Lt Belenko Posted January 14, 2013 Share Posted January 14, 2013 Javae 7 and down have a security risk. It's recommended you block/disable it. Google it. Edit - update released within the hour. 0 Quote Link to comment Share on other sites More sharing options...
Guest Posted January 15, 2013 Share Posted January 15, 2013 Unless you absolutely need it, block / disable Java across the board, would be my recommendation. Java IS a security risk, make no mistake. That goes double for OSX, where Java is probably the best / most common attack vector. 0 Quote Link to comment Share on other sites More sharing options...
Redwolf Posted January 15, 2013 Share Posted January 15, 2013 Edit - update released within the hour. Well let's not forget that this week's very exploitable security flaw is the result of them ****ing up a security fix back in October 2012. So how do we know this week's fix is any better? 0 Quote Link to comment Share on other sites More sharing options...
dieseltaylor Posted January 24, 2013 Share Posted January 24, 2013 From Windows Secrets a more thorough look at the problem and more evidence why IE sucks mightily. In a perfect world, it's best to turn off Java in IE and Firefox but leave it enabled in Chrome, which is smart enough (and polite enough) to explicitly ask you for permission to run a Java program whenever it encounters one (see Figure 2). Figure 2. By default, Chrome always asks before running a Java app. But as I said, turning Java off in IE is difficult — so difficult, it isn't worth the effort. Here are the steps for disabling Java in Chrome and Firefox — and, if you're feeling lucky, IE. Chrome: In the browser's address bar, type chrome://plugins and hit Enter. Scroll down to the entry Java (2 files) – Version: 10.7.2.11 (or 10.7.2.21), and click the Disable link. Restart Chrome and you're done. Firefox: By default, Firefox disables outdated Java plugins. If you have an old version, it might not show up on the Firefox Plugins list. To check, click the Check to see if your plugins are up to date link at the top of the Plugins list.To disable Java, click Firefox's Tools menu option and select Add-Ons. Select the Plugins tab ("plugins" and "add-ons" are used somewhat interchangeably) on the left, and scroll down to Java Platform SE 7 U11. Select it and click Disable. Repeat for any add-ons you see that refer to Java, then restart Firefox. Easy. Internet Explorer: I've looked all over the Net and talked to several of my security-enhanced friends, and I've not found a better way than the one documented by (gulp!) the Department of Homeland Security/Carnegie Mellon's CERT site. With the CERT approach, you download and run a Registry-altering file that zaps almost 800 possible Java entry points in Internet Explorer. You then delete two files which you have to find manually. It's ugly. More to the point, nobody's absolutely certain that the CERT approach (or Microsoft's method, given in KB 2751647) will protect IE from future attacks. So running through this process is not only difficult; it might be insufficient. So now you know why I recommend that you disable Java for all your browsers and take your lumps. I have no idea why Microsoft made it so hard to disable Java in IE, particularly when it's such a simple process in Firefox and Chrome. I find disabling IE works well : ) 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.