Recently a new Java exploit that infects systems through the internet browser plugin has made systems across the globe vulnerable to infection. The exploit affects anyone running the 1.7 Java Runtime Environment or later. Earlier version 1.6 are safe, for now. You’re also safe using Java-based desktop applications that are not designed to browse the web. Currently only Windows computers are at risk, but it could easily migrate to Mac or Linux by the time Oracle releases a security patch.
According to theregister.co.uk the vulnerability infects systems when a web browser with a Java plugin enabled visits a webpage hosting the exploit. The attacking website will trick the browser into downloading nearly any type of 3rd party software in the background without notice. This includes viruses, malware, spyware, trojans, or other malicious packages. Under normal circumstances, Oracle only patches Java three times a year, and the next update is due October 16, 2012. So unless Oracle breaks its update habit and release an early fix, the only thing you can do to protect yourself in the meantime is disable Java on all of your web browsers. Here’s how:
How to Disable Java in the top 3 web browsers
Chrome
- Open Google Chrome and type chrome://plugins into the address bar.
- Scroll down the list and then click the Disable button.
Java should now be disabled in Chrome.
Firefox
- Open Firefox and click the Firefox button then select Add-ons.
- In the Add-ons Manager click the Plugins tab and then click Disable for the two Java items in the list.
Java in Firefox should now be disabled.
Internet Explorer
- Disable Windows UAC (unfortunately Oracle never solved compatibility issues…)
- Open the Control Panel, then the Java applet from the control panel. In order to see this window you may need to change the View to Large icons (button at the top-right)
- In the Java applet click the Advanced tab.
- Click the Microsoft Internet Explorer checkbox. It is grayed out by default, because Oracle devs are jerks. Just select it and push the spacebar to sneakily get around that.
- Click OK to save changes. Restart the computer and make sure Java is disabled.
- Re-enable UAC.
Keep in mind that Java and JavaScript are not the same thing. JavaScript is still secure, only Java needs to be disabled.
3 Comments
Leave a Reply
Leave a Reply
Bogdan Bele
Thanks for the tip! I did it, just in case.
I remember a friend telling me that Java is the first thing to get rid of, on any computer. :)
Jamr
None of the current Java version numbers (including your image) match what you are typing about at the top of this article.
Austin Krause
Hi Jamr,
The plugin versions will display a different build number than the current runtime environment installed on the computer. To check the current version on your computer follow up to Step 2 for the Internet Explorer instructions but then check the About button under the General Tab. It should look like this: http://i.imgur.com/fjzAe.png
Thanks for the question and welcome to groovy!