First, the facts
On January 10th 2013 the US-CERT, the agency in charge of managing cyber risks to the nation, has issued an alert (TA13-010A) instructing all PC users to limit their usage of the Java Runtime Environment (JRE), unless required for business reasons, or to remove it entirely, including disabling Java plug-ins in web browsers.The Java development platform has become a favored target for hackers, leading to a growing list of Java-specific vulnerabilities being discovered and exploited by various malware.
How can it affect you
According the the alert, this vulnerability "could allow an attacker to execute arbitrary commands on a vulnerable system"."Reports indicate this vulnerability is being actively exploited, and exploit code is publicly availabe". It is estimated that this vulnerability may now be present on over 400 million systems.
What can you do?
Disable Java now, and keep it disabled. Based on the US-CERT vulnerability note VU#636312 these are the steps for disabling the Java plug-in in web browsers:Mozilla Firefox
From the main menu bar, select 'Tools' > 'Add-ons' (or 'Ctrl+Shift+A').
Look for Java plugins and click the 'Disable' button.
Restart the browser.
Chrome
Type 'about:plugins' into the address bar.
Look for the 'Java' plugin and click the 'Disable' link next to it.
Safari
Go to 'Preferences', then 'Security tab'.
Uncheck 'Enable Java'.
Internet Explorer
Go to 'Tools', then ' Manage add-ons'.
Highlight all 'Java' add-ons, then click on the 'Disable' button on the lower right corner of that window.
Click 'Close'.
Restart the browser.
It is also recommended to disable Java from the Windows Control Panel.
Open the Control Panel and click on 'Java'.
In the Java Control Panel, select the 'Java' tab and click the 'View' button. For any JRE versions listed, uncheck the 'Enabled' box. Click 'OK'.
In the Java Control Panel, click 'Apply' or 'OK'.
What if I need to use it for work or to manage my bank account?
Designate one browser with Java enabled exclusively for that purpose and use the Java disabled browsers for all your other activities.
You can also enable the Java plug-in while visiting sites that require it and disable it immediately after you left it.
I did it.
ReplyDelete