Listening to National Public Radio this evening I learned that a computer program which is very common on the internet, and which has served consumers excellently for a long time, has security problems that will not be easily remedied. I’m speaking of Java. Continuing to use Java may result in your being hacked and having someone gain access to personal information which could lead to identity theft. See: http://www.firstpost.com/tech/disable-java-plugin-security-flaw-puts-your-computer-at-risk-584523.html
I’m writing to recommend that you uninstall Open Office from your computer, because that marvelous free office suite runs on Java.
I have not only uninstalled Open Office from my computer, but have removed Java also. I may need to reinstall it if I get to a website that requires it. (Some government sites do, for instance.) But I think I’ll just wait to see whether I need it, and if I do, I can reinstall it. In the meantime, I’ll be safer not having it on my computer.
To uninstall Java on a Windows computer, go to the Start menu and select Control Panel. Then select Programs–uninstall a program. Look for Java in the list of programs and highlight it. Then click on the uninstall link at the top of that page. Then restart your computer.
In addition to this important security step, don’t forget to make sure your computer has the necessary system software updates. Security updates come out fairly frequently. To see whether you need updates, go to your Start menu, then click on Windows Update. That will start a script that will tell you which updates you should install, if any. It’s best to install the recommended ones.
Mac owners can Google how to update your Mac system software and how to uninstall Java. I don’t own a Mac, so you’re on your own in these matters.
Thanks for this reminder. It led me to wonder whether JavaScript (JS) also harbors or is affected by these security problems. It seems from a cursory glance at the WikiPedia article on JavaScript (JS), it is completely separate and distinct from Java and need not be disabled for security reasons. Do you share this understanding, or should we be concerned about JS too?
Thanks for the alert,
Tom. I’d like to second Tom’s warning that this is indeed a serious
threat, and it is better to be safe than sorry. You should act, and act now.Since the cat is out of the bag
about this vulnerability in Java, all the bad guys in the world know
about the vulnerability and will quickly try to exploit it now before
people protect themselves or Oracle issues a patch, so you shouldn’t
delay. After hearing the same story Tom did, and reading his warning, I dove into some research to educate myself, and after looking on about two dozen web sites, I found the following, which I believe all to be accurate
But since Java is used in many commercial software packages (such as
Adobe Creative Suite) it’s possible some of your software won’t work
properly or some features won’t be available if Java is disabled or
uninstalled, you may want to think hard and do some research on your
own before deciding you can do without Java completely. There is conflicting
information as to exactly which programs will put you at risk, and it
is Web browsers that are by far the biggest vulnerability, so you can
disable Java in each of your browsers (instruction below) and most
likely be pretty safe from the currently known hacks, but if you want to
be 100% certain you are safe, you can uninstall it. A few things
I would like to add add:
Java is
completely unrelated to Javascript. Only their
names are similar. Javascript is a completely different language
written by completely different people for completely different uses,
so there is no need whatsoever to disable or uninstall Javascript. It is Java that is a
worry.
Apple Macintosh users are not immune, Java is
cross-platform and runs independently of OS X. As a matter of fact, within the past year the flashback trojan was directed at a vulnerbility in Java on Macs, and as a result it was revealed that 600,000 Macintosh computers had become infected and were now part of a hacker botnet. That vulnerability was patched, but it makes an important point: just because you have a Mac, you are not safe from viruses, malware, trojans and hackers.
More information on
the threat and specific instructions on how to disable Java in each of
the most common Web browsers can be found at: http://www.f-secure.com/en/web/labs_global/disabling-java-plugins
(f-secure makes virus protection software) or http://nakedsecurity.sophos.com/2013/01/10/protect-yourself-against-latest-java-zero-day-vulnerability-now-maljavajar-b/
(Sophos makes free virus protection software).
If you decide to
disable rather than uninstall Java, you must do it in each browser
installed on your computer. For instance, Windows Explorer probably
came with your Windows system, but you may also have Firefox. Even if
you don’t use one very often or at all, still best to disable it in
each browser until it become clear how to be safe.
The site http://javatester.org/version.html
is designed to test which version of Java is installed in the Web
browser you are currently running, but it also will confirm that you
have successfully disabled Java in your browser. Since there is some
conflicting information as to which older versions might or might not
be vulnerable, until that is clear it is probably best to disable or
uninstall Java, and javatester is a double check that you did
successfully disable or uninstall Java.
FOR MAC USERS
Although the Macintosh operating system is generally not vulnerable to
most known threats, this is NOT true of the Java vulnerability, since
Java is a cross-platform envinment that runs independently of the
computer’s operating system. Therefore, Mac users need to educate
themselves and take action as well.
Here’s some more
information for Mac users: http://www.intego.com/mac-security-blog/java-vulnerability-affects-some-mac-users/
You can disable Java
on your Mac OS X machine by going to Applications/Utilities/Java
Preferences, and on the general preferences tab uncheck any
versions of Java listed there. Here is more information and
instructions: http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-disable-java-in-os-x/
For Mac users, there
is some conflicting information flying around about whether Java
version 6 is vulnerable or it is only version 7, so until that becomes
clear it is best to disable it in all of your browsers, in addition to
disabling it in Java Preferences, just in case for one reason or
another Java is turned back on before you know you are secure.
Good luck,
JB
Monday, January 14, 2012 update: Tom, I asked Mike, the former Pacem Webmaster and a longtime IT pro, to comment on the info you and I had sent via e-mail, and he had this to say:
Oracle reportedly will be issuing a more permanent patch soon. It appears keeping your software up to date should keep you out of trouble, but until Java is properly patched, disabling it in your browser(s) and using it only on sites you can trust and only when necessary is prudent.
A friend suggested I post the following information as a comment to my post about the security problems with Java:
This security problem with Java was somewhat serious because it was a zero-day vulnerability and attacks were already included in some popular hacker kits. but by the weekend apple had remotely disabled java 7 in OS X and the major browser vendors (except maybe Microsoft) had issued a security update that disables the java 7 plugin. and yesterday oracle issued a patch for java 7 that lowers the default security level for unsigned applets as a temporary fix. so at this point the best advice for users is to keep their software up to date.