Thursday, 17 January 2013

Turn off Java on your browser

Due to the vulnerability on Java Plugin users have been advised to disable java on their browser. Note that Java is completely different from Java script. Disabling  Javascript thinking is also part of java will yield an unexpected result on the browser because most websites are coded in java script, AJAX. On the browser Javascript helps to craft the look and feel of your website. That doesn't mean there aren't security risks from JavaScript. There are, but they're different to the ones posed by Java, and they're generally fixed or patched directly by your browser vendor. JavaScript is very commonly used in modern websites. In fact, you won't get very far without it on many of the popular sites out there.

On the other hand, Java, made by Oracle, is a software package installed separately from your browser. It can be used for creating and running all sorts of regular-style software: web servers, code editors, word processors and much more. These are called applications, just like any other application such as Microsoft Word or Apple iMovie. Java also provides a plugin system that allows stripped-down Java programs called applets to run inside your browser. They aren't integrated with your browser like JavaScript programs, and their security generally depends on the Java system itself, not on your browser. Nevertheless, there have been several recent and widely-abused bugs in the applet part of Java that make your browser insecure. Time and time again we're seeing examples of cybercriminals exploiting flaws in Java to infect innocent users' computers.

For instance, earlier this year we saw more than 600,000 Macs infected by the Flashback malware because of a Java security flaw. In fact, it has become increasingly common to see malware authors exploiting vulnerabilities in Java - as it is so commonly installed, and has been frequently found to be lacking when it comes to security. Cybercriminals also love Java because it is multi-platform - capable of running on computers regardless of whether they are running Windows, Mac OS X or Linux. As a result it's not unusual for us to see malicious hackers use Java as an integral part of their attack before serving up an OS-specific payload. Seriously though, stop reading this article now and check if you have disabled Java or not. Chances are that if you don't think that you need Java, you don't need it. Even if you absolutely must use websites that require you to have Java installed, why not disable it in your main browser and have an alternative browser just for visiting that website? What you need to do now is reduce the opportunities for attack. For most people that means disabling Java - and doing it now.

So i recommend that you turn off Java in your browser.

Most recently, in January 2013, a new zero-day flaw affecting Java in web browsers was exploited. Apple and Mozilla are doing things to help fight the problem for their users, but you may decide that you still need to take steps yourself. There will be many pointing fingers at Oracle and arguing that it has not taken the security flaws seriously, but the accusations that are bound to fly aren't actually going to help the millions and millions of vulnerable devices out there. Those devices need a patch from Oracle - but as it may not be available for some time, the best advice I can give you is to disable Java.

No comments:

Post a Comment