Java threat?

[Foxfyre]

Just checked the list of stuff installed in the Control Panel and I don't think I have Java on this computer.

 

[Mr. H.]

The only way to disable Java in Internet Explorer is through the Java Control Panel. Launch it as described above, click the Advanced tab and expand the item titled Default Java for browsers. Un-check the boxes for Microsoft Internet Explorer. You may need to click the item and press spacebar in order to clear the checkmarks.

Just now performed this task.
There is also a tab under "advanced" labeled "security". I also expanded that. Some items are checked and some not. Didn't understand any of it, so left it as is.

If you have Windows 7, open the search box (lower left) and type "java". Then click it to open that control panel.

 

[Ringel05]

The only way to disable Java in Internet Explorer is through the Java Control Panel. Launch it as described above, click the Advanced tab and expand the item titled Default Java for browsers. Un-check the boxes for Microsoft Internet Explorer. You may need to click the item and press spacebar in order to clear the checkmarks.

Just now performed this task.
There is also a tab under "advanced" labeled "security". I also expanded that. Some items are checked and some not. Didn't understand any of it, so left it as is.

If you have Windows 7, open the search box (lower left) and type "java". Then click it to open that control panel.

Only works if you have Java 7 update 10, that control feature is not in the previous versions so the only option is updating then disabling or uninstalling Java entirely.

 

[Foxfyre]

Don't you think though that since this warning has gone viral, that a patch will be forthcoming immediately?

 

[Ringel05]

Don't you think though that since this warning has gone viral, that a patch will be forthcoming immediately?

Not sure. From what I've read this is a hole that is very difficult to plug because of it's primary function within Java.

 

[Mr. H.]

The only way to disable Java in Internet Explorer is through the Java Control Panel. Launch it as described above, click the Advanced tab and expand the item titled Default Java for browsers. Un-check the boxes for Microsoft Internet Explorer. You may need to click the item and press spacebar in order to clear the checkmarks.

Just now performed this task.
There is also a tab under "advanced" labeled "security". I also expanded that. Some items are checked and some not. Didn't understand any of it, so left it as is.

If you have Windows 7, open the search box (lower left) and type "java". Then click it to open that control panel.

Only works if you have Java 7 update 10, that control feature is not in the previous versions so the only option is updating then disabling or uninstalling Java entirely.

Sheesh. This gets more bizarre by the minute LOL.

 

[waltky]

Dey workin' onna fix...

Oracle Corp to fix Java security flaw "shortly"
12 Jan.`12 - Oracle Corp said it is preparing an update to address a flaw in its widely used Java software after the U.S. Department of Homeland Security urged computer users to disable the program in web browsers because criminal hackers are exploiting a security bug to attack PCs.

"A fix will be available shortly," the company said in a statement released late on Friday. Company officials could not be reached on Saturday to say how quickly the update would be available for the hundreds of millions of PCs that have Java installed. The Department of Homeland Security and computer security experts said on Thursday that hackers figured out how to exploit the bug in a version of Java used with Internet browsers to install malicious software on PCs. That has enabled them to commit crimes from identity theft to making an infected computer part of an ad-hoc computer network that can be used to attack websites.

Java is a computer language that enables programmers to write software utilizing just one set of codes that will run on virtually any type of computer, including ones that use Microsoft Corp's Windows, Apple Inc's OS X and Linux, an operating system widely employed by corporations. It is installed in Internet browsers to access web content and also directly on PCs, server computers and other devices that use it to run a wide variety of computer programs. Oracle said in its statement that the recently discovered flaw only affects Java 7, the program's most-recent version, and Java software designed to run on browsers.

Java is so widely used that the software has become a prime target for hackers. Last year, Java surpassed Adobe Systems Inc's Reader software as the most frequently attacked piece of software, according to security software maker Kaspersky Lab. Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. Microsoft Windows and Internet Explorer were involved in about 3 percent of incidents, according to the survey.

The Department of Homeland Security said attackers could trick targets into visiting malicious websites that would infect their PCs with software capable of exploiting the bug in Java. It said an attacker could also infect a legitimate website by uploading malicious software that would infect machines of computer users who trust that site because they have previously visited it without experiencing any problems. They said developers of several popular tools, known as exploit kits, used by criminal hackers to attack PCs, have added software that allows hackers to exploit the newly discovered bug in Java.

Security experts have been scrutinizing the safety of Java since a similar security scare in August, which prompted some of them to advise using the software only on an as-needed basis. At the time, they advised businesses to allow their workers to use Java browser plug-ins only when prompted for permission by trusted programs such as GoToMeeting, a Web-based collaboration tool from Citrix Systems Inc. Java suffered another setback in October when Apple began removing old versions of the software from Internet browsers of Mac computers after its customers installed new versions of its OS X operating system. Apple did not provide a reason for the change and both companies declined to comment at the time.

