A Java security warning was recently issued by the U.S. government, which left many people wondering if they should uninstall or disable the software. And if so, how do you do it?

Java has had problems in the past with security vulnerabilities, but a new one recently discovered in Java 7, the latest version, is raising concerns.

The vulnerability makes it relatively easy for a remote attack on your computer. Hackers send a vulnerable user to a specific HTML document, and from there can execute arbitrary code on the user's system.

The bottom line is that Java's current version makes it easy to get a virus into your computer or otherwise mess with it.

There are two ways to address the issue. If you don't use Java, the easiest way to get peace of mind is just to disable the plugin on your browser. Depending on the browser you have, the directions are slightly different:

- For Mac users who browse via Safari, go to the Menu and select Preferences. Click the tab labeled "Security" and then uncheck "Enable Java."

- For Chrome users, simply type "chrome://plugins/" into the URL box. Then find Java and click "disable."

- For Firefox users, find the "Adds-on" tab or line; it may be under Tools or General, depending on your version, in the "Firefox" tab on the top left of the browser window. When the Add-ons manager tab comes up, select Plugins from the list on the left and click the "Disable" button for anything that mentions Java or Java Applet.

- For Internet Explorer, the directions are more complicated, so check out this tutorial on PC Magazine's website.

http://blogs.findlaw.com/technologist/2013/01/java-security-warning-disable-it-now-homeland-security-says.html?DCMP=CCX-GPL

Figures that the Windows product will make it difficult - another reason to ditch Internet Explorer, didn't anyone learn about virus magnet Outlook?

For Firefox - it is easy to implement, or has been done so by latest release. i upgraded to Firefox version 18, and it prompts me if I want to use the Java application for the website being used. I trusted the site, and clicked 'OK'.

For Firefox users, download/install Quickjava https://addons.mozilla.org/en-US/firefox/addon/quickjava/
and/or NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=search

If you are seriously worried about vulnerabilities, you should uninstall Windows. Any and all versions are affected.

I love Linux. No worries.

I love Linux. No worries.

FWIW, If you're running the Sun JDK, you're affected, even on Linux. Even better reason to run the open source IcedTea JVM :D

FWIW, If you're running the Sun JDK, you're affected, even on Linux. Even better reason to run the open source IcedTea JVM :D

Not worried about it. Quite frankly, I'm just not. And I'll be among the first to get the update because of my development tools.

FWIW, If you're running the Sun JDK, you're affected, even on Linux.

Yep, this one is platform agnostic—all flavors of Windows, Linux and OS X running Java 7 v. 1.7.0_10-b18 are affected.

Quite frankly, telling users to disable Java is asinine. Go ahead, try doing almost anything on almost any website without Java. Quite frankly, it wouldn't surprise me if this was Microsoft paying the government to issue a bogus alert and cause panic to drown Sun, effectively destroying one of their biggest competitors.

If there is truly a security flaw this serious, Sun will have an update available within hours, I guarantee it. They're not going to sit on this.

This new security problem is with Java, and not Javascript, is that right?

I have Java turned off, and have no problems with any site.

This new security problem is with Java, and not Javascript, is that right?

I have Java turned off, and have no problems with any site.

Java, yes. And a lot of sites use it.

http://www.suntimes.com/business/17545655-420/oracle-says-it-will-fix-java-flaw-shortly.html

Like I said, they're on it. I'll bet there's an update before I wake up in the morning. >yawn< Much ado about nothing.

Windows itself has more serious security flaws than that. IE is just a roving security issue. Yet, people still use it every day. The sky is falling, the sky is falling :roll:

FWIW, If you're running the Sun JDK, you're affected, even on Linux. Even better reason to run the open source IcedTea JVM :D

I just checked, because I recently reinstalled Linux on this machine. Eclipse installs Java for me and I didn't even pay attention to what version it installed this time. Used to be it installed the commercial packages and you can still do so. But they've reverted to the OpenSource IceTea version, so that's what I'm running anyway. So >yawn< I can sleep easy and dream about all the stupid Windows users who sneer at OpenSource, scrambling to disable Java on their computers at the whim of Homeland Security. They're gonna be in for a real surprise next time they try to log into their internet banking account and find out they can't because it uses Java.

i don't see many websites that use java anymore. chrome (the browser i use everywhere) prompts me if something wants to run java and has done so long before the last java 7 scare.

i don't see many websites that use java anymore. chrome (the browser i use everywhere) prompts me if something wants to run java and has done so long before the last java 7 scare.

Yeah, I think Kelli is confusing Java with JavaScript. Other than the name, the two have essentially nothing in common.

I occaisionally run a few Java apps from MIT but I rarely run them in a browser. I download them and then run them in the "appletviewer" application

Yeah, I think Kelli is confusing Java with JavaScript. Other than the name, the two have essentially nothing in common.

