The weekly -- sometimes daily -- security scares that occur with the
Java programming language are starting to remind me of the old
whack-a-mole arcade game.
Researchers or hackers discover a major flaw in Java. Java's
developer, Oracle, whacks it with a patch. Another mole pops up. Oracle
whacks it with a patch. Many experts say Oracle is losing this game, or
isn’t trying very hard to win. And computer users are paying the price.
When a vulnerable version of Java is active in a Web browser,
visiting a compromised website is all it takes for crooks to sneak
malware on to your computer. In most cases, you won't even know the site
is compromised until it's too late.
Here's how to stay safe: Stop using Java -- or stay on top of the upgrades and use Java a lot more guardedly.
I'm going to help you do just that.
But first: What the heck is Java, and why is it capable of scalding your computer?
First developed back in 1995, Java became ubiquitous almost overnight
because it allowed programmers to write one program and use it on
Windows, Apple OS X and other operating systems.
Today, Internet browsers use Java for interactive Web content, such
as popular online games. Computers use it to run useful programs such as
the free Office alternative LibreOffice,
and Adobe Creative Suite. And Java is pre-installed on most new
systems. It's estimated that Java is running on 850 million computers
around the world.
It's no wonder Java is a major target for hackers. It doesn't help
that users frequently don't know it's installed and run outdated
versions.
Java's security holes woke up Apple users last year when more than
600,000 Macs became infected with the Flashback malware that targeted
Java.
Since then, moles have kept popping up through other holes. In
response to the most recent exploit, the Department of Homeland Security
a couple of weeks ago recommended that all Internet users disable Java
in their browsers.
Apple and Mozilla have turned off Java plug-ins automatically in the latest editions of the browsers Safari and Firefox, respectively. But it doesn’t hurt to double-check that Java is turned off.
Fortunately, the latest version of Java has a one-click button just
for that purpose. That's handy because disabling it manually was a
hassle, especially in Internet Explorer.
First, make sure you have the most recent version of Java from Oracle's site. The latest release as of this writing is Version 7 Update 11.
To bring up Java's new security settings, go to Start>Computer and type "Javacpl.exe" in the search bar.
If it doesn't appear, you may have to find it manually. Go to
Start>Computer and open your Local Disk (C:). Go to Program Files
(x86)>Java>jre7>bin and scroll down until you see
"javacpl.exe". On 32-bit computers, the file is in Program
Files>Java>jre7>bin.
Run javacpl.exe to load Java's control panel and select the Security
tab. Uncheck the box that says "Enable Java content in the browser."
Then restart any browsers you have running.
Mac users can find the setting by going to System Preferences and
clicking on the Java icon -- it looks like a steaming cup of coffee.
This will disable Java in your browser, but still let you use it for desktop programs.
Warning: If you do head into your browser settings to check that Java
is disabled, you might see something called JavaScript. Don’t disable
JavaScript! It's a different animal and has no security issues.
Although it's safer to run Java for a desktop program, it's best to get it off your machine if you don't need it.
In Windows, go to Start>Control Panel and click the Uninstall a
program link. Find Java on the list of programs -- you might see
multiple installations of Java 6 and 7 -- and uninstall any versions you
see.
In OS X 10.7 and 10.8, go to Macintosh
HD/Library/Java/JavaVirtualMachines/ and remove the 1.7.0.jdk file.
Older versions of OS X might be running Java 6.
Even if you're keeping Java, you want to make sure you only have the
latest version installed. Older versions leave your system vulnerable.
Follow the steps above to remove the older versions.
If you need Java for a website or two that you know are absolutely
trustworthy, you can enable Java briefly using the security control
panel and then disable it again. Just make sure you stay on the
trustworthy site
while Java is enabled.
1 التعليقات:
many thanks
إرسال تعليق