Tech Update - Homeland Security Advises Users Disable Java

1/12/2013
no comments

On Thursday, January 10, 2012 the United States Computer Emergency Readiness Team, a part of the U.S. Department of Homeland Security, cautioned computer users to disable Oracle’s Java 7 software on their machines.  They believe that hackers have found a flaw in the software’s coding of Java’s Security Manager that can be exploited by malicious users.  One common and tell-tale sign of trouble is a when a user’s computer just shuts down or locks up and the user is prompted to pay in order to “unlock” the machine. An attacker could also compromise a legitimate website by uploading a malicious Java applet, which would infect a visiting computer. Homeland Security stated that “This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered.”

Java is a technical language that programmers use to write internet applications/software that can run on any operating system.  It is very widely used and unless you made the conscious decision not to use it or have already disabled/uninstalled it, you are probably running Java.

Oracle has stated that it will issue a patch on Tuesday that contains “86 new security vulnerability fixes.”  Because of the seriousness of the threat, the company advises that users update Java with the patch as soon as it becomes available.  Some companies, however, are not content to standby and wait for the patch to come out on Tuesday.  Apple has added Java to its blacklist for OS X users and Mozilla (my browser of choice) has added Java to its add-on block list.  Older Java versions were already blacklisted by Mozilla.  Mozilla also offers Click to Play defenses which ensure that the Java plug-in will not load unless specifically enabled by the user.  Instead the user will be given a prompt stating that the plug-in is vulnerable and that Firefox has stopped it from loading automatically.

 Luckily, disabling or uninstalling the plug in is not terribly difficult.  However, it does have to be done on each of your browsers. If you seldom use Java, it may be best for you to uninstall it all together.  However, if you hope to use the tool again (once a fix is developed) you may prefer to simply disable.

How to Uninstall Java from your PC

Windows 7

1) Click Start

2) Click Control Panel

3) Click Programs

4) Click Programs and Features

5) Select the program you want to uninstall by clicking on it, and then click the Uninstall button

Windows XP

1)  Click Start

2)  Click Control Panel

3)  Click the Add/Remove Programs control panel icon

4)  Find the program you want to uninstall and then click the Remove button

How to Disable Java

Mozilla Firefox

1)  Open the browser

2)  Click the orange Firebox button at the top left of the screen

3)  Click Add-ons

4) Click Plug-ins

5)  Find Java and select Disable

Chrome

1) Open the browser

2)  Type  chrome://plugins/ into your address bar to see if Java is installed

4)  Find Java and click disable underneath it

Safari
1) Open the browser

2)  Click preferences

3)  Click security

4)  Uncheck the box that says enable Java

Internet Explorer

1)  Open the browser

2)  Click tools

3)  Click manage add-ons

4)  Find Java

5)  Right click on enable and switch it to disable

We’ll see if Oracle’s Tuesday fix makes a difference, but until that time, I suggest disabling the plug-in.  It can be incredibly difficult to keep on top of the many malicious internet activities out there.  Between spam, phishing scams, and countless malevolent websites, it can feel like you are fighting a losing war.  But this battle should be pretty easy.  Just disable the plug in and watch for updates from Oracle.

Nicole

Get Notified Of New Posts

Email:
View All Conference, Retreats and Meetings Posts

Comments

Be the first to comment on this item.

Leave Comments

Subject:
Name:
Url: (Optional)
Reply: