Java is one of the most popular programming languages in the world. It’s used in countless web browser, mobile devices, televisions, and even automobiles. Yeah, Java is just about everywhere these days, but unfortunately, that widespread usage has garnered the attention of cybercriminal nation. It has gotten to the point where several experts, including those at Homeland Security, have recommended dumping Java unless its usage is “absolutely necessary”.
One threat commonly associated with Java vulnerabilities is the dreaded drive-by download, an attack that often operates in stealth mode. In this scenario, the attacker slips a piece of malware into the user’s system by exploiting a hole in the Java software. While it can be triggered by visiting a rogue website or clicking a malicious link, these type of attacks don’t require any user interaction to wreak havoc. Once installed, the malware can provide the attacker with access that allows them to steal contact, login, and personal information across any network the infected device is connected to.
So should you quit Java? Is it something you really need to be effective? Let’s go exploring!
Placing a Value on Java
In the past, Java was viewed as such an essential service that it came installed and enabled by default on many new systems. Due to vulnerabilities that have led to breaches on high profiled companies such as Apple and Yahoo, OS vendors have started to roll out updates that see it disabled by default. For the average computer user, axing Java out of your life is a simple matter of clicking a few buttons from your desktop or web browser control panel. Things are not so straightforward in the enterprise environment.
Maintaining a Java-based application infrastructure has become increasingly challenging for companies and the personnel tasked with securing it. IT security administrators must strive to keep all instances of Java secure across a multitude of platforms, all without compromising day to day operations. The enterprise realm is challenged by the simple fact that organizations in the financial, healthcare, and e-commerce sectors still depend on Java to support VPNs, cloud platforms, and other apps. For these companies, dropping Java can break core functionality and even expose them to more risks.
Best Practices for Using Java
If you’re a user or company that just can’t let go of this controversial programming language, you need to be extra cautious in using it. Here are some best practices for Java recommended to keep you safe and sound.
Use One Browser For Java. Whether it’s Internet Explorer, Firefox, or Google Chrome, experts recommend that you use one browser exclusively for your Java applications. So if it’s Firefox, disable Java in Chrome and use Chrome for daily web browsing. This way, you’re protected even if you happen to end up on a site explicitly exploiting Java vulnerabilities.
Fire Up Click to Play. Firefox and Chrome both offer Click to Play functionality that, as the name implies, requires the user to manually click on a dialog box before a given plugin is activated. This feature provides added protection by preventing Java applets and other plugins from automatically running and executing malicious code in the process.
Sprinkle in Virtualization. Believe it or not, but virtualization can also help beef up Java security. The objective here is to create a virtual machine that provides an added layer of protection. If an attack is successful, the VM will essentially contain it and prevent it from compromising data on the physical machine.
Stay Up to Date. Some websites and applications will not function if you’re not running the latest version of Java. However, keeping the platform updated is about security as much as it is functionality. Without regular updates, your mission-critical operations are at greater risk.
Java’s flexibility is the very factor that makes it a vulnerable target of attackers worldwide. It may not be a ticking timebomb on the level of Windows XP, but we could be there soon. So, do you still need a little Java in your life?
Photo Credit: Ken Hawkins via Flickr