{"id":67,"date":"2013-01-24T14:53:28","date_gmt":"2013-01-24T21:53:28","guid":{"rendered":"http:\/\/dshsolutions.com\/wordpress\/?p=67"},"modified":"2013-01-24T14:53:28","modified_gmt":"2013-01-24T21:53:28","slug":"the-java-security-risk","status":"publish","type":"post","link":"https:\/\/dshsolutions.com\/wordpress\/the-java-security-risk\/","title":{"rendered":"The JAVA Security Risk"},"content":{"rendered":"

Why everyone should be concerned about Java<\/span><\/h1>\n
An article <\/a>by Woody Leonhard<\/a>, Microsoft Office Expert<\/em><\/div>\n

Woody Leonhard is a Windows Secrets senior editor and a senior contributing editor at InfoWorld. His latest book, the comprehensive 1,080-page Windows 8 All-In-One For Dummies<\/a>, delves into all the Win8 nooks and crannies.\u00a0 His many writings tell it like it is \u2014 whether Microsoft likes it or not.<\/p>\n

Please note, right from the start that Java is NOT JavaScript!\u00a0 Disabling or removing Java on your devices will not cause the wonderful JavaScript apps on most websites to stop running.\u00a0 You can disable or remove Java with impunity!<\/strong><\/p>\n

“<\/span>In the computing world, Java is very nearly ubiquitous. As noted on Oracle’s Java FAQ site<\/a>, it runs on lots of PCs, but it also runs on “billions of devices worldwide, including mobile and TV devices.” Java is not JavaScript, as Susan Bradley notes in her companion piece<\/a>, “Java: More than the usual cup of coding coffee,” about what Java is and isn’t.<\/span><\/p>\n

In this article, I focus on one task \u2014 disabling Java in your Web browser(s). It’s the most effective way to protect yourself from most Java-based threats. Yes, some PC users still need Java in their browsers to work with specific websites. But most of us have little to lose and much security to gain by keeping our browsers Java-free. (And yes, Mac users should block Java, too.) Java in browsers has been a malware magnet for years \u2014 it’s unlikely that fact will change anytime soon.<\/span><\/p>\n

I’m not going to review the most recent round of Java exploits, their patches, or new exploits built onto the backs of Java fixes. Java updates are routinely covered in the twice-monthly Patch Watch column. Brian Krebs has an interesting Krebs on Security<\/i><\/strong> post<\/a> detailing the latest war between Java security and hackers.<\/span><\/p>\n

Scorched earth: Remove Java from all browsers<\/span><\/h2>\n

These days, it’s common for PC users to use multiple browsers. Most versions of Windows have Internet Explorer installed, and many \u2014 if not most PC users \u2014 are running Firefox or Chrome \u2014 or both. On any PC with multiple browsers, the most effective security policy is to disable Java in all<\/i><\/strong> browsers; then see what, if anything, breaks. Most likely, you’ll never miss it.<\/span><\/p>\n

Websites requiring Java are on the decline, but if you hit one, you can just move on to a different site. On the other hand, if your bank, brokerage company, or some other critical site requires Java, then you need to limit your Java exposure. (I’ve been running Java-free for about six months now, and I haven’t missed it one bit.)<\/span><\/p>\n

Here’s how to disable Java in all your browsers simultaneously. (Note: some of this information was provided in the Jan. 17 Patch Watch column.)<\/span><\/p>\n