Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Experts Say All Computer Users Should Disable Java ASAP
Datamation ^ | 1/11/13 | Cynthia Harvey

Posted on 01/12/2013 4:23:31 AM PST by SoFloFreeper

Numerous security experts are warning that all computer users should disable Java on their systems immediately. Earlier this week, researchers discovered a vulnerability in Java that was being actively exploited.

InformationWeek's Matthew J. Schwartz reported, "Security experts have a message for all businesses: Disable Java now, and keep it disabled. That's their advice message after the discovery Thursday of yet another zero-day Java vulnerability, as well as a number of attacks that are already exploiting the flaw to run arbitrary code on PCs."

(Excerpt) Read more at datamation.com ...


TOPICS: Business/Economy; Crime/Corruption; Culture/Society; News/Current Events
KEYWORDS: internet
Navigation: use the links below to view more comments.
first 1-5051-63 next last
How to disable:

http://www.pcmag.com/article2/0,2817,2414191,00.asp

1 posted on 01/12/2013 4:23:48 AM PST by SoFloFreeper
[ Post Reply | Private Reply | View Replies]

To: SoFloFreeper

I wish instead of just discovering these flaws they would discover who is using these flaws and punish them severely.


2 posted on 01/12/2013 4:28:16 AM PST by Venturer
[ Post Reply | Private Reply | To 1 | View Replies]

To: Venturer

What is lost, or unworkable, if I disable Java ?


3 posted on 01/12/2013 4:36:13 AM PST by knarf (I say things that are true ... I have no proof ... but they're true)
[ Post Reply | Private Reply | To 2 | View Replies]

To: SoFloFreeper

What does the developer of Java have to say about this?


4 posted on 01/12/2013 4:37:24 AM PST by TheLawyerFormerlyKnownAsAl
[ Post Reply | Private Reply | To 1 | View Replies]

To: Venturer

Some men just want to watch the world burn.


5 posted on 01/12/2013 4:41:12 AM PST by SoFloFreeper
[ Post Reply | Private Reply | To 2 | View Replies]

To: TheLawyerFormerlyKnownAsAl

I think they are working on a fix....


6 posted on 01/12/2013 4:46:02 AM PST by SoFloFreeper
[ Post Reply | Private Reply | To 4 | View Replies]

To: knarf

I checked and Java is already disabled on my computer..I have read several articles about this and am considering uninstalling Java completely.
I put Java in search and clicked on news for more information.


7 posted on 01/12/2013 4:48:35 AM PST by MEG33
[ Post Reply | Private Reply | To 3 | View Replies]

To: TheLawyerFormerlyKnownAsAl

Oracle is keeping silent so far, though the problem is very serious.

http://www.oracle.com/index.html

http://www.oracle.com/us/technologies/java/overview/index.html


8 posted on 01/12/2013 4:52:28 AM PST by jjotto ("Ya could look it up!")
[ Post Reply | Private Reply | To 4 | View Replies]

To: SoFloFreeper

Much more informative article.

http://reviews.cnet.com/8301-13727_7-57563567-263/new-malware-exploiting-java-7-in-windows-and-unix-systems/


9 posted on 01/12/2013 4:54:18 AM PST by VeniVidiVici (Bathhouse Barry wants YOU to bend over for another four years)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SoFloFreeper; Lazamataz

Over here


10 posted on 01/12/2013 4:54:59 AM PST by knarf (I say things that are true ... I have no proof ... but they're true)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MEG33

I went into Plugins for Firefox and it was already disabled with a message that it has a known vulnerability. Not sure if it did it on it’s own when I upgraded to v18.0.


11 posted on 01/12/2013 4:58:18 AM PST by paul544
[ Post Reply | Private Reply | To 7 | View Replies]

To: paul544

OOPS I had checked IE but not Firefox..I had the same message..I use both.


12 posted on 01/12/2013 5:08:19 AM PST by MEG33
[ Post Reply | Private Reply | To 11 | View Replies]

To: paul544

Mine too, thats what I love about Firefox, it stays ahead of the curve.


