Page 1 of 4 123 ... LastLast
Results 1 to 15 of 59
  1. #1
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts

    Disable Java plugins to avoid new zero-day attack

    The Register and others are reporting a new zero-day exploit that targets Java Runtime 1.7. Recommended actions include disabling all browser based Java plugins. Dropping back to JRE 1.6 is not recommended as that may open other vulnerabilities.

    Link to original Malware Intelligence article.

    Link to The Register article.

    Link to Sophos article

    /Disclaimer: I have no way to verify the provenance or significance of the reports.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 928 Times in 851 Posts
    Unless someone has specific needs for Java (an app that needs it or a special website) many are now uninstalling Java altogether. I did and have had no adverse affects.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  4. #3
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    You're right Ted, removing Java altogether will protect the user, however many websites will not function as the designer intended. Will the user notice if the website doesn't function correctly? Possibly not, because modern browsers should fail graciously.

    There are quite a few programs (albeit some of them are fairly specialised) that require Java to run. I guess the the biggest headline app that requires Java is Open/Libre Office, but there are many others. I have several productivity apps that require Java and although I might be able to find alternatives, they may be a lot more expensive and require testing.

    For me, Java is a necessary evil. However, Ted's advice is valid. If you do not need Java, take an image backup and remove it. If things break, you can always revert to the image.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  5. The Following User Says Thank You to Tinto Tech For This Useful Post:

    bobprimak (2012-09-06)

  6. #4
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 207 Times in 181 Posts
    Many websites Tinto? Surely just a few ... I've not had Java installed for months and I can only think of 3 or so that I've visited since that require Java, 1 of them has a Flash alternative anyway.

    OOO etc. only require Java to run the wizards from what I recall, the office suites work fine without it.

  7. #5
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,611
    Thanks
    66
    Thanked 524 Times in 473 Posts
    Many online games use Java. Several of the word games the wife and I play regularly use it. I expect that Java will have an update shortly if it hasn't already. If you have up to date Virus protection and keep Java updated, I don't think there's a major danger. This may be overhyped similar to the "uninstall all you gadgets" warning. But to each his own. All my clients have Java enabled and I haven't run across a Java infection yet.

    Jerry

  8. #6
    Lounger
    Join Date
    Jun 2012
    Posts
    30
    Thanks
    4
    Thanked 0 Times in 0 Posts
    I took a quick look at Install/Remove Programs in Control Panel and didn't see anything identified as Java. Is it a program that someone would have to choose to install themselves, not automatically included on a PC? Or is there another name I should look for in the Control Panel? Thanks.

  9. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,172
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    Quote Originally Posted by EmiLee View Post
    I took a quick look at Install/Remove Programs in Control Panel and didn't see anything identified as Java. Is it a program that someone would have to choose to install themselves, not automatically included on a PC? Or is there another name I should look for in the Control Panel? Thanks.
    Yes, in most circumstances, you'd need to install it yourself.

  10. #8
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,719
    Thanks
    78
    Thanked 335 Times in 303 Posts
    No, it's not normally included. If it's not under J you probably haven't got it: How do I uninstall Java on my Windows computer?

    Bruce

  11. The Following User Says Thank You to BruceR For This Useful Post:

    bobprimak (2012-09-06)

  12. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Tn, USA
    Posts
    6
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Java(TM) is easy to spot-at least in Vista-no need to go to Change/Uninstall-just open Control Panel & if Java(TM) is installed you'll see the 'steaming' coffee cup with JAVA under the logo. And yes it could have been included by the OEM along with many other 'crapware' programs. I uninstalled it about 4/5 years ago & haven't looked back. I don't know if the program is still available or not, it was a open source not connected with, at the time, Sun Java. There were at the time 2 developers whose names I don't recall.
    The name of the program was(is) JavaRa. I suppose Google or whatever search engine you prefer could find it.

    Good luck & I hope this helps.

