Feb
12

Solving Java Security Issues Once and For All

Solving Java Security Issues Once and For All

February 12
By

Tim Jackson is the CEO and founder of Jackson Technical

Java has a security problem.

You may have read in tech news lately about “zero-day” threats that are exposed to Java.  Zero-day threats are vulnerabilities that hackers have discovered but haven’t yet been fixed by the software manufacturer.  These flaws often allow viruses to be installed on your computer without your browser or anti-virus stopping them and they don’t always come from a risky website.  The infected code can even be embedded in legitimate and popular websites.

This is not a new problem for Java.  It reoccurs frequently and that’s why the annoying orange icon by your taskbar clock seems to be constantly asking for yet another update.  Because of the frequency of new security updates issued,  it’s human nature to eventually stop paying attention to it.  This is exactly what the virus writers are counting on.  They know that most Windows and Mac operating system updates are now being installed on a regular basis, so they need another way in.

I can personally attest to the frequency of infections through Java.  Approximately 85% of all infected machines we see in our shop are Windows XP with Java installed.  We know the virus infiltrated via Java because the virus codes are discovered in the Java temp directory.

Java is not the same as JavaScript.

Keep in mind that despite the similar name, Java and JavaScript are two completely different things.  JavaScript is built into your browser software (IE, Chrome, Firefox, and Safari).  JavaScript is used by HTML code to provide two-way communication between your browser and the web server without you needing to refresh the web page.  For example, JavaScript allows Facebook is able to refresh its content while you stay idle on the news feed page.

Java is a 3rd party add-on with a browser plug-in to allow  software to be distributed and executed within your browser.  You can tell if a website needs Java because you will see the Sun Java logo displayed as a square box with the animated circle loading on your screen while it loads the software into memory.

Uninstall it completely.

Many of the experts recommend disabling the Java plug-in on your browsers.  But I recommend one step further and uninstalling it completely. I can hear some grumbles now, “Is it really wise to remove a part of the Internet that’s been established for so many years?!”  I recall when Steve Jobs announced that iPads would not support Flash.  At first I thought this would be a disaster.  But it wasn’t.  The Internet adapted.  Web designers are able to use newer JavaScript-based technologies like AJAX and jQuery to give the same interactive content that we’ve come to expect Flash to provide.

If you don’t use any websites that require Java, then it’s just a program with high potential to be abused to circumvent your security measures.  Fewer websites require it.  If you find out later that you do need it,  it’s only a 5 minute, free re-install.