Pages

Wednesday, January 16, 2013

Time to disable Java



Time to disable Java
Posted on 15 January 2013 - 10:30pm
Oon Yeoh
IF YOU follow technology news, you'll notice internet security warnings appearing every now and then. In fact, such warnings appear so frequently that most people don't pay much attention to them. I have to admit, most of the time, I don't bother about them too because I have confidence in my anti-virus program.

However, the latest security warning caught my attention because it was actually issued by the US Department of Homeland Security. Normally, you'd expect the department to issue warnings about potential terrorist attacks not cyber-security issues.

But last week, the department's Computer Emergency Response Team warned that a flaw in Java 7 "can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system".

What this means is that hackers could secretly install malware on your computers. This could lead to identity theft and even allow your computer to be used to attack other websites. In short, it's bad news.

The department said it is "currently unaware of a practical solution to this problem". Such warnings are not to be treated lightly. I acted immediately and disabled Java for my browsers. And you should too.

For those who are not familiar with Java, it's a cross-platform language that was meant to allow programmers to write software that could theoretically run on almost any computer regardless of its operating system.

In short, it's supposed to be a "write once, run anywhere" programming language. That's what made it so popular with programmers at one time.

Being a Java programmer was the hot thing to be back in the day. These days though, Java is not that widely used anymore, largely because of vulnerability issues that have plagued it over the years. It's popular with hackers though because many people still have it installed on their browsers.

Last year, Java was the most frequently attacked software, according to Kaspersky Lab, a popular anti-virus software maker. Java was responsible for 50% of all cyber-attacks last year, Kaspersky said. (Adobe Reader came in a distant second, at 28%).

If you are not sure whether you have Java installed on your computer, the simplest way to find out is to go to www.java.com/en and click on the link: "Do I have Java?"

If you have Java 7 Update 10 (the latest version, which is vulnerable), the good news is that it is rather easy to disable. You don't have to be a tech wiz or a geek to do it. You also don't have to disable the program browser by browser.

For Java 7, there is a one-stop option that allows you to disable the program in all browsers in one fell stroke. Assuming you have a Windows computer, here's how you do it: Open the Control Panel and launch the Java program. If you can't locate that, turn on Classic View (in XP) or small icons (in Vista or Windows 7). Click the Security tab and look for the checkbox with the words: "Enable Java content in the browser." Uncheck that box and click OK. And with that, Java is disabled.

If you are a Mac user, it's even easier. You don't have to do anything. According to MacRumors website, Apple has already disabled the Java 7 plug-in installed on Macs.

It's worth mentioning that JavaScript which, despite its similar-sounding name, is not at all related to Java. And unlike Java, which is no longer popular among web developers, JavaScript is used a lot in websites, especially for those with interactive features.

If you disable JavaScript, this will not protect you against attacks on Java's vulnerabilities. Instead, what you will notice is that many websites you regularly visit are suddenly not working properly anymore.

Note that Oracle, which took control of Java when it bought Sun Microsystems in 2010, has just issued a patch that it says contains 86 new security vulnerability fixes, including the one that the Department of Homeland Security warned about.

So, is it safe to turn on Java again? Possibly, but why bother since most websites don't require Java anymore? And given its history of vulnerabilities, I would rather be safe than sorry. So, do yourself a favour and turn off Java now.

Oon Yeoh is a new media consultant. Comments: letters@thesundaily.com
Stats