  13. #10
    Lounger
    Join Date
    Jun 2012
    Posts
    30
    Thanks
    4
    Thanked 0 Times in 0 Posts
    The Windows 7 laptop that one of my clients gifted me with is currently at Best Buy, having all the programs loaded by the Geek Squad (hope I don't regret that). Anyway, I just got a call and they said that an older accounting program that I've used for many years needed to have Java installed in order for it to run. It would be more convenient to be able to use my old accounting software, since my needs are modest because my accoutning is very simple and there would be no learning curve or expense of going to another program. However, I decided NOT to have them install Java.

    The tech at Geek Squad told me two things, and I wonder if either was correct:

    (1) He said there is no way to install Java and disable it (only enabling it when I want to use the accounting program offline).

    (2) He said that Hotmail and Yahoo both need Java to access email accounts. I don't see how that could be true, since I don't have Java on this computer and I can access Hotmail (haven't tried Yahoo) just fine.

    He also said as long as I have my security software (Webroot SecureAnywhere) on the computer, I didn't have to worry about Java being explolited. I definitely don't believe that. I've seen plenty of people who are very careful and keep their security software up-to-date but still end up with some kind of infection.

  14. #11
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 928 Times in 851 Posts
    Well I access Hotmail and Outlook.com from both the website and WLM 2012 without Java installed, so that's not correct.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  15. #12
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,719
    Thanks
    78
    Thanked 335 Times in 303 Posts
    Quote Originally Posted by EmiLee View Post
    The tech at Geek Squad told me two things, and I wonder if either was correct:
    I think both were really incorrect.


    Quote Originally Posted by EmiLee View Post
    (1) He said there is no way to install Java and disable it (only enabling it when I want to use the accounting program offline).
    It's possible to disable Java use from a browser but leave it installed for use by a trusted program.

    The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) just issued instructions on how to do that (due to this Java 1.7 issue):

    US-CERT Vulnerability Note VU#636312


    Quote Originally Posted by EmiLee View Post
    (2) He said that Hotmail and Yahoo both need Java to access email accounts. I don't see how that could be true, since I don't have Java on this computer and I can access Hotmail (haven't tried Yahoo) just fine.
    Most webmail sites require Javascript to be enabled ("Active Scripting" in Internet Explorer), but that is different from Java (applets, often animations or games).


    Quote Originally Posted by Tinto Tech View Post
    Dropping back to JRE 1.6 is not recommended as that may open other vulnerabilities.
    Despite The Register's general comment about not downgrading to earlier versions, US-CERT do recommend that as a viable alternative and they provide a link at the bottom of US-CERT Vulnerability Note VU#636312 to download Java 1.6.34.


    Bruce
    Last edited by BruceR; 2012-08-30 at 10:54.

  16. #13
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,719
    Thanks
    78
    Thanked 335 Times in 303 Posts
    An update to Java 7.7 is now available to fix this vulnerability: Java SE Runtime Environment 7 Downloads

    (As just announced in an amended US-CERT Vulnerability Note VU#636312)

    Bruce

  17. #14
    Lounger
    Join Date
    Jun 2012
    Posts
    30
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Thanks, Medico and Bruce, for your replies. You confirmed my suspicions. When I asked him if he meant Javascript when he was speaking about Hotmail and Yahoo mail, he curtly replied, No, I mean Java."

    I told him not to install it and I would try to find another accounting program that would work without Java. If I am unable to find something that will work for me, I may consider installing my old accounting program and then installing Java, but disabling it from doing anything other than run with my accounting program.

    I certainly do appreciate the robust support at this site; it's my go-to site when I'm not sure how to do something (which happens often).

  18. #15
    Lounger
    Join Date
    May 2011
    Posts
    37
    Thanks
    1
    Thanked 1 Time in 1 Post
    This is really discouraging for me. I'm a retired, widowed senior living alone, and I know all about exercising the brain. [heh, about the only exercise I get]

    So I belong to several user groups and news sites to play many games of Sudoku and crossword puzzles. I believe they all require Java.

    Sooo...hmmm...what to do now

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •