Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Experts urge PC users to disable Java, cite security flaw
reuters.com ^ | Jan 10, 2013 5:06pm EST | Jim Finkle

Posted on 01/10/2013 2:51:44 PM PST by alancarp

[No quote due to Reuters source. Title is accurate representation of article. Please see link.]

(Excerpt) Read more at reuters.com ...


TOPICS: Business/Economy; Culture/Society; Technical
KEYWORDS: computers; java; oracle; security
Navigation: use the links below to view more comments.
first 1-2021-39 next last

1 posted on 01/10/2013 2:51:52 PM PST by alancarp
[ Post Reply | Private Reply | View Replies]

To: alancarp

I uninstalled Java several months ago. I only had one program that needed it, and I figured out another program to use for that task.

Remember that Java and JavaScript are two different things from different companies.

These two podcasts will get anyone who wants it up to speed, even though they’re a few months old.

http://www.grc.com/sn/sn-367.htm
http://www.grc.com/sn/sn-368.htm


2 posted on 01/10/2013 3:00:32 PM PST by MarineBrat (Better dead than red!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; Salo; JosephW; Only1choice____Freedom; amigatec; stylin_geek; ...

3 posted on 01/10/2013 3:03:20 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: AdmSmith; Big Giant Head; grey_whiskers; Brandybux; dfwright; Bikkuri; Dacula; BuddaBudd; mbj; ...

4 posted on 01/10/2013 3:03:44 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: alancarp

“machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack.”

Yikes! I wish the article was more specific about the kind of damage the “attacks” do. I am only speculating that more harm could be done to older versions of Windows in particular, such as hiding entries in the Windows Registry.


5 posted on 01/10/2013 3:07:40 PM PST by TexasRepublic (Socialism is the gospel of envy and the religion of thieves)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MarineBrat

Perhaps this might be a good time to review how to uninstall in Windows, Mac and Linux?

(saying that partly, from personal lack of experience at it)


6 posted on 01/10/2013 3:07:54 PM PST by Cringing Negativism Network
[ Post Reply | Private Reply | To 2 | View Replies]

To: Cringing Negativism Network

How do I uninstall Java on my Windows computer?
http://www.java.com/en/download/uninstall.jsp

How do I uninstall Java 7 for my Mac?
http://www.java.com/en/download/help/mac_uninstall_java.xml

Here’s a useful page provided by Mozilla to check to see if you’re up to date with your browser plugins.

https://www.mozilla.org/en-US/plugincheck/


7 posted on 01/10/2013 3:14:31 PM PST by MarineBrat (Better dead than red!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: MarineBrat

Thank you very much.


8 posted on 01/10/2013 3:17:26 PM PST by Cringing Negativism Network
[ Post Reply | Private Reply | To 7 | View Replies]

To: MarineBrat

Thank you, MarineBrat!


9 posted on 01/10/2013 3:18:09 PM PST by Zuben Elgenubi
[ Post Reply | Private Reply | To 7 | View Replies]

To: MarineBrat

Firefox says that I have Java Deplyment Tool Kit.
Should I uninstall that?
It is the only reference to Java on my Windows XP
Thanks


10 posted on 01/10/2013 3:24:15 PM PST by AlexW
[ Post Reply | Private Reply | To 7 | View Replies]

To: alancarp

Nothing like throwing the baby out with the bathwater. The referenced problem is with Java browser plugins, not standalone Java. Yes, standalone Java probably has other security issues, but some of us need it and it is not nearly as exposed. In fact, I need the plugin, also, but haven’t yet decided what action to take if any.


11 posted on 01/10/2013 3:33:44 PM PST by steve86 (Acerbic by Nature, not Nurture™)
[ Post Reply | Private Reply | To 1 | View Replies]

To: alancarp
Here's the source of the FUD: http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ with this screen shot:

Does it make sense to request an exe with your browser? No. I suppose it could be an obfuscated link in a web page. But how does it involve java?

12 posted on 01/10/2013 3:38:51 PM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 1 | View Replies]

To: AlexW

Before you uninstall Java, you need to determine what programs it might impact.

IIRC, and maybe it was only earlier versions, but Firefox used to require Java. That may have been some of the add-ons, but I recall getting messages to install or upgrade Java when I upgraded Firefox.

Many web pages require Java. My cable ISP email requires it for HTML mode.

I have several Windows programs that require Java.

==

Without more information of this ‘threat’, I am not going to be too concerned about it. If it is serious, Oracle will probably release an upgrade to Java soon.


13 posted on 01/10/2013 3:40:52 PM PST by TomGuy
[ Post Reply | Private Reply | To 10 | View Replies]

To: palmer

Upon further reflection, maybe the screen shot is the end of exploit where the java is now requesting some program to run via the browser. I believe java is allowed to make outgoing http connections to fetch data that it might need. I suppose a buggy version could fetch an exe and run it...


14 posted on 01/10/2013 3:47:08 PM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 12 | View Replies]

To: palmer
But how does it involve java?

If you follow the link to http://malware.dontneedcoffee.com/ you can clearly see how java is involved.

15 posted on 01/10/2013 3:48:27 PM PST by steve86 (Acerbic by Nature, not Nurture™)
[ Post Reply | Private Reply | To 12 | View Replies]

To: alancarp

Additional detail over at Ars-
http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/


16 posted on 01/10/2013 3:49:54 PM PST by Slainte
[ Post Reply | Private Reply | To 1 | View Replies]

To: alancarp

Techie bookmark.


17 posted on 01/10/2013 3:59:28 PM PST by Sergio (An object at rest cannot be stopped! - The Evil Midnight Bomber What Bombs at Midnight)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sergio

bump


18 posted on 01/10/2013 4:03:45 PM PST by Chickensoup (200 million unarmed people killed in the 20th century by Leftist Totalitarian Fascists)
[ Post Reply | Private Reply | To 17 | View Replies]

To: steve86

nope I don’t see it. It doesn’t have much more than the screenshot I posted. The only other relevant screenshot they show is the browser asking for some jar file, presumably that’s what has the bad java in it. Then the renegade java asks for an exe and runs it.


19 posted on 01/10/2013 4:06:41 PM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 15 | View Replies]

To: alancarp

I’ve been advising friends consider running their web browsers in a Sandbox via Sandboxie. http://www.sandboxie.com/

I run my browser in Sandboxie but, also on a non-persistent (load only) RAMdrive too (using Primo Ramdisk). It’s faster running from a ramdisk, and probably one of the most secure configs possible on Windows.


20 posted on 01/10/2013 4:12:55 PM PST by brandon24
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-39 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson