Posts Tagged ‘java security hole’

If you have Java running on your computer, you may have noticed that Oracle–maker of Java–has recently put out a security update for Java. This is a good thing and Oracle got the update out earlier than they had anticpated.

However, what you may not have noticed when you installed the update, is that they include what Ed Botts calls “foistware.” This is because Java includes the Browser Add-on from Ask.com when you update Java unless you specifically UNCHECK the box that gives your permission to install it. If you’re not paying attention, you can accidentally install this lousy toolbar. I’m not a big fan of toolbars anyway, and this one is really bad. You can try it out [don’t click on any sites unless you are absolutely sure you know the site] by going to http://www.ask.com/ and searching for something. You will see a lot of ads–a lot of dubious ads.

For more information, read Ed Botts’ column, http://www.zdnet.com/a-close-look-at-how-oracle-installs-deceptive-software-with-java-updates-7000010038/.

The important thing: uninstall the Ask.com toolbar if you installed it.

Oracle, maker of Java, does not have a good track record for fixing holes in Java. A new Java security hole that apparently targets Java 7 (however, some researchers think it also apparently targetsĀ  some versions of Java 6) was discovered recently. What options do you have for fixing the problem?

  1. The safest thing to do is to uninstall Java from your computer. If that’s too extreme, then uninstall Java plugins. KrebsOnSecurity has an article listing how to disable Java in Firefox, Internet Explorer, and Google Chrome, which you can access here https://krebsonsecurity.com/how-to-unplug-java-from-the-browser/
  2. If you need to use Java for some sites, then the safest thing to do is to use two browsers and disable the Java plugin for the browser you use most often. For example, disable Java in Firefox and use Internet Explorer for the sites that absolutely must use Java. If you decide on this solution, make sure you keep Java up to date.
  3. Another viable option is to use Firefox with the NoScript plugin, available at http://noscript.net/getit. NoScript allows you to choose when to allow JavaScript to run. NoScript can also block Flash Player, which is another problematic plugin.
  4. If you have a PC, make sure you run Secunia’s Personal Software Inspector available hereĀ http://secunia.com/products/consumer/psi/ at least weekly to keep up with any updates available for all of your programs.

This vulnerability affects Macs as well as PCs. Only visiting “safe” sites will not help you avoid this issue.

Oracle released an update to fix this issue last night.

Don’t wait! Save your computer, save your information.