Current Weather
The Spy FM

Java Security Flaw Is Repaired; Experts Still Recommend Disabling It

Filed by KOSU News in US News.
January 14, 2013

Days after the Department of Homeland Security said computer users should remove the latest versions of its Java software, Oracle Corp. says it has fixed the flaw, in a new update released Monday. As we reported Friday, hacking groups included the Java 7 vulnerability in new “exploit kits” this year.

Oracle provides instructions for updating to Java 7, update 11 on its website, saying the update raises the default security level for Java applets from Medium to High — which means that “the user is always warned before any unsigned application is run to prevent silent exploitation,” the company says in its release notes.

But the experts who highlighted the Java 7 flaw say that even though it’s fixed, users should beware, as other security problems could arise in the software.

“Unless it is absolutely necessary to run Java in web browsers, disable it… even after updating,” recommends Carnegie Mellon University’s CERT computer security site.

News of the Java 7 flaw, which can allow hackers to take over a computer, worried many of the millions of people whose computers use the software. It also set off confusion, and calls for Oracle to “rewrite Java from scratch,” as PC World reports.

Even as the U.S. Computer Emergency Readiness Team recommended updating Java 7 to combat the flaw, the agency also said Monday that “new Java vulnerabilities are likely to be discovered” — and people should still consider disabling Java in their browsers. Some experts say you should simply remove it entirely — or perhaps keep Java on only one browser, for use on specific sites.

Here’s a quick reference of options, from disabling to uninstalling, and other factors:

Disable Java In Browsers

Oracle has full instructions for those with Java 7 on PCs, Macs, or Linux.

Disable Java in Firefox – instructions from Mozilla recommend clicking on the Firefox button (or “Tools” in Windows XP) and selecting “Add-ons.” Click on “Plugins” and then Java (TM). Select “disable” (or un-click “enable”).

Disable Java in Chrome – Type or paste chrome://plugins/ into your browser’s window. Scroll to Java (TM), and click “Disable.” Be sure to disable all versions.

Disable Java in Safari – instructions at Apple. Select Preferences, and then the Security tab. Un-click the checkbox labeled “Enable Java.”

Disable Java in Internet Explorer – instructions at Microsoft’s site. Java 7.10 and 7.11 (the newest versions) allow users the easiest path to turning Java off. But fully disabling Java on Explorer can be complicated, leading many experts to recommend removing the program entirely.

Uninstall Java Completely

Many people say they can disable or delete Java completely, and not miss it. One of them is security expert Brian Krebs, who Monday praised Oracle for acting quickly — but still recommended uninstalling Java.

Oracle has instructions for doing that on computers that run Windows XP, Vista, or Windows 7. On a separate page, it addresses uninstalling Java on a Mac — specifically, taking Java 7 off of a machine running OS X.

if you’re unsure of whether your computer is running Java, Oracle has a page specifically meant to “test whether Java is working.” Another website, Javatester.org, can help you figure out which versions of Java you have.

What About Older Versions Of Java?

Oracle says you should uninstall older versions of Java, as keeping old versions “presents a serious security risk.” Because of the way updates were once handled, you might have several out-of-date versions of Java on your machine.

Oracle has a webpage with instructions on uninstalling old versions.

That might present a problem to some folks, especially if they sometimes use business software that requires an older version. This situation most often leads people to keep one browser specifically for Java.

Java vs. Javascript: The Java 7 security flaw does not affect JavaScript. While they’re both programming languages, they’re not as closely related as their names imply.

Java, developed by Sun Microsystems, is far more complex and independent — and thus poses more risk if hackers find a way to misuse it. By contrast, JavaScript, developed by Netscape, is used mostly within HTML to make web pages more interactive. [Copyright 2013 National Public Radio]

Leave a Reply

5AM to 9AM Morning Edition

Morning Edition

For more than two decades, NPR's Morning Edition has prepared listeners for the day ahead with two hours of up-to-the-minute news, background analysis, commentary, and coverage of arts and sports.

Listen Live Now!

9AM to 10AM The Takeaway

The Takeaway

A fresh alternative in morning news, "The Takeaway" provides a breadth and depth of world, national and regional news coverage that is unprecedented in public media.

View the program guide!

10AM to 11PM On Point

On Point

On Point unites distinct and provocative voices with passionate discussion as it confronts the stories that are at the center of what is important in the world today. Leaving no perspective unchallenged, On Point digs past the surface and into the core of a subject, exposing each of its real world implications.

View the program guide!

Upcoming Events in your area (Submit your event today!)

Streaming audio and podcasts

Stream KOSU on your smartphone

Phone Streaming

SmartPhone listening options on this page are intended for many iPhones, Blackberries, etc. with low-cost software applications available to listen to our full-time web streams, both News on KOSU-1 and Classical on KOSU-2.

Learn more about our complete range of streaming services

We're perfecting the patient experience - Stillwater Medical Center