The Department of Homeland Security recently sent out a warning stating that we should disable Java because of some new threat. Should I disable Java and if so, how do I do it?
This question was answered on February 15, 2013. Much of the information contained herein may have changed since posting.
Java is a universal programming language that is used on the Internet for lots of utilities, business applications and games so they can be run via your browser instead of installing a special program to your computer.
Java has long been a target of hackers because it’s so universal and it allows them to attack any type of computer (Mac or Windows) whenever new security holes are discovered.
Virtually every computer connected to the Internet has Java installed, which gives the hackers a much bigger group of victims to target.
The Department of Homeland Security’s CERT (Computer Emergency Readiness Team) division did send out a warning last month because of a very serious ‘zero-day’ exploit that was discovered.
Zero-day refers to the time it takes the hacking community to create code to exploit a newly discovered security hole; in other words, the day that the hole is discovered there is code on the Internet trying to exploit it.
It used to take some time between the discovery of a new security problem and the release of malicious code, but it’s a high-stakes race these days.
The hackers want to exploit as many people as they can before a ‘patch’ is created to fix the security hole.
In the case of Java exploits, all you have to do is visit a booby-trapped website to be attacked, which is why the recommendation to disable Java was sent out.
Oracle, the company that owns Java, released a patch to fix the recent zero-day exploit, but many in the industry are suggesting that you consider disabling Java altogether to avoid future exploits.
There is no way for anyone to know whether you specifically need Java or not, so the best way to figure it out is to temporarily disable it in all your browsers to see if what you do on the Internet is impacted.
If you don’t run into any websites that you care about that require you to have Java (you will usually get an error message), then you can uninstall it and eliminate ever being victimized by future exploits.
If you do have the need to use Java on occasion, you can always enable it on an ‘as need’ basis, which is kind of a hassle, but it’s a safer way to operate.
To disable Java in your browsers, start by making sure you have the latest version by going to http://www.java.com/download .
After you run the installation program, Windows users can go to the Control Panel and look for the Java icon to launch the Java Control Panel (or use Windows search for Java Control Panel).
Mac users need to go to System Preferences to open the Java Control Panel.
Once it’s open, click on the Security Tab and uncheck the box in front of ‘Enable Java content in the browser’
If you find that you do need to run Java for certain websites that you trust, I prefer to use Google Chrome as it always asks you if you want to allow Java to run so you will always be aware when a website is trying to use it.
About the author
Ken Colburn of Data Doctors on February 15, 2013