2

Homeland Security advises disabling or uninstalling Java – With good reason…

Sun Microsystems Java

This week, the Department of Homeland Security suggested disabling or uninstalling Java based on a CERT publication where they announced Java 7 fails to restrict access to privileged code. That original posting has been updated as recently as today, January 12, 2013.

What does it all mean?

Well, in a nutshell, if you have the vulnerable version of Java on your Mac, Windows or Linux PC and happen upon a nasty bit of code designed to exploit the Java “zero day” vulnerability, your machine can be completely taken over.

Right now, the web forums are abuzz with tales of Apple Mac jackings, Linux anommolies and Windows x malware.  The numbers of postings have ramped up considerably over the last couple days, leading me to believe this is a valid concern.

We recommend that no matter which platform you are on, that use use extreme caution while browsing and consider disabling Java on your browsers as well.

Here’s what CERT has to say: (taken from the article linked above)

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workarounds:
Disable Java in web browsers

Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. Please see the Java documentation for more details.
Note: Due to what appears to potentially be a bug in the Java installer, the Java Control Panel applet may be missing on some Windows systems. In such cases, the Java Control Panel applet may be launched by finding and executingjavacpl.exe manually. This file is likely to be found in C:\Program Files\Java\jre7\bin or C:\Program Files (x86)\Java\jre7\bin.
Also note that we have encountered situations where Java will crash if it has been disabled in the web browser as described above and then subsequently re-enabled. Reinstalling Java appears to correct this situation.
System administrators wishing to deploy Java 7 Update 10 or later with the “Enable Java content in the browser” feature disabled can invoke the Java installer with the WEB_JAVA=0 command-line option. More details are available in the Java documentation.

 

If for any reason you believe your machine may have already been exploited, contact an service professional immediately.

If we can assist you with this, please let us know. We provide computer service and repair in the Greenville, Spartanburg and Anderson Upstate area.

You can call us at 864-990-4748 M-F, 8:30 – 5:30.

Comments 2

  1. Reply
    1. Reply

      Ron,

      Many still believe *ANY* version of Java is a vulnerable version. More organizations that I can shake a stick at have disabled Java on their user’s machines.

      I personally believe that running the latest version, with all patches applied as they come out is the best idea, if you are going to use it at all.

      Thanks for reaching out!

Leave a Reply

Your email address will not be published. Required fields are marked *