For the last year or so, Java seems to have spawned a never-ending flow of security bugs, partly because of the software environment's invisibility to end users and partly because of the system access it allows.
In January alone, two different Java vulnerabilities were attacked by widespread browser exploit kits. At least one of those Java flaws led to the recently disclosed network penetrations of Apple, Facebook and Microsoft, and may have also been involved in the compromise of 250,000 Twitter accounts.
Because of these dangers, many security experts recommend that users disable Java browser plug-ins, or even to take the more drastic step of uninstalling the underlying Java Runtime Environment (JRE) entirely.
Those recommendations may make sense for many, but they are not blanket solutions for all users with Java installed on their machines.
Caffeinated World
The problem is that Java, in one form or another, is still used for a lot of things that people want and need to do. It might be an essential element of running programs that you never considered.
If, for example, you are one of the millions of people who enjoy playing Minecraft or RuneScape, you'll need Java installed on your machine. If you play "World of Warcraft," getting rid of Java might leave you without the use of the game's launcher.
If you're a creative professional, Adobe's Creative Suite, which includes applications such as Photoshop, Illustrator and Premiere, relies on Java to exchange information among applications. If you're a user of free office software like OpenOffice and LibreOffice, both programs use Java.
None of those applications normally access websites, so leaving Java installed on your computer while disabling it in your Web browsers will let you use those pieces of software while minimizing your exposure to malware.
Unfortunately, that isn't possible with many web-facing business applications that absolutely require that Java plug-ins be active in a browser, such as web-conferencing software like Citrix's GoToMeeting or Cisco's WebEx.
Let's Be Careful Out There
For some people, turning off Java in the browser is simply not a realistic option. So what can you do to mitigate your risks when using Java on the Web?
The first thing is to follow information-security best practices, which will make it harder for malicious code to infect and damage your system.
"Use anti-virus, anti-malware software and a firewall," said Ross Barrett, senior manager of security engineering at Boston-based Rapid7. "Browse with a user account that does not have administrator privileges.”
There are also some basic Java security precautions that you can take to make sure that you are limiting your risks.
"Java users should stay up to date with patches and software revisions. When an update comes out, apply it immediately. This drastically lowers your surface of exposure and ensures that you have the latest built-in protections," Barrett said.
"Turn up [Java's] security settings," he added. "This will mean that you'll get frequent warning messages and alerts while you browse — don't ignore them."
Twice the Fun
End users may want to try a "double browser" strategy.
“If you do rely on websites that require Java, consider installing a second browser and turning Java on in that browser only," said Richard Wang, senior security manager at the British anti-virus firm Sophos. "Use it for your Java-based websites only, and stick to your Java-disabled main browser for everything else."
For businesses, people who work at home or anyone with an abundance of sensitive data to protect, a beefier version of this strategy can keep Java security problems from becoming system-wide issues.
“You should make a list of all the tools you use on a regular basis and that require Java. Then, run these tools in a virtual machine or other isolated environment," said Tim Erlin, director of IT security and risk strategy for San Francisco's nCircle, referring to software-based computer emulators that essentially "live" inside other computers.
"If you find that you need Java for many of your routine tasks," Erlin said, "it might be time to consider evaluating alternate tools that don't require Java."
Will these strategies be a silver bullet that will protect you from all of the security problems that have been plaguing Java on the Web? No, but in IT security there are no guarantees. You can only mitigate your risks and take reasonable precautions.
After all, Java is not the only browser plug-in that can be exploited to install malicious code. If you uninstalled or disabled every possible risk, then the Web would lose the majority of its functionality.
Practical security is about playing the odds and getting the best possible protection without putting everything on lockdown.
Mashable composite image
- Shorty Awards Honor Best of Social Media
- MakerBot 3D Scanner is Like Xerox Machine for Objects
- MIT Makes Efficient Cheetah Robot
- Who Invented the Internet?
This article originally published at TechNewsDaily here
===========Plugins
This Time-Saving Plugin Distills Webpages Into Concise Summaries
9 hours agoOn any given day, you'll likely scroll through dozens of webpages, and experience information overload. In the Internet age, it's a term that most people are all too familiar with, as daily emails, articles and websites bombard our screens. One deskt...
How to Safely Keep Java in Your Web Browser
Feb 26, 2013For the last year or so, Java seems to have spawned a never-ending flow of security bugs, partly because of the software environment's invisibility to end users and partly because of the system access it allows. In January alone, two different Java v...
1 Billion Computers Vulnerable to Java Security Exploit
Sep 26, 2012If you own a computer, chances are this news affects you. According to an influential computer security developer, more than 1 billion computers with the Internet plugin Java are vulnerable to a security hole that would allow shifty-eyed hackers the ...
Have Fun Destroying Web Pages with Font Bomb
Aug 05, 2012The next time an annoying commentator leaves a poorly-worded response on your blog, or tweets something offensive at you, don't get mad. Just use Font Bomb. Developer Philippe-Antoine Lehoux created the browser plug-in, which uses a combination of HT...
Facebook Expands Sorting Options on Comments Box Plugin
Jun 30, 2011Facebook has announced two new features for its Comments Box plugin, which lets third party websites embed Facebook comments: Chronological Sort, and Boost Comment. Comments can now be sorted in three ways: besides the reverse chronological sort opti...
Chinese Artist Ai Weiwei Released
Jun 22, 2011Ai Weiwei, a Chinese artist and activist, has been set free on bail after pleading guilty to charges of tax evasion, Ai was arrested April 3 for evading "huge amounts" of taxes, according to Chinese state media. However, many were not satisfied by th...
Facebook Releases Robust Updates to Its Comments Plugin
Mar 01, 2011Facebook released its updated Comments plugin today, which includes a robust set of new features. The social networking site also announced a set of publisher partners that will now integrate the plugin as their commenting platform of choice. The rob...
New Firefox Add-On Detects Firesheep, Protects You on Open Networks
Nov 08, 2010If you're concerned about using open Wi-Fi networks because of Firesheep, the highly popular new hacking tool, you should check out BlackSheep, a Firefox add-on that makes surfing on open networks safe once again. Firesheep came onto the scene not to...
11 Ways to Speed Up WordPress
Jul 19, 2010Cyrus Patten is the editor of Pingable.org, a blog about everything WordPress. He specializes in the role of technology in community organizing. WordPress is inherently fast, and that's why so many professional bloggers call it their choice platform....
10 Firefox Add-ons to Beautify Your Browser
Feb 28, 2010You've clearly made an educated decision in choosing the Firefox browser, so why not make further decisions about how it looks? As you may know, Firefox can give you a totally personalized browser experience, with plenty of options to customize its l...
20 of the Best SEO Plugins for WordPress
Mar 20, 2009With more than 120 million blogs in existence, how do people find YOUR content on the Internet? The key starts with great search engine optimization (SEO), which is an art and a science that helps search engines discover your content and understand h...
What's Your Favorite Blog Plugin?
Nov 05, 2008This article is part of the Open Web Awards, an open, international contest for the best websites and services. At its core, blogging software is pretty basic. A blank text box that automatically posts content to a web page, maybe with a few bells an...
25 Resources for Learning How to Customize Your Browser
Oct 09, 2008No matter which browser you prefer, there's a plethora of ways to customize the way you surf the Web. There are countless plugins, extensions, toolbars and more. Some of these are easy to install while others require a little more effort. We've put t...
StumbleUpon - Now Without a Browser Plugin
Sep 30, 2008StumbleUpon is a pretty unique site as far as social browsing sites go; no site with a similar concept (i.e. one click 'random' surfing through sites recommended by the community) has reached anywhere near its level of popularity. However, unlike - f...
SocialBrowse Opens its Doors to the Public
Sep 25, 2008After three months in private beta, SocialBrowse has formally launched their public beta along with some new features. It appears they made a concerted effort to listen to their beta testers and actually implemented many of the most requested feature...
PicLens 1.7 Released: Now With ESPN, Movie Trailers, and Amazon Shopping
Jun 15, 2008Visual browsing of webpages and media is an incre
No comments:
Post a Comment