Nope, I know the difference between the two. A LOT of stuff still uses Java. One of the reasons for it is its cross-platform capability. Maybe I've just not been paying attention as of late, but I know that as recently as this past year I couldn't even use internet banking without it, and my kids game sites, even Disney, have a lot of java applications on them. I suppose it's technically outdated in browsers, but it definitely isn't as far as a programming language for other things. Very much alive and well.

It's extraordinary that the the gov't would take these steps..

And I'd also recognize Java is not unique to Windows.. I find this all to be disturbing..

And yes Paul.. this is unique to the Java plugin, not JavaScript..

My apologies if I ignored previous postings.I was primarily responding to Paul..

Many web apps still use Java, such as for times Direct Printing is needed (Instead of generating a PDF, then letting you print). Google Drive uses it, as an example.

The Java vulnerability has been addressed:


Oracle has now released Java 7 Update 11, and the release notes indicate that it does indeed address the vulnerability. [...]

In addition to the fix for the vulnerability, Java 7 Update 11 also sees a change in the default security level setting from "Medium" to "High". Under the new setting, users will be warned before the Java plug-in runs any unsigned application.

The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.

security expert says it still has bugs:

"...Java security expert Adam Gowdiak, who has discovered several bugs in the software over the past year, said that the update from Oracle leaves unfixed several critical security flaws.
We don't dare to tell users that it's safe to enable Java again," said Gowdiak, a researcher with Poland's Security Explorations.
An Oracle spokeswoman declined to comment on Gowdiak's analysis..."

http://news.yahoo.com/oracle-updates-java-security-expert-says-still-bugs-230136705--sector.html

security expert says it still has bugs:


Almost every piece of software on the planet has at least one bug. Zero-defect commercial/industrial software is a myth. The only markets that come close to producing defect-free software are weapons and medical systems.

Almost every piece of software on the planet has at least one bug. Zero-defect commercial/industrial software is a myth. The only markets that come close to producing defect-free software are weapons and medical systems.

Yup. Like I said, I bet every version of Windows has much worse security flaws.

Yup. Like I said, I bet every version of Windows has much worse security flaws.

MS Windows IS a security flaw :lol:

MS Windows IS a security flaw :lol:

They should be held responsible for selling operating systems to hackers.

They should be held responsible for selling operating systems to hackers.

Nah, you can only be held responsible for selling viruses :rofl:

Interestingly, though, you CAN bring a suit against MS for it: http://ephemerallaw.blogspot.com/2010/01/will-microsoft-be-sued-for.html

The few that have were dismissed by the court, or MS was found to have no liability. They should push for a "Protection of Legal Software Commerce Act", that makes all civil suits against a software company automatically null and void, without being heard.

There's bugs and then there's BUGS:


Oracle learned of the exploit on Jan. 10 and pushed out a patch three days later, which "is a very quick turnaround time to release a fix," Gavin O'Gorman, senior threat intelligence analyst at Symantec Security Response (http://www.symantec.com/security_response/), remarked.
"Oracle did what any software company would do under high pressure: the minimum necessary to solve the problem," Sorin Mustaca, data security expert at Avira (http://www.avira.com/en/index), told TechNewsWorld.



and


While the patch offers an immediate fix for Oracle's Java vulnerability, "developing critical software under pressure has only one consequence -- even more bugs," Mustaca pointed out. "I expect to soon see even more bugs and vulnerabilities related to this quick fix."
A solid fix "should mitigate all possible attack vectors so that, in the long term, they make the [Java] platform secure by design, default and deployment," Mustaca continued.
Oracle should rethink its software development strategy for Java because the language "was acquired, and was developed by many people over many years, meaning the code has become close to impossible to maintain," Mustaca suggested.

Java Fix Fizzles - LINK (http://www.technewsworld.com/story/77079.html)

Well today, I told everyone on FB to disable their java on their browser with a link to instructions how.
NOBODY disagreed with me!

Yup. Like I said, I bet every version of Windows has much worse security flaws.

Linux has its fair share of security flaws as well. Plus, it's based on an antique monolithic design.

As far as operating system security goes, NTOS is a superior to Linux in that discretionary access control was part of the design from day one. NTOS blends the features of VMS with the best features of Unix. What's killing Microsoft's offering is the Client/Server Runtime Subsystem (CSRSS) that runs on top of NTOS. CSRSS forms the core of the Windows Subsystem (Windows is actually a subsystem that runs on top of an operating system). CSRSS was designed to operate on LANs, not WANs. Many of the CSRSS inter-process communication (IPC) mechanisms that allow applications to interoperate seamlessly have become threat vectors. However, that same set of IPC mechanisms has resulted in the richest collection of interoperable applications in the history of mankind.