Tuesday, January 22, 2013

Java: a sucking chest wound of security fail

Even though there's a new patch out, the consensus in the security community is that the patch isn't very good.  Since exploits are presumed to be coming Real Soon Now, the advice is that you should turn it off in your browser.

How to disable Java in Firefox

How to disable Java in Chrome

I've done both of these, and you should too.  Unfortunately, disabling Java in Internet Explorer is really convoluted and error prone.  I've chosen to leave it enabled, but I only use IE to connect to internet company web sites or equipment that uses Java for the interface.  Since neither of these serve up ads (a delivery channel much beloved by the Bad Guys), I believe that the risk is low.


Greg said...

I have disabled Java in Chrome, but I have to have it enabled in Firefox as it is required for a website I use for work. That is the only site I open in Firefox though so hopefully I'm okay.

Broken Andy said...

I'm actually amazed with how many sites still require it.

Uno Mas (SASS #80082) said...

The latest Java update allows you to disable Java everywhere on your PC. Go to the Windows Control Panel - Software.

Just say "Hell No!" to Java.

Anonymous said...

Yet another reason not to use Internet Exploder.

Anonymous said...

Yet another reason not to use Internet Exploder.

drjim said...

I use AdBlock Plus with Firefox, and since it stops the ads from loading, it should mitigate some or all of the threat.