JAVA Warning

US government advises computer users to disable Java software

WASHINGTON – The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks. The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts. Experts believe hackers have found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief. Java is a widely used technical language that allows computer programmers to write a wide variety of Internet applications and other software programs that can run on just about any computer's operating system. Oracle Corp. bought Java as part of a $7.3 billion acquisition of the software's creator, Sun Microsystems, in 2010. Oracle, which is based in Redwood Shores, Calif., had no immediate comment late Friday.

http://www.foxnews.com/tech/2013/01/12/us-government-advises-computer-users-to-disable-java-software/?cmpid=cmty_other_US_government_advises_computer_users_to_disable_Java_software

I heard a news blurb and received a couple email FWDs from friends about this. Is this something we need to do ASAP?

GRM IT's please weigh in.

My kids run my network and they are hardcore Minecraft users which runs on Java. Color me interested.

The "disable" part is referring to the Java plugin in the browser, not necessarily deinstalling Java from your machine.

The security vulnerability is already being exploited for drive-by downloads etc so yes, you want to disable the Java plugin in your browsers (or stop visiting "those" websites ). Not sure how bad it is if you're running a non-Windows OS but on a fully patched up Windows 7, you're still vulnerable and there have been issues with virus scanners not detecting Java exploits in the recent past so I wouldn't rely on them to protect you.

Install a script blocker plug in and only turn on the scripts you trust. That is what I do.

Java != Javascript in this case, though.

Okay, pretend I'm an idiot (yeah...pretend, that's it...) - how does one go about disabling Java in, say, Firefox 18.0?

I'm on an IPad. Should I be worried?

IIRC Firefox disables it automatically since v17.

That said, if you go to the "Addons" menu, there is a tab for plugins. On mine, the "Java Applet Plug-in" is showing as disabled.

In reply to FFRY:

iPads don't run Java.

Ok, I saw a disable JavaScript option in my safari options. Wasn't sure.

@FFRY, that's just the confusing naming, fortunately - as mentioned above, Javascript and Java are two very different languages. This problem only affects Java.

someone smarter than me have suggestions for chrome.

http://nakedsecurity.sophos.com/2012/08/30/how-turn-off-java-browser/

for Chrome users:

http://nakedsecurity.sophos.com/how-to-disable-java-chrome/

Java page:

http://java.com/en/download/installed.jsp

This must be a popular search today, when I only typed in "how to" in search, "disable Java" was first up

ok, so I disabled anything that said Java, now what?

I didn't read the rest of the thread, but when I worked for a Defense company Java and Adobe were frequently pulled from use for security threats.

IMO, the presence of Java and Adobe are security threats. I just keep an eye on things and keep on truckin'.

BoxheadTim wrote: In reply to FFRY: iPads don't run Java.

Yep.

Part of the genius of Steve Jobs.