Pinterest Stumbleupon Whatsapp
Advertisement

is java safeOracle’s Java plug-in has become less and less common on the Web, but it’s become more and more common in the news. Whether Java is allowing over 600,000 Macs to be infected or Oracle is sitting on their hands and only patching a serious Java vulnerability four months after it’s initially reported, news about the Java plug-in is rarely good.

We’ve touched on why browser plug-ins in general are one of the biggest security problems on the web today Browser Plugins - One Of The Biggest Security Problems On The Web Today [Opinion] Browser Plugins - One Of The Biggest Security Problems On The Web Today [Opinion] Web browsers have become much more secure and hardened against attack over the years. The big browser security problem these days is browser plugins. I don’t mean the extensions that you install in your browser... Read More . The reality is that you probably don’t need Java installed The Top 6 Things To Consider When You Install Java Software The Top 6 Things To Consider When You Install Java Software Oracle’s Java runtime software is required to run Java applets on websites and desktop software written in the Java programming language. When installing Java, there are a few things you should consider, especially regarding security.... Read More , and if you don’t need it, you should disable it to keep yourself safe. If you do need the Java plug-in for something (this is fairly rare), you should keep it up-to-date and consider running it in a separate browser so malicious websites can’t abuse Java.

The Case Against Java

One of the most famous cases of Java being used to exploit computers was the Flashback Trojan on Macs New Variant Of Flashback For Mac Attacks Again [Updates] New Variant Of Flashback For Mac Attacks Again [Updates] Read More . Over 600,000 famously secure Macs succumbed to infection because of Java. Java runs on all platforms, so compromising Java allows you to compromise Windows, Mac, Linux, and all different browsers.

On August 30, 2012, Oracle released a patch for a serious Java security flaw. Days earlier, malicious websites were already using this flaw to infect people’s computers. However, it gets worse – this security bug was reported to Oracle four months earlier (Source). It took four months for Oracle to fix a critical Java problem, and they only did it after it was being exploited in the wild. Worse yet, Java’s default update setting is to check for updates one a month, so it’s possible that many users weren’t upgraded until weeks later – in fact, it’s likely that many people are still using a vulnerable version of Java.

Enough is enough — Java has been subject to a constant series of such vulnerabilities. The average person doesn’t actually use Java, although it’s still available for websites to use in their browser – so disabling Java will increase the average person’s security while not actually taking away anything the average person depends on.

If you don’t know whether you need Java, you probably don’t need it. However, if you aren’t the average person and do need Java, there are some steps you can take to minimize your risk.

Advertisement

How To Disable Java

If you don’t use Java for anything, you can uninstall it from your Control Panel. This will uninstall the Java browser plug-in as well as the Java runtime What Is the Java Virtual Machine & How Does It Work? What Is the Java Virtual Machine & How Does It Work? Though it isn't strictly necessary to know it works in order to program in Java, it's still good to know because it may help you become a better programmer. Read More , which allows desktop applications written in Java to run on your computer.

If you don’t know whether you need the Java runtime for any desktop applications you use, you can always uninstall it and reinstall it later if an application tells you you need it.

is java safe

However, if you do need the Java runtime, you can disable the Java plug-in in your browser – Java will still be available for desktop applications to use, but websites won’t be able to access it.

To disable Java in Google Chrome, type chrome://plugins into your address bar, press Enter, and then click the Disable link under the Java plug-in.

is java safe to use

To disable Java in Mozilla Firefox, open the Add-ons window from the Firefox menu, select the Plugins category, and click the disable button next to each installed Java plug-in.

is java safe to use

To disable Java in Safari 4 Reasons I'll Be Switching To Safari 6 [OSX Mountain Lion] 4 Reasons I'll Be Switching To Safari 6 [OSX Mountain Lion] Until now I’ve put Safari firmly in the same box of horrible things as Internet Explorer - a sluggish, default browser that’s only purpose in life is to download other shinier and faster browsers. Safari... Read More , uncheck the Enable Java checkbox on the Security tab in Safari’s Preferences window.

is java safe to use

To disable Java in Opera Five Irresistable Reasons Why You Should Take Opera 11 For A Serious Spin Five Irresistable Reasons Why You Should Take Opera 11 For A Serious Spin In truth, Opera 11 is an absolutely amazing browser. If you take Opera as a “secondary” browser and only use it now and then, you may just fall in love with it. Here are some... Read More , type opera:plugins into your address bar, press Enter, and then click the Disable link next to each installed Java plug-in.

are java updates safe

Disabling Java in Internet Explorer 7 Useful Tips & Tricks For Internet Explorer 9 Users 7 Useful Tips & Tricks For Internet Explorer 9 Users Tech websites write a lot about Google Chrome and Mozilla Firefox, so it’s easy to feel a bit left out if you use Internet Explorer. Internet Explorer 9 is easily the best version of Internet... Read More is extremely complicated.  As US-CERT notes:

Disabling the Java plug-in for Internet Explorer is significantly more complicated than with other browsers. There are multiple ways for a web page to invoke a Java applet, and multiple ways to configure Java Plug-in support. Microsoft has released KB article 2751647, which describes how to disable the Java plug-in for Internet Explorer. However, we have found that due to the multitude of ways that Java can be invoked in Internet Explorer, their guidance (as well as our prior guidance) does not completely disable Java.

Many of their methods for disabling Java only disable specific versions, so Java will be re-enabled when it updates to a new version. Even deleting Java’s plug-in files won’t help – they’ll be recreated when Java updates. The most effective way to disable Java in Internet Explorer is by uninstalling it completely. If you do need Java installed on your computer, you probably shouldn’t use Internet Explorer.

Using Java Safely

If you do need Java, there are some steps you can take to reduce the security problems you’re exposed to.

First, update Java often! Oracle’s updates only help if you install them. As we mentioned, Java checks for updates once a month by default – this is not good; there’s a reason modern browsers and operating systems check for updates once a day.

You can increase the update-check frequency from the Java control panel. (Open the Windows Control Panel, click Programs, and select Java to open it.) Click the Advanced button on the Update tab and tell Java to check for updates daily. When a Java icon pops up in your system tray with an available update, install it as soon as possible.

is java safe

Second, consider using a separate browser when you need Java. For example, you can use Chrome or Firefox with Java disabled for most of your web-browsing, your online banking, and everything else. When you need to use a website that requires Java, you can open Internet Explorer (or another browser with Java enabled) and use only the website that requires Java. This helps keep you secure – the majority of websites you visit won’t be able to use Java.

Do you still have the Java plug-in installed? Do you still use websites that depend on it? Or do you think we’ve gone overboard by recommending people disable it? Leave a comment and share your opinion!

Leave a Reply

Your email address will not be published. Required fields are marked *