Jump to content
Sign in to follow this  
freedom01

Disable Java?

Recommended Posts

I read the following article from Reuters and was wondering how serious I should take this. I would hate to remove Java and find out it isn't a major problem. Would appreciate any help. See Link Below! Thank you!

http://in.reuters.com/article/2013/01/11/java-security-idINDEE90A02520130111?feedType=RSS&feedName=technologyNews&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+reuters%2FINtechnologyNews+%28News+%2F+IN+%2F+Technology+News%29

Share this post


Link to post
Share on other sites

I can add to this:

http://forums.whatthetech.com/index.php?showtopic=125258&pid=809366&st=0entry809366

 

I use Firefox with NoScript addon.

https://addons.mozilla.org/en-us/firefox/addon/noscript/

It's not bad but you will have to learn how to use the addon and get used to it.

Do take note that this is not a cure but an extra step of security.

Share this post


Link to post
Share on other sites

I reset mine (not the uninstall) according to the following article from Kim Komando:. Is this bad?

 

 

You can find the most recent version of Java on Oracle's site. Or click the Java Update icon in the Windows notification area, if it appears. Make sure the download says that it's Version 7 Update 10.

 

If you have older versions of Java installed, be sure to uninstall them. You can check in Start>>Control Panel>>Programs list.

 

Mac users should go to Finder>>Applications and then type "JavaAppletPlugin.plugin." Right click the file that appears and select "Move to Trash."

 

To bring up Java's new security settings, go to Start>>Computer and type "Javacpl.exe" in the search bar. Mac users can find the same file by going to System Preferences and clicking on the Java icon - it looks like a steaming cup of coffee.

 

Before you launch the file, it might be helpful to right-click it and create a shortcut on the Desktop. That way you can find Java's settings later and easily update it in the future.

 

Run javacpl.exe to load Java's control panel and select the Security tab. Uncheck the box that says "Enable Java content in the browser."

 

This allows you to use Java-based programs without Java being active in your browser. Since most of Java's security issues come from online threats, this makes Java much safer.

 

When this option is set, some websites might not work properly. If you find a site isn't working properly, go back to the Security menu and move the security level slider to "Custom level."

 

In the menu that pops up, you'll see three different settings to customize. Set the options to "Prompt User," "Single-click confirmation prompt" and "Prompt user," respectively.

 

Now, when you use a site that requires Java, it will ask for your permission before loading. Make sure you grant that permission only to sites you trust!

 

Keeping your programs up to date isn't the only good security behavior to start. Here are three more habits that will keep your computer safe

Share this post


Link to post
Share on other sites

Hi ya'll, anything you do to your java security remember.......if it needs to be reversed keep notes.

Generally, Java is on top of security breaches. They have to research and then develop a fix for all versions of windows without bugs before they can release an update.

 

Get's scary eh?

Share this post


Link to post
Share on other sites

' "We are currently unaware of a practical solution to this problem," the Department of Homeland Security's Computer Emergency Readiness Team said in a posting on its website late on Thursday'. Sounds like just updating might not be enough. I disabled my Java (Firefox and IE flavors) several days ago. So far, the missing Java has caused me no problems.

 

After disabling my Firefox Jave plug-in I got a note on their "plug-in Update" page saying that my 'out of date' Java had been blocked for security reasons. Not quite the case. but it is nice to know that FF is watch-dogging me.

Edited by poru

Share this post


Link to post
Share on other sites

Will it be necessary to re-activate Java in order to apply the patch? My control program window shows that I still have Java on hand, simply disabled in my browsers.

Share this post


Link to post
Share on other sites

Good question.

On but disabled, I think for when the patch comes simply turn it on long enough to ensure the update takes.

Share this post


Link to post
Share on other sites

Makes sense. Thanks!

Share this post


Link to post
Share on other sites

Here we go.

 

http://forums.whatthetech.com/index.php?showtopic=125258&st=0&&do=findComment&comment=809618

 

FYI...

 

Java v7u11 released - Download

- http://www.oracle.com/technetwork/java/jav...ds-1880260.html

Jan 13, 2013

 

Release Notes

- http://www.oracle.com/technetwork/java/jav...es-1896856.html

"... This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2013-0422*..."

* http://www.oracle.com/technetwork/topics/s...22-1896849.html

 

> http://www.oracle.com/technetwork/topics/s...ml#AppendixJAVA

2013-January 13

Share this post


Link to post
Share on other sites

oddly enough ...I think that last java update last night removed all my old versions

Share this post


Link to post
Share on other sites

oddly enough ...I think that last java update last night removed all my old versions

 

Yes you want that. Older versions are targeted.

 

http://forums.whatthetech.com/index.php?showtopic=125258&st=0&&do=findComment&comment=809773

 

FYI...

 

New Java 0-day exploit - $5,000 per Buyer

- https://krebsonsecurity.com/2013/01/new-jav...5000-per-buyer/

Jan 16, 2013 - "Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java... The hacker forum admin’s message... promised weaponized and source code versions of the exploit. This seller also said his Java 0day — in the latest version of Java (Java 7 Update 11) — was not yet part of any exploit kits, including the Cool Exploit Kit... this same thing happened not long after Oracle released a Java update in October; a few weeks later, a Java 0day was being sold to a few private users on this same Underweb forum..."

- http://www.nbcnews.com/technology/technolo...emain-1B7956548

"... Some security consultants are advising businesses to remove Java from the browsers of all employees except for those who absolutely need to use the technology for critical business purposes. HD Moore... said it could take two years for Oracle to fix all the security bugs that have currently been identified in the version of Java that is used for surfing the Web..."

Share this post


Link to post
Share on other sites

Firefox considers even the update 11 too vulnerable, and is blocking it. I think that Java is rapidly becoming a thing of the past.

Share this post


Link to post
Share on other sites

Yep...

 

I don't have Java installed... but if you do... obviously update 11 didn't fix the problem which is why the current version is update 13.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...