Showcase Your Business as a Thought Leader » Publish Your Blog, Videos and Events on ALL EC » Save 25% Now
Welcome Guest | Sign In

Taking the Java Bull by the Horns

By Patrick Nelson
Jan 31, 2013 5:00 AM PT

The United States Department of Homeland Security Computer Emergency Readiness Team has recently been advising computer users to update or switch off Java in browsers.

Taking the Java Bull by the Horns

Oracle's Java is a programming language that's used in browser plug-ins. It's used by vendors to make applications function across operating systems. A vendor can develop one piece of code and distribute it knowing that it will work on most platforms.

Applications that use it include those that let you work on your office computer at home. Java is not Javascript -- that's a Web programming language.

What's the Problem?

Hackers have been able to exploit vulnerabilities in versions of Java. Those exploits have allowed hackers to perform criminal activities using the exploited machine.

If a computer user with a vulnerable Java install visits a malicious website, the website can execute an applet that can deliver malware to that computer. The malware can include ransomware that blocks computers from being used.

What Are the Solutions?

You can apply patches supplied by Oracle, or you can disable Java entirely. Applying patches supplied by Oracle may fix known vulnerabilities, but it may not affect future vulnerabilities. Although disabling Java will remove current and future threats, it could severely curtail Web activities that require Java.

Updating Java is accomplished best through Windows' default Internet Explorer. Once you've updated that, you can move on to other browsers.

Secure Internet Explorer

As of Jan. 22, 2013, the current version of Java is Version 7, Update 11. The latest version includes fixes for issues raised by DHS as well as other issues. It also sets security settings to "High."

Step 1: Visit to determine if Java is installed, and if so, which version. The resulting Web page will display the version.

Step 2: Remove all old versions of Java by accessing the Windows Control Panel and using the Uninstall button within Programs and Features. Allow the uninstall to complete by following the prompts, including prompts to close browser windows as requested.

Step 3: Download the latest Java software at by clicking on the "Free Java Software" button. Follow the prompts and restart the computer.

Step 4: Open and then restart Internet Explorer. Then paste the verification link from Step 1, and click on the "Verify Java Version" button within IE. Click on the "Allow" button when prompted to allow the Oracle America, Inc. add-on.

Step 5: Observe the browser indicating the verified Version 7, Update 11 or higher update. At this point you have the latest version, with security enhancements.

Update Firefox Settings

The latest version of Mozilla's Firefox browser has purposefully stopped the Java plug-in from running automatically. Java will run when you acknowledge that you trust the website. Here's how to use this method of protection.

Step 1: Update Firefox Tools. Click on the Tools menu item from within Firefox and select Options. Click on the Update tab and verify that one of the two uppermost radio buttons are checked. Select "Automatically Install Updates" or "Check for updates but let me choose when to install them."

Step 2: Update Firefox. Click on the Help menu item from within Firefox and select About Firefox. Then click on the Check for Updates button. If updates are available, the browser will be updated along with the new Java blocking features.

Step 3: Browse the Java-coded Web page with Firefox as you would normally do, and when you see a "Click here to activate" message, click on it to load the Java applet if you trust the page you are visiting.

Tip: Click on the red plug-in icon that looks like a Lego block on the address bar if you want to automatically authorize java for the trusted website you are visiting.

Switching Off Java Altogether

You may decide that it's prudent to switch off Java altogether. New Java vulnerabilities are likely to be discovered, according to DHS's Computer Emergency Readiness Team.

Step 1: Type "Java" in the Windows Control Panel, and click on the Java icon that will appear.

Step 2: Uncheck "Enable Java Content in the browser" from the Security tab, and then choose Apply and OK. Agree to any Windows-originating run prompts.

Java will be disabled cross-browser.

Patrick Nelson has been a professional writer since 1992. He was editor and publisher of the music industry trade publication Producer Report and has written for a number of technology blogs. Nelson studied design at Hornsey Art School and wrote the cult-classic novel Sprawlism. His introduction to technology was as a nomadic talent scout in the eighties, where regular scrabbling around under hotel room beds was necessary to connect modems with alligator clips to hotel telephone wiring to get a fax out. He tasted down and dirty technology, and never looked back.

Salesforce Commerce Solution Guide
What is the state of the Linux desktop?
It's edging its way into the mainstream.
It's wildly popular -- but only with open source fans.
It's in trouble due to fragmentation.
It never had a shot in a Windows-dominated PC world.
It's too cumbersome for most computer users to bother.
I'm not familiar with the Linux desktop.
Salesforce Commerce Solution Guide
Salesforce Commerce Solution Guide