Posted on 01/12/2013 4:23:31 AM PST by SoFloFreeper
Numerous security experts are warning that all computer users should disable Java on their systems immediately. Earlier this week, researchers discovered a vulnerability in Java that was being actively exploited.
InformationWeek's Matthew J. Schwartz reported, "Security experts have a message for all businesses: Disable Java now, and keep it disabled. That's their advice message after the discovery Thursday of yet another zero-day Java vulnerability, as well as a number of attacks that are already exploiting the flaw to run arbitrary code on PCs."
(Excerpt) Read more at datamation.com ...
Now if you work for a private company and use your browser thru a VPN and that company has spent millions on java apps to do real work (which is my case) then don't disable.
I use NoScript on Firefox so I have everything off from the get go and can selectively enable. What’s interesting is you then see the multitude of stuff running on some sites. One of the worst offenders of places I go to read stuff? The Blaze.
Look at this way, security experts would tell you that a house would be safer from POSSIBLE forced entry if it had no windows at all. It would be safer yet unlivable.....
I can’t play POGO Scrabble anymore. It needs JAVA. I was probably spending way too much time beating their robots anyway. . .
Link at post 1 on this thread.
Thank you. What if I just remove it completely from my control panel? It looks like I have two versions totally about 98 mb each.
I have no idea, I am not that computer literate. I did uninstall it from my computer and its speed seemed to increase, but I don’t know for sure if it did. Maybe it just seems that way.
Click on the following link to see if you have java installed. If you do and you want to disable it, click the ‘Disable Java’ option on that web page and follow the instructions.
http://www.java.com/en/download/testjava.jsp
Java is client code, a program on your PC that allows some features of Web pages to work. Oracle uses it for their business application delivery.
The average PC user may not notice it missing.
In fact I’m prsenting a CRP Monday for Oracle applications. Disabling Java is not an option, but will be a discussion point no doubt.
This is a little confusing. It isn’t Java that needs to be disabled; it’s support for running Java applets in the browser that needs to be disabled. Or, as one of the linked articles explains, you can raise the applet security level to “high,” which will warn you before running an unsigned applet.
The important thing to remember is that surfing to malicious sites is risky with or without Java enabled. Currently it is more risky with Java disabled, but that will change as it has before. The actual problem is VM's that download and run code. Flash does that and programs like Adobe reader (downloads and runs postscript). Certainly true with Javascript (no relation to Java). Running code in a flawed interpreter can lead to memory corruption and an exploit. Does anyone believe Java is the only VM/interpreter with flaws?
should say “currently it is more risky with Java enabled, but...”
I’m not going to disable anything based up U.S. Department of Homeland Security. They are the enemy folks. Do what you want, but trusting HS is about as stupid as sleeping with a cobra in your bed.
Java is a virtual machine to run programs inside your computer. That can be inside the browser or on top of the OS. If inside the browser the browser can download some malicious code and exploit your box. But to do that you have to surf to a malicious website that hosts that code. If Java is not in your browser but only on your OS, then it means you have to download the code and run just like downloading and running any other application.
Keep in mind there are other VM's and interpreters with vulnerabilities (past and future). Java is not the problem here, it is people surfing to malicious websites and downloading and running malicious code.
Point out exactly where I said I was doing anything stupid or other wise
The security tab in my Java control panel looks nothing like what is shown in the link. When I select the security tab I only have information on certificates.
Any suggestions?
As full disclosure for the thread, I worked with Java extensively up until about 10 years ago. Since then, not much and don't have any interest in whether Java stays viable or not.
I went in to Firefox and disabled javascript. Now I can't use my homepage in Excite.
What's the difference between java and javascript?
Can I use the ..script and not java?
running Macs if that makes a difference.
My neighbor had ransomware last week and neither malware bytes trend etc scans removed it all. I found it using process explorer and winpatrol (and prayer). Both should come with windows.
We noted yesterday that the two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK), already included the latest Java exploit. Before we dive in to how CEK is already being used to push ransomware, heres a bit of background information.
Created by the same guy, CEK is the high-end version of BHEK ($10,000 per month versus $1,500 per year). 0-day exploits are first incorporated into the former and only added into the latter once they have been disclosed.
For those who dont know, ransomware is a very profitable type of threat which restricts access to the computer it infects, spamming the user with prompts that demand a ransom paid for functionality to be reinstated. Access is limited either by encryption or locking the system.
CEK has been used to distribute ransomware before, but now its also using this latest Java vulnerability to do so. Trend Micro has detected the exploits in question as JAVA_EXPLOIT.RG and HTML_EXPLOIT.RG, as well as the ransomware payloads as Reveton (TROJ_REVETON.RG and TROJ_REVETON.RJ).
Reveton is one of the most common ransomware threats in existence today; these lock user systems and show spoofed notifications from local police agencies, Trend Micro says. These inform users that to unlock their system, they must pay a fine ranging from $200 to $300. -http://thenextweb.com/insider/2013/01/11/latest-java-vulnerability-possible-since-oracle-didnt-properly-fix-old-one-now-pushing-ransomware/
The second setting is to increase the security level of the Java runtime, which can also be done in the same Security section of the Java Control Panel. The default security level is Medium, but you can increase this to High or Very High. At the High level, Java will prompt you for approval before running any unsigned Java code, and at the Very High level all Java code will require such approval, regardless of whether or not it is signed.- http://reviews.cnet.com/8301-13727_7-57563567-263/new-malware-exploiting-java-7-in-windows-and-unix-systems/
so....an applet...what is that? A bite sized apple?
I like apples
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.