The Java security solution

by
Play

I’ve been getting email questions from clients about the recent security problems with Java.  I am going to use today’s blog post and podcast to set the record straight so you can make sure your computer is safe.

Java

What is Java?  Simply put, Java is a computer programming language.  One of its advantages is that it can be used to create applications that are “cross-platform” – that just means that the programmer can create the application once, and know that it will work on a PC computer or a Mac computer, or even Linux.



Java can be used in a couple of ways:

1. In an application, such as a game.  There is a popular game called Minecraft that requires you to install Java on your computer in order to play the game.

2. As a plug-in for your web browser.  For example, if you use GoToWebinar to attend an online webinar presentation, it requires that you have Java enabled on your browser as an add-on.  If your browser (Internet Explorer, Firefox, Chrome, Safari, etc) does not have Java enabled, you won’t be able to see the webinar content.

What is the security problem with Java?
Recently, there have been several security issues discovered with Java.  Two things to note about that: First, these are major security flaws.  Like the kind that will allow malicious software to infect your computer just by you visiting an infected website.  Second, Oracle (the company that created Java) is very slow to patch up these security problems.  So the bad guys have more time to exploit the issue and infect more computers.

How do you avoid or eliminate having a Java-related problem?
The safest solution is to just not have it installed on your computer (I’ll tell you in a minute how to get rid of it).  In other words, if you don’t use any websites that require Java, and you don’t use any actual programs that require it, take it off your computer and don’t worry about it any more.

That brings us to this question – what about the people that DO require Java in their web browser?  For example, online webinars as mentioned earlier.  There are also many banks in Europe that use Java as part of their online banking programming.  I also have a client that regularly plays games online at Pogo.com, which is one of the few websites that still use Java to present their content.

If you are one of those users that does still need to use a web browser that has Java enabled, simply choose to have it enabled on just one browser – and only use that browser for that purpose.

For example – if Firefox is your default web browser, disable Java so that it won’t work with Firefox.  But for that one website that you need to use, that requires Java, use a different browser such as Google Chrome.  Have Java enabled on Chrome, and ONLY use Chrome for that one website, that single purpose.  Or vice-versa – use Chrome for everything, and only have Java installed on Firefox for that one site.

How to disable Java in your web browser
It’s fairly easy actually.  You need to do this for each web browser you have installed on your computer (unless you are going to keep it on just one of them, as mentioned in the example above).

To disable Java in Internet Explorer:
Click Tools – Manage Add-ons – look in the “Toolbars and Extensions” category and disable anything Java

To disable Java in Firefox:
Click Tools – Add-ons – look in the Plugins category and disable anything Java

To disable Java in Google Chrome:
In the address bar, type:  about:plugins and hit Enter on the keyboard – look for Java in the list, and click on the “Disable” link

Practically speaking, you should be fine just by disabling Java in your browser(s).  However, if you want to be sure it’s gone, go to Control Panel, find it in the list of programs, and uninstall it from there.  You may need to restart the computer after that.

A couple other things to note:

– Java and Javascript are two different things.  Java is the problem child.  Javascript can stay.

– Oracle, the company that created and maintains the security for Java, is developing a rather unsavory reputation.  First of all, because they are not showing all that much concern for fixing the serious security issues with Java.  Patches come out when they come out, and that’s the way it is.  But the other thing is that when they do come out with the security updates, the installation comes with other crappy stuff piggybacking on them.  Junk like the Ask toolbar, or some security scanner for your browser.  You have to UNcheck a box to opt out of these things or they get installed automatically.  As you probably know, they make money every time someone inadvertently doesn’t pay attention and one of those annoying things gets installed.  There is no excuse for sneaking in that kind of stuff with these updates.

And what is even worse – they have the crapware installation set for a 10-minute delay.  So if you see the notice at the end that says “Java is updated, and the Ask toolbar has been installed”, then go to Control Panel to immediately UNinstall it, it won’t be there.  So you go on about your business assuming it did NOT get installed, but then it really does sneak in 10 minutes later.  It seems like Oracle is trying very hard to be a company that everyone hates, and deliberately deceitful practices such as this will certainly achieve that for them.

If you need help with Java, get in touch with me and I can get it configured properly through my Remote Support service.

 

Share this post