prompt response, until you consider that security researchers allegedly notified the company about the bug months ago. Or that the patch apparently leaves in place weaknesses that criminals could still exploit. Or that this is just the latest in a long string of Java problems that have made the language the overwhelming top choice for software-based computer hacks. According to Reuters, the security firm Kaspersky Lab estimates that Java was used in 50 percent of all attacks in which hackers broke into computers by exploiting software bugs.

So while many media reports will direct you to the Oracle website to promptly install Java 7 update 11, there remains a far better option. Unless you’re one of the few Web users who regularly uses an important site that requires Java, take the advice of security experts like Adam Gowdiak of Security Explorations and H.D. Moore of Rapid7 and just disable it in your browser already.

As noted before, disabling the Java plug-in on your Web browser doesn’t require uninstalling it from your machine entirely, and it won’t prevent you from Java-based software outside of your Web browser. It just means that you’ll see an image like the screenshot above when you happen to visit one of the relatively few remaining websites that use Java applets. If you find you really need it for some sites, you can always disable it in your main browser but keep it enabled in a secondary browser that you use just for those sites.

Basic instructions for unplugging Java from your browser are below, and more comprehensive how-tos are available here and here. Note: Do not confuse Java with Javascript, which is unrelated and is essential to the proper functioning of far more websites. Disable Java, but leave Javascript enabled. If you have more questions, the blog Krebs on Security has an excellent FAQ here. (No, you aren’t necessarily safe just because you don’t visit sketchy websites, or because you’re using Linux or a Mac.)

Lest you think disabling Java in your browser is too extreme a step, consider that both Apple and Mozilla responded to the latest vulnerability by essentially doing just that. You can do the same. It's easy. And next time everyone is freaking out about a new Java hack, the only decision you'll face is whether to nod sympathetically or smugly.

To unplug Java:

In Firefox, select "Tools" from the main menu, then "Add-ons," then click the "Disable" button next to any Java plug-ins.

In Safari, click "Safari" in the main menu bar, then "Preferences," then select the "Security" tab and uncheck the button next to "Enable Java."

In Chrome, type or copy "Chrome://Plugins" into your browser's address bar, then click the "Disable" button below any Java plug-ins.

In Internet Explorer, follow these instructions for disabling Java in all browsers via the Java Control Panel. There is no way to completely disable Java specifically in IE.

Java Zero-day Exploit

  • Members
Posted

In Safari, click "Safari" in the main menu bar, then "Preferences," then select the "Security" tab and uncheck the button next to "Enable Java."

Thanks! :thumbsup: I just did it.

  • Members
Posted

So I did disable the plug-in on Firefox. I don't use the other browsers,but they are on my computer. Do I need to disable on all of them?

Posted

But if you do and you haven't disabled then you may be in trouble. It's best to disable in all browsers.

Guest BudFoxx
Posted

So I did disable the plug-in on Firefox. I don't use the other browsers,but they are on my computer. Do I need to disable on all of them?

No. Only if you launch them to browse the web.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...