13 posted on 01/12/2013 5:11:08 AM PST by PoloSec ( Believe the Gospel: how that Christ died for our sins, was buried and rose again)
[ Post Reply | Private Reply | To 11 | View Replies]

To: SoFloFreeper

http://support.mozilla.org/en-US/kb/how-to-use-java-if-its-been-blocked

In order to protect you, Firefox has stopped the Java plugin from running automatically because it has a security issue. However, you can still use Java on trusted sites if necessary. We’ll show you how.

U.S. Department of Homeland Security warning
Mozilla Security blog post on this issue

Table of Contents

Activate Java once
Always activate Java for a site

Warning: You should only attempt this on sites you trust.
Activate Java once

When you see the “Click here to activate” message, simply click it to load the Java content normally.

Activate Java

Note: The next time you visit the site or any other that uses Java you will see this message again.


14 posted on 01/12/2013 5:13:09 AM PST by WKB ( Remember "Bush Lied and People Died" Now it's "People died and Obama Lied")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Venturer

Now we get to standby and watch the Government demonize Oracle into submission, until they give up whatever it is the Government wants from them... control of all computers?


15 posted on 01/12/2013 5:16:16 AM PST by Dixie Yooper (Ephesians 6:11)
[ Post Reply | Private Reply | To 2 | View Replies]

To: knarf

I have the same question. What is Java for and what wont work when it is disabled?


16 posted on 01/12/2013 5:17:26 AM PST by Red_Devil 232 (VietVet - USMC All Ready On The Right? All Ready On The Left? All Ready On The Firing Line!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: paul544

How do you disaable it?


17 posted on 01/12/2013 5:20:22 AM PST by nikos1121
[ Post Reply | Private Reply | To 11 | View Replies]

To: knarf

I have programs and web sites that are dependent on Java (as opposed to Javascript).

My ISP email in html-mode, for example, requires Java (as opposed to Javascript).

The installation of one version of Firefox (I forget which, with their rapid-release insanity, but that is a different rant) popped up a message that I needed to install/update Java (as opposed to Javascript). It may have been one of the add-ons that needed it, but the message was via the Firefox browser.


18 posted on 01/12/2013 5:22:57 AM PST by TomGuy
[ Post Reply | Private Reply | To 3 | View Replies]

To: SoFloFreeper

OK. I’ve unplugged the coffee maker. Now what?


19 posted on 01/12/2013 5:24:20 AM PST by Flick Lives (We're going to be just like the old Soviet Union, but with free cell phones!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Flick Lives
What/

No Coffee ?

Do you have your personal affairs in order ?

Insurance policies paid up, review will, visited grandkids .. even the little snots you hate, ???

20 posted on 01/12/2013 5:26:28 AM PST by knarf (I say things that are true ... I have no proof ... but they're true)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Red_Devil 232
Client side java apps are imbedded into web sites, for advertizements etc. If you disable java on your browser you may not see some applet that is trying to run. I would not think that you would be missing much if you disabled it.

Now if you work for a private company and use your browser thru a VPN and that company has spent millions on java apps to do real work (which is my case) then don't disable.

21 posted on 01/12/2013 5:26:38 AM PST by central_va ( I won't be reconstructed and I do not give a damn.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: SoFloFreeper

I use NoScript on Firefox so I have everything off from the get go and can selectively enable. What’s interesting is you then see the multitude of stuff running on some sites. One of the worst offenders of places I go to read stuff? The Blaze.


22 posted on 01/12/2013 5:33:24 AM PST by visualops (artlife.us)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TheLawyerFormerlyKnownAsAl
I am a java developer and I am not going to disable java.

Look at this way, security experts would tell you that a house would be safer from POSSIBLE forced entry if it had no windows at all. It would be safer yet unlivable.....

23 posted on 01/12/2013 5:33:40 AM PST by central_va ( I won't be reconstructed and I do not give a damn.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: knarf; Red_Devil 232

I can’t play POGO Scrabble anymore. It needs JAVA. I was probably spending way too much time beating their robots anyway. . .


24 posted on 01/12/2013 5:34:34 AM PST by MSSC6644 (Defeat Satan: pray the Rosary.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: nikos1121

Link at post 1 on this thread.


25 posted on 01/12/2013 5:34:34 AM PST by SoFloFreeper
[ Post Reply | Private Reply | To 17 | View Replies]

To: SoFloFreeper

Thank you. What if I just remove it completely from my control panel? It looks like I have two versions totally about 98 mb each.


