Saturday, September 1, 2012

Naked Security

How to turn off Java on your browser - and why you should do it now

by Graham Cluley, nakedsecurity.sophos.com
November 30th -0001

Do you still have Java turned on in your web browser?

If your answer is "Yes" or "I'm not sure" then it's time to take action.

Right now, cybercriminals are aware and exploiting serious security flaws in Java that could lead to your computer becoming infected by malware.

And the worst news is that Oracle (who has known about the zero-day vulnerabilities since April) doesn't plan to issue a patch for the problem until October.

There will be many pointing fingers at Oracle and arguing that it has not taken the security flaws seriously, but the accusations that are bound to fly aren't actually going to help the millions and millions of vulnerable devices out there.

Those devices need a patch from Oracle - but as it may not be available for some time, the best advice I can give you is to disable Java.

Naked Security's Chet Wisniewski has put together simple instructions for users of the most popular browsers, explaining how Java can be disabled:

So, what are you waiting for?

Isn't this just a storm in a teacoffee cup?

No, it isn't.

Time and time again we're seeing examples of cybercriminals exploiting flaws in Java to infect innocent users' computers.

For instance, earlier this year we saw more than 600,000 Macs infected by the Flashback malware because of a Java security flaw.

In fact, it has become increasingly common to see malware authors exploiting vulnerabilities in Java - as it is so commonly installed, and has been frequently found to be lacking when it comes to security.

Cybercriminals also love Java because it is multi-platform - capable of running on computers regardless of whether they are running Windows, Mac OS X or Linux. As a result it's not unusual for us to see malicious hackers use Java as an integral part of their attack before serving up an OS-specific payload.

As the following video demonstrates, the bad guys have even created multi-platform Java malware which can hit your computer whether you are running Windows, Mac OS X or Linux.

Seriously though, stop reading this article now and check if you have disabled Java or not. Chances are that if you don't think that you need Java, you don't need it.

Even if you absolutely must use websites that require you to have Java installed, why not disable it in your main browser and have an alternative browser just for visiting that website?

What you need to do now is reduce the opportunities for attack. For most people that means disabling Java - and doing it now.

Follow @gcluley

No coffee image from Shutterstock.

Original Page: http://nakedsecurity.sophos.com/2012/08/30/how-turn-off-java-browser/

Shared from Read It Later

 אל

No comments:

Post a Comment