Disable Java NOW, users told, as 0-day exploit hits web (reg headline)

Started by Gary, Aug 28, 2012, 16:16:53

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

armadillo

Quote from: Baz on Sep 01, 2012, 07:32:37
but how do you tell if you need it on or off.if its a new site you wont know how its supposed to look, will you  :dunno:

Usually it is fairly obvious. With Flash, Firefox will display a "missing plugins" box or an invitation to "install Flash" in place of the feature that uses Flash.

With Java, some sites display a warning that Java appears not be installed. But more often, you find out because something that you click on does nothing at all or some feature which is referred to is nowhere to be seen.

Quote from: Baz on Sep 01, 2012, 07:32:37
like I said earlier I have a work related site that I need and only noticed it displaying differently because I visit it regularly and noticed things not working.

Exactly.

Quote from: Baz on Sep 01, 2012, 07:32:37
What does Java actually do.

It is a programming language extension that allows processes to run on your machine and potentially alter data there. In effect, it can do the same things as .exe files can. It is supposed to contain safeguards that prevent it doing malicious things but malware writers can get around those fairly easily and are well clued up to exploit weaknesses as soon as they are introduced in Java upgrades.

Common uses of Java include speed testers and also calculators in which you input some parameters and a calculation is displayed.

If you are browsing in work related sites or mainstream reputable places, you are unlikely to encounter malicious Java. I tend to know if I am browsing in potentially dangerous places but I suspect that most of the reported problems happen to people who browse obviously risky sites with all features enabled. The biggest danger is lack of commonsense and it is easy to exploit.

Rik

Quote from: armadilloThe biggest danger is lack of commonsense and it is easy to exploit.

Well put. :thumb:
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

pctech

Oh dear, think work just got tougher for me as one of the systems I support is Java based so I'll have to persuade some frightened user who has been told by their Son, Daughter, neighbour who 'knows about computers' that its ok to install Java.

(deep sigh)


Niall

Ah tits,  I just thought, I haven't updated my mums laptop. Argh!

* Niall pokes off button on router

;D
Flickr Deviant art
Art is not a handicraft, it is the transmission of feeling the artist has experienced.
Leo Tolstoy

Gary

Seriously if people think hey browse safely (no offence to anyone) that is a mistake as I see it...no site is safe really, sites can have exploits on them without knowing until its to late or a dns redirect can snag you, which happened to this very site we are now on, what would have happened if that redirect had a malicious payload? Common sense helps but its by no means a safety net anymore when exploits download with no user interaction.

  Java like Flash is a vector for attack and sometimes holes in it are open for along time. The less vulnerable you are on the net the better. Java is not needed by most, and if I need a piece of technology just to run one speed tester  then I would rather not bother. More and more often Java and Flash are used as a way in now as Os's are getting harder to get through, so its the low hanging fruit they go for.

Adobe seem to be at this time patching Flash much faster which is a blessing. I have to say I don't see the need to risk you computer, your Identity and your credit ratings or your cash for a BT speed tester. if that's all you use it for, if you have programs that need it fine, just turn it off in your browser, that's not exactly hard work. Installing Java on a computer to a person that is not tech savvy and who may never use it is pointless. If they need it fair enough but don't start drilling holes in their defences because common sense prevails and there is no need to worry...common sense often doesn't even have a chance to notice the issue until its to late. The less plugins the better I think.

Yes the reg love a story, but there is a moral to their sensationalism, and its not just that site that seems to have legitimate concerns.
Damned, if you do damned if you don't

pctech

Quote from: Technical Ben on Aug 28, 2012, 20:26:23
Is Sandboxie now Win7 compatible? Was only XP last time I checked (really useful program too, especially for not breaking too much :P ).

Only program I haven't yet installed on Win 7, will do tonight and report back and it'll be a double challenge as am running 64-bit whereas my XP was 32.