Oracle Corp to fix Java security flaw "shortly" - Yahoo! News

 

[Foxfyre]

Well us untechie types will probably just wait for the fix rather than try to dismantle something in our computer that we'll turn out to need and won't remember how to get back to fix whatever we undo.

 

[Flopper]

Don't you think though that since this warning has gone viral, that a patch will be forthcoming immediately?

The people at Oracle have been plugging security problems for years and hackers keep finding vulnerability. Updating Java to the current release and turning it off for all browsers is very quick and easy. It you click on something that requires Java, you will most likely get a message that tells you Java is required. Then you just go to your control panel and the Java application and enable it and restart your browser. I've done this and have had no problem since most web sites don't use client side java.

Most client side java is used when the selection on the web page requires a lot of computing. So rather than do all that computing on the server they use java in your computer. In other words they use your computer to do the work instead of theirs. Since most web sites don't do a lot of heavy duty computing, they don't bother with Java client software. The only site I am familar with that uses a lot of Java is Morningstar which does a lot of mutual fund and stock analysis in their tools section.

 

[Wonky Pundit]

Here's what I've managed to learn about this Java threat:

It appears to be directed only to Java version 7. So go here to find of what version you have: Verify Java Version

I did that and found out I don't have Java. I still don't know what it is or what it does, but if I don't have it and my computer is working just fine, what good is it? Can anyone tell me?

If you don't have other software that depends on having Java installed, then you don't need Java.

You and your double fucking negatives...

That weren't no double negative. Those are things up with which I can't put.

 

[Ringel05]

Looks like Java has fixed the hole..... for now..... The latest emergency update is available. Download and reinstall Java from the site. Unless you are an Ask fan, unselect the Ask toolbar install option when it appears or spend a couple of hours trying to figure out how to get it off you computer.

 

[Procrustes Stretched]

I just installed an update after being notified. It dealt with security concerns.

I rarely get notices, as opposed to a continual pop-up thing.

you have to delete programs and task bars and other unwanted crap that comes with things you downloads. some downloads have a box or boxes checked that end up adding shit to a browser

 

[Mr. H.]

Thanks. I shall take that under advisement.

 

[waltky]

Think I'll keep it disabled till the 'all clear' is sounded...

Oracle says Java is fixed; feds maintain warning
Jan 14,`13 -- Oracle Corp. said Monday it has released a fix for the flaw in its Java software that raised an alarm from the U.S. Department of Homeland Security last week. Even after the patch was issued, the federal agency continued to recommend that users disable Java in their Web browsers.

"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," DHS said Monday in an updated alert published on the website of its Computer Emergency Readiness Team. "To defend against this and future Java vulnerabilities, consider disabling Java in Web browsers until adequate updates are available." The alert follows on the department's warning late Thursday. Java allows programs to run within websites and powers some advertising networks. Users who disable Java may not be able to see portions of websites that display real-time data such as stock prices, graphical menus, weather updates and ads. Vulnerability in the latest version, Java 7, was "being actively exploited," the department said.

Java 7 was released in 2011. Oracle said installing its "Update 11" will fix the problem. Security experts said that special code to take advantage of the weakness is being sold on the black market through so-called "Web exploit packs" to Internet abusers who can use it to steal credit card data, personal information or cause other harm. The packs, sold for upwards of $1,500 apiece, make complex hacker codes available to relative amateurs. This particular flaw even enables hackers to compromise legitimate websites by taking over ad networks. The result: users are redirected to malicious sites where damaging software can be loaded onto their computers.

The sale of the packs means malware exploiting the security gap is "going to be spread across the Internet very quickly," said Liam O'Murchu, a researcher with Symantec Corp. "If you have the opportunity to turn it off, you should." Oracle said it released two patches - to address the flaw highlighted by the government, as well as another flaw that the government said was "different but equally severe." As well, the patches set Java's default security level to "high" so that users will automatically be shown a prompt and given a chance to decline malicious software before it loads onto their computers.

Disabling Java completely in browsers has a similar effect, however. When websites appear without crucial functions, users can click a button to turn Java back on. Making users aware when Java programs are about to be installed gives users a 50/50 chance of avoiding malware, said Kurt Baumgartner, a senior security researcher with Kaspersky Lab. Many programmers are avoiding Java altogether, and its use in Web browsers is on the decline, he said. Kaspersky Lab estimated that last year 50 percent of all website exploitations were due to vulnerabilities in Java. Adobe's Acrobat Reader accounted for another 28 percent of vulnerabilities.

Source