The United States Department of Homeland Security Computer Emergency ReadinessTeam has recently been advising computer users to update or switch off Java in browsers.
Oracle’s Java is a programming language that’s used in browser plug-ins. It’s used byvendors to make applications function across operating systems. A vendor can developone piece of code and distribute it knowing that it will work on most platforms.
What’s the Problem?
Hackers have been able to exploit vulnerabilities in versions of Java. Those exploits haveallowed hackers to perform criminal activities using the exploited machine.
If a computer user with a vulnerable Java install visits a maliciouswebsite, the website can execute an applet that can deliver malware to that computer. Themalware can include ransomware that blocks computers from being used.
What Are the Solutions?
You can apply patches supplied by Oracle, or you can disable Java entirely. Applying patches supplied by Oracle may fix known vulnerabilities, but it may not affect future vulnerabilities. Although disabling Java will remove current and future threats, it could severely curtail Web activities that require Java.
Updating Java is accomplished best through Windows’ default Internet Explorer. Once you’ve updated that, you can move on to other browsers.
Secure Internet Explorer
As of Jan. 22, 2013, the current version of Java is Version 7, Update 11. The latest versionincludes fixes for issues raised by DHS as well as other issues. It also sets security settings to”High.”
Step 1: Visit http://www.java.com/en/download/installed.jsp to determine if Java is installed, and if so, which version. The resulting Web page will display the version.
Step 2: Remove all old versions of Java by accessing the Windows Control Panel and using the Uninstall button within Programs and Features. Allow the uninstall to complete by following the prompts, including prompts to close browser windows as requested.
Step 3: Download the latest Java software at http://www.java.com/en/download/by clicking on the “Free Java Software” button. Follow the prompts and restart thecomputer.
Step 4: Open and then restart Internet Explorer. Then paste the verification link from Step1, and click on the “Verify Java Version” button within IE. Click on the “Allow” button when prompted to allow the Oracle America, Inc. add-on.
Step 5: Observe the browser indicating the verified Version 7, Update 11 or higher update. At this point you have the latest version, with security enhancements.
Update Firefox Settings
The latest version of Mozilla’s Firefox browser has purposefully stopped the Java plug-infrom running automatically. Java will run when you acknowledge that you trust the website. Here’s how to use this method of protection.
Step 1: Update Firefox Tools. Click on the Tools menu item from within Firefox andselect Options. Click on the Update tab and verify that one of the two uppermost radiobuttons are checked. Select “Automatically Install Updates” or “Check for updates but letme choose when to install them.”
Step 2: Update Firefox. Click on the Help menu item from within Firefox and selectAbout Firefox. Then click on the Check for Updates button. If updates are available, thebrowser will be updated along with the new Java blocking features.
Step 3: Browse the Java-coded Web page with Firefox as you would normally do, andwhen you see a “Click here to activate” message, click on it to load the Java applet if youtrust the page you are visiting.
Tip: Click on the red plug-in icon that looks like a Lego block on the address bar if youwant to automatically authorize java for the trusted website you are visiting.
Switching Off Java Altogether
You may decide that it’s prudent to switch off Java altogether. New Java vulnerabilitiesare likely to be discovered, according to DHS’s Computer Emergency Readiness Team.
Step 1: Type “Java” in the Windows Control Panel, and click on the Java icon that willappear.
Step 2: Uncheck “Enable Java Content in the browser” from the Security tab, and thenchoose Apply and OK. Agree to any Windows-originating run prompts.
Java will be disabled cross-browser.