“Disable Java in web browsers” – now! (Homeland Security’s US-CERT)

Another update – Oracle’s hastens release of Critical Patch Update: Java 7 update 13 [link]

Update – Oracle ships Java 7 Update 11 with vulnerability fixes, increased security level for Java applets [link]

Java has been problem for a long time. When malware attacks surface, the advise has always been to disable Java. Java can run on all browsers on any platform so multiple platforms can be targetted these days – and yes, OS X users are vulnerable too. A year ago, half a million Mac were infected by the Flashback Trojan.

US-CERT just announced that “Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.”

They say they “are currently unaware of a practical solution to this problem,” and so suggest “Disable Java in web browsers“.

Disable Java

So how do I disable Java?

First, be sure you have the most updated version of your browser to fix a wide variety of security and operational issues. In fact, choose to be updated automatically. Just look for anything in your menu that says “check for updates”.

With your updated browser, then disable Java:

  • Safari: Preferences > Security > uncheck “Enable Java”.
  • Camino: Preferences > Web Features > uncheck “Enable Java”
  • Firefox: Tools > Add-ons > Plug-ins > Disable the Java plug-in
  • Opera: Tools > Advanced > Plug-ins > Disable the Java plug-in
  • Chrome: Settings > Show Advanced Settings > Privacy > Content Settings > Plug-Ins > Disable individual plug-ins > Disable the Java plug-in

For browsers on Windows platforms, see: java.com for instructions for the Java Control Panel.

A quick and simple fix, but its up to you.

The digitally illiterate are a liability

Sadly, the fact that regular Joe users are in a state of vulnerability is not new.

In 2004, the US-CERT, the Department of Homeland Security’s United States Computer Emergency Readiness Team reported that “Microsoft Internet Explorer (IE) does not adequately validate the security context of a frame that has been redirected by a web server,” thus rendering it vulnerable to hacks.

Otterman speaks...(2003-2007)

CERT actually suggested people “use a different web browser.”

In those days, I was a Firefox evangelist to my pc-wielding friends as was Ladybug. Security aside, Firefox (formerly Firebird) was faster and safer. And the logo is a lovely Red Panda, how to resist?

However, 95% of all users were using a slow and ineffective Internet Explorer with no thought to alternatives. Digital literacy isn’t usually high and students in my adult classes couldn’t tell me which browser they were using. With prompting they recognised the blue E though.

Top 5 Browsers from Dec 2011 to Dec 2012 | StatCounter Global Stats

These days, the browser market share is more diverse and Chrome is pulling ahead of IE worldwide. In Singapore, StatCounter estimates the distribution is 33.4% Chrome, 30.2% IE, 18.9% prefix and 15.2% Safari and 1.1% Android.

We’ve been exposed to hacks and reminders to update software often, and the process and bandwidth to do so is easier.

Still the old advise hasn’t changed. Be alert online, whether surfing the internet or Facebook, don’t click anything suspicious! Be wary of sweet deals. You are a liability to your friends when you expose yourself to malware. Alert them when you run afoul. Ask for help and tech-savvy friends will help. People are usually empathetic about this.

If you think your friends account has been compromised, hacked or is relaying suspicious links, alert them by a call or message immediately. Save them from further embarrassment and everyone else from possible infection!

Further reading

  • “New malware exploiting Java 7 in Windows and Unix systems,” by Topher Kessler. CNet MacFixit, 11 Jan 2013.
  • Reuters article in Today Online: “Disable Java: US Govt issues additional warnings as security concerns escalate.”
  • Resolved: How to Keep Your Computer Safe, Clean, and Backed Up in 2011. Lifehacker, 2011.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s