26 posted on 01/12/2013 5:44:38 AM PST by nikos1121
[ Post Reply | Private Reply | To 25 | View Replies]

To: knarf

I have no idea, I am not that computer literate. I did uninstall it from my computer and its speed seemed to increase, but I don’t know for sure if it did. Maybe it just seems that way.


27 posted on 01/12/2013 5:55:50 AM PST by Venturer
[ Post Reply | Private Reply | To 3 | View Replies]

To: SoFloFreeper

Click on the following link to see if you have java installed. If you do and you want to disable it, click the ‘Disable Java’ option on that web page and follow the instructions.

http://www.java.com/en/download/testjava.jsp


28 posted on 01/12/2013 6:04:13 AM PST by VeniVidiVici (Bathhouse Barry wants YOU to bend over for another four years)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red_Devil 232

Java is client code, a program on your PC that allows some features of Web pages to work. Oracle uses it for their business application delivery.

The average PC user may not notice it missing.

In fact I’m prsenting a CRP Monday for Oracle applications. Disabling Java is not an option, but will be a discussion point no doubt.


29 posted on 01/12/2013 6:10:51 AM PST by cicero2k
[ Post Reply | Private Reply | To 16 | View Replies]

To: SoFloFreeper

This is a little confusing. It isn’t Java that needs to be disabled; it’s support for running Java applets in the browser that needs to be disabled. Or, as one of the linked articles explains, you can raise the applet security level to “high,” which will warn you before running an unsigned applet.


30 posted on 01/12/2013 6:13:23 AM PST by Campion ("Social justice" begins in the womb)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SoFloFreeper
Disabling Java is a waste of time unless people disable flash, deinstall other Adobe products and most other browser plug-ins. Yes, there is a problem in the Java virtual machine, but the VM doesn't run itself. It requires malicious java code. To get that malicious code a person must surf to a malicious website or be redirected to one by someone trying to get click revenue for porn or something along those lines.

The important thing to remember is that surfing to malicious sites is risky with or without Java enabled. Currently it is more risky with Java disabled, but that will change as it has before. The actual problem is VM's that download and run code. Flash does that and programs like Adobe reader (downloads and runs postscript). Certainly true with Javascript (no relation to Java). Running code in a flawed interpreter can lead to memory corruption and an exploit. Does anyone believe Java is the only VM/interpreter with flaws?

31 posted on 01/12/2013 6:24:54 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 1 | View Replies]

To: palmer

should say “currently it is more risky with Java enabled, but...”


32 posted on 01/12/2013 6:25:40 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 31 | View Replies]

To: WKB

I’m not going to disable anything based up U.S. Department of Homeland Security. They are the enemy folks. Do what you want, but trusting HS is about as stupid as sleeping with a cobra in your bed.


33 posted on 01/12/2013 6:27:14 AM PST by Matthew10 (You can't use what you don't know)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Red_Devil 232
What is Java for and what wont work when it is disabled?

Java is a virtual machine to run programs inside your computer. That can be inside the browser or on top of the OS. If inside the browser the browser can download some malicious code and exploit your box. But to do that you have to surf to a malicious website that hosts that code. If Java is not in your browser but only on your OS, then it means you have to download the code and run just like downloading and running any other application.

Keep in mind there are other VM's and interpreters with vulnerabilities (past and future). Java is not the problem here, it is people surfing to malicious websites and downloading and running malicious code.

34 posted on 01/12/2013 6:30:20 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Matthew10

Point out exactly where I said I was doing anything stupid or other wise


35 posted on 01/12/2013 6:35:56 AM PST by WKB ( Remember "Bush Lied and People Died" Now it's "People died and Obama Lied")
[ Post Reply | Private Reply | To 33 | View Replies]

To: VeniVidiVici

The security tab in my Java control panel looks nothing like what is shown in the link. When I select the security tab I only have information on certificates.
Any suggestions?


36 posted on 01/12/2013 6:39:28 AM PST by ops33 (Senior Master Sergeant, USAF (Retired))
[ Post Reply | Private Reply | To 28 | View Replies]

To: ops33
My suggestion is don't worry about it. Don't go to malicious websites and you won't get into trouble with Java or any other plug-in. If you go to legitimate news sites that happen to use Java, you will not have any problems.

As full disclosure for the thread, I worked with Java extensively up until about 10 years ago. Since then, not much and don't have any interest in whether Java stays viable or not.

37 posted on 01/12/2013 6:50:12 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 36 | View Replies]

To: TomGuy
I have programs and web sites that are dependent on Java (as opposed to Javascript).

I went in to Firefox and disabled javascript. Now I can't use my homepage in Excite.

What's the difference between java and javascript?
Can I use the ..script and not java?
running Macs if that makes a difference.

38 posted on 01/12/2013 7:02:38 AM PST by Vinnie (A)
[ Post Reply | Private Reply | To 18 | View Replies]

To: SoFloFreeper

My neighbor had ransomware last week and neither malware bytes trend etc scans removed it all. I found it using process explorer and winpatrol (and prayer). Both should come with windows.


After news broke on Thursday that a new Java 0-day vulnerability had been discovered, and was already being included in multiple popular exploit kits, two new important tidbits have come in on Friday. Firstly, this whole fiasco could have been avoided if Oracle had properly patched a previous vulnerability. Furthermore, not only is the vulnerability being exploited in the wild, but it is being used to push ransomware...

We noted yesterday that the two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK), already included the latest Java exploit. Before we dive in to how CEK is already being used to push ransomware, here’s a bit of background information.

Created by the same guy, CEK is the high-end version of BHEK ($10,000 per month versus $1,500 per year). 0-day exploits are first incorporated into the former and only added into the latter once they have been disclosed.

For those who don’t know, ransomware is a very profitable type of threat which restricts access to the computer it infects, spamming the user with prompts that demand a ransom paid for functionality to be reinstated. Access is limited either by encryption or locking the system.

CEK has been used to distribute ransomware before, but now it’s also using this latest Java vulnerability to do so. Trend Micro has detected the exploits in question as JAVA_EXPLOIT.RG and HTML_EXPLOIT.RG, as well as the ransomware payloads as Reveton (TROJ_REVETON.RG and TROJ_REVETON.RJ).

“Reveton is one of the most common ransomware threats in existence today; these lock user systems and show spoofed notifications from local police agencies,” Trend Micro says. “These inform users that to unlock their system, they must pay a fine ranging from $200 to $300.” -http://thenextweb.com/insider/2013/01/11/latest-java-vulnerability-possible-since-oracle-didnt-properly-fix-old-one-now-pushing-ransomware/


Luckily with the latest versions of Java, users who need to keep it active can change a couple of settings to help secure their systems. Go to the Java Control Panel that is installed along with the runtime, and in the Security section uncheck the option to “Enable Java content in the browser,” which will disable the browser plug-in. This will prevent the inadvertent execution of exploits that may be stumbled upon when browsing the Web, and is a recommended setting for most people to do. If you need to see a Java applet on the Web, then you can always temporarily re-enable the plug-in.

The second setting is to increase the security level of the Java runtime, which can also be done in the same Security section of the Java Control Panel. The default security level is Medium, but you can increase this to High or Very High. At the High level, Java will prompt you for approval before running any unsigned Java code, and at the Very High level all Java code will require such approval, regardless of whether or not it is signed.- http://reviews.cnet.com/8301-13727_7-57563567-263/new-malware-exploiting-java-7-in-windows-and-unix-systems/


39 posted on 01/12/2013 7:14:28 AM PST by daniel1212 (Come to the Lord Jesus as a contrite damned+destitute sinner, trust Him to save you, then live 4 Him)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Campion

so....an applet...what is that? A bite sized apple?
I like apples


40 posted on 01/12/2013 7:19:03 AM PST by Scotswife
[ Post Reply | Private Reply | To 30 | View Replies]

To: SoFloFreeper

I run both Firefox and Chrome. I went to the pcmag link and did as instructed but Java didn’t show up as an option on either my Firefox addons or my Chrome plugins.

Is there another name I should be looking for?


41 posted on 01/12/2013 7:21:47 AM PST by Colonel_Flagg ("Don't be afraid to see what you see." -- Ronald Reagan)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ops33

Follow this link to find instructions to uninstall your current version.
http://www.java.com/en/download/uninstall.jsp

You can either leave it like that or go back to my first link and choose to install the latest version of Java (it should prompt you). You will then get the Java Security Panel that will allow you to tailor your security level.


42 posted on 01/12/2013 7:25:26 AM PST by VeniVidiVici (Bathhouse Barry wants YOU to bend over for another four years)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Colonel_Flagg

Try this link to tell you if you have java installed. Once for each browser.

http://www.java.com/en/download/testjava.jsp

There also should be a Java Control Panel in your Windows Control Panel if Java is installed.


43 posted on 01/12/2013 7:27:48 AM PST by VeniVidiVici (Bathhouse Barry wants YOU to bend over for another four years)
[ Post Reply | Private Reply | To 41 | View Replies]

To: daniel1212; All
I disabled .. then removed Java about 0900 Eastern and played around with what I usually do.

I found no effect except ...

I don't go to FR as my homepage without logging in and password

I've been in "convenient" setting for FreeRepublic for 14 years and I have never had to re-enter my screen nasme nor password.

I can boot up in the morning, click "Internet" in my start-up, and go immediately to FR, which is my home page .. no log-in etc.

So, being lazy, I re-installed Java, checked up that I have the latest version and shut down, re-booted and I STILL have to log into FR.

I changed my setting to "more convenient" andf it didn't make a difference. NOW, I can't get into FR without logging in and password.

I don't like that.

Can anyone help me on this ?

44 posted on 01/12/2013 7:30:53 AM PST by knarf (I say things that are true ... I have no proof ... but they're true)
[ Post Reply | Private Reply | To 39 | View Replies]

To: VeniVidiVici

Looks like I never had it installed. I run the Noscript add-on through Firefox in any event, and Chrome says Java isn’t present.

My search bar finds “Java Jive” by Manhattan Transfer in my iTunes but that’s about it.

Many thanks!


45 posted on 01/12/2013 7:33:02 AM PST by Colonel_Flagg ("Don't be afraid to see what you see." -- Ronald Reagan)
[ Post Reply | Private Reply | To 43 | View Replies]

To: Swordmaker
Heads up!

Java malware exploit -- affecting unix:

http://reviews.cnet.com/8301-13727_7-57563567-263/new-malware-exploiting-java-7-in-windows-and-unix-systems/

From the article:

"...while so far has not focused on OS X, may be able to do so given OS X is largely similar to Unix and Java is cross-platform."

"Even though the exploit has not been seen in OS X, Apple has taken steps to block it by issuing an update to its built-in XProtect system to block the current version of the Java 7 runtime and require users install an as of yet unreleased version of the Java runtime (release b19). "

I keep Java in Safari on my OS X 10.5x turned off, yet occasionally need it to run some open-source image processing software developed by the NIH.

Does it appear to you that we Mac users should disable -- or even uninstall -- Java at this time?

46 posted on 01/12/2013 7:40:04 AM PST by TXnMA ("Allah": Satan's current alias... "Barack": Allah's current ally...)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Vinnie
I went in to Firefox and disabled javascript. Now I can't use my homepage in Excite

Java is not javascript (the latter simply stole part of the name). Turn javascript back on and you will be fine as long as you don't surf to unknown potentially malicious websites which is a bad idea no matter what else you do.

Another thing to do is make sure your browser is the most up-to-date version, that way you should have no old but resolved issues with javascript.

47 posted on 01/12/2013 7:42:28 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 38 | View Replies]

To: Vinnie
running Macs

Then if you are using Safari, install click-to-flash. It disables Flash until you ask for a specific flash program to run. It also disables Java until you ask for a specific Java applet to run. It is a time, cpu and battery saver, it disables crappy animated ads (except animated gifs which are harmless) and saves you from getting pwned by malicious flash which would be just as bad as getting pwned by malicious java.

48 posted on 01/12/2013 7:46:41 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 38 | View Replies]

To: TXnMA

Install click-to-flash. It will protect you from malicious flash which has and will continue to appear. It will also disable java applets until you click on them (knowing that you want them to execute). It saves time, battery, memory, and protects you all at the same time.


49 posted on 01/12/2013 7:49:06 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 46 | View Replies]

To: Colonel_Flagg
“Java Jive”

LOL! Great. Now I have to go listen to it. :-)

50 posted on 01/12/2013 7:54:06 AM PST by VeniVidiVici (Bathhouse Barry wants YOU to bend over for another four years)
[ Post Reply | Private Reply | To 45 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-63 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson