Curry Recipes Online

Curry Chat => Talk About Anything Other Than Curry => Topic started by: George on January 11, 2013, 09:00 PM

Title: Disable JAVA for safer browsing
Post by: George on January 11, 2013, 09:00 PM: Do you remember I mentioned that I generally use my Google Chrome browser with Java disabled?

I then enable Java just for sites I trust (well to a degree) such as Toolstation.com, which simply won't work without Java. Does anyone else here use Toolstation? I much prefer it over Screwfix.

Anyway, a US authority has now recommended that most people should disable Java because it's a distinct security risk.

See:
http://www.computerworld.com/s/article/9235615/US_CERT_tells_users_to_disable_Java_in_browsers_after_exploit (http://www.computerworld.com/s/article/9235615/US_CERT_tells_users_to_disable_Java_in_browsers_after_exploit)
Title: Re: Disable JAVA for safer browsing
Post by: RubyDoo on January 11, 2013, 09:43 PM: Oh dear.

Apparently a US authority once suggested that there was no threat caused by the war in Europe. Doh!
I would hope that anybody on this site would have the 'savvy' to at least have minimal protection.. In this day and age, if you do not then you deserve what you get. That may sound harsh but everybody gets bombarded even by default to the need for minimum requirements. Ignore at your own peril.

George . This post is patronising at best, insulting at worst. I will leave it at that in the hope that YOUR own ignorance is driven by a genuine desire to do the right thing.
Title: Re: Disable JAVA for safer browsing
Post by: Peripatetic Phil on January 11, 2013, 11:09 PM: I disabled Java and had no difficulty navigating the Toolstation web site at all; with JavaScript disabled, on the other hand, the site is completely dysfunctional. In fact, it tells you that if you visit it with JavaScript disabled : "You need JavaScript turned on to use Toolstation.com! Please enable JavaScript in order to shop at Toolstation.com." Is there any possibility that you are confusing the two, George ?

P.S. The Java vulnerability is quite significant : http://reviews.cnet.com/8301-13727_7-57563567-263/new-malware-exploiting-java-7-in-windows-and-unix-systems/ (http://reviews.cnet.com/8301-13727_7-57563567-263/new-malware-exploiting-java-7-in-windows-and-unix-systems/)

I have now disabled Java (not JavaScript) in all my VMs, as well as in the host system. Thank you for drawing this to our attention.

** Phil.
Title: Re: Disable JAVA for safer browsing
Post by: George on January 11, 2013, 11:57 PM: Quote from: RubyDoo on January 11, 2013, 09:43 PM
Oh dear.
Apparently a US authority once suggested that there was no threat caused by the war in Europe. Doh!
I would hope that anybody on this site would have the 'savvy' to at least have minimal protection.. In this day and age, if you do not then you deserve what you get. That may sound harsh but everybody gets bombarded even by default to the need for minimum requirements. Ignore at your own peril.
George . This post is patronising at best, insulting at worst. I will leave it at that in the hope that YOUR own ignorance is driven by a genuine desire to do the right thing.

As incredible as it seems, perhaps we have the start of another argument here. How on earth could my post about Java prompt this type of response from Ruby, calling me ignorant? Looking for trouble, or what? I sincerely hoped the information about Java might interest some members. I didn't dream anyone would treat it so negatively.

For anyone interested in reading more, here it is direct from the source of the advice, in effect. It makes sense to me:

http://www.us-cert.gov/cas/techalerts/TA13-010A.html (http://www.us-cert.gov/cas/techalerts/TA13-010A.html)
Title: Re: Disable JAVA for safer browsing
Post by: rallim on January 12, 2013, 03:49 AM: I always keep my laptop updated with security updates. I have a few security programs for protection and I have java disabled and has been for quite a while. Good information George and thanks for highlighting this.
Title: Re: Disable JAVA for safer browsing
Post by: Peripatetic Phil on January 12, 2013, 11:06 AM: Quote from: George on January 12, 2013, 10:33 AM
Many thanks for flagging up this distinction, which I didn't realise. It seems I disabled JavaScript, and probably still have Java running! So I might be ignorant, after all, but due to confusion over JavaScript vs Java rather than anything Ruby mentioned. Is it easy to diable Java? Perhaps I should look back to the article I referred to.

Easy, but the method varies with browser :

For Seamonkey : Tools / Add-ons Manager / Plugins / Disable anything specific to Java
IE9 : Tools / Internet options / Security / Custom level / Scripting of Java applets / Disable

Quote
And don't you think it's also a good idea to have JavaScript disabled, even if it's completely different?

Not really : I run with JavaScript enabled in all my VMs (Productions, Secure, Sandbox, VPN, ...) as well as in the physical host, and disable it only when I need (e.g.,) right-click functionality that JS is deliberately over-riding (e.g., "Sorry, images cannot be saved" !) or when I cannot be sure that a pop-up is not malicious and need to be able to (a) stop it replicating, and (b) kill it.

It may be worth explaining to those who regard IT solely as a tool that Java (from Sun, via Oracle) and JavaScript (from Netscape, via ECMA and your favourite browser vendor) are two totally different beasts : the only thing they have in common is the first four letters, which were deliberately picked by Netscape when they wanted to re-brand their "LiveScript" technology. They picked the letters "J a v a" because, by then, Java was a cross-platform reality and they wanted to jump on Java's bandwagon.

JavaScript is an interpreted language that runs natively in your browser, and also in Adobe Acrobat; Java is a compiled language that requires a plug-in in order to run within a browser. Both run in so-called "Sandboxes", but JavaScript is inherently more secure.

** Phil.
Title: Re: Disable JAVA for safer browsing
Post by: George on January 12, 2013, 11:07 AM: Quote from: Phil [Chaa006] on January 11, 2013, 11:09 PM
I disabled Java and had no difficulty navigating the Toolstation web site at all..."You need JavaScript turned on to use Toolstation.com! Please enable JavaScript in order to shop at Toolstation.com." Is there any possibility that you are confusing the two, George ?

Many thanks for flagging up this distinction, which I didn't realise. It seems I disabled JavaScript, and probably still have Java running! So I might be ignorant, after all, but due to confusion over JavaScript vs Java rather than anything Ruby mentioned.

I've now removed Java (v9) completely, via Control Panel.

And don't you think it's also a good idea to have JavaScript disabled, even if it's completely different?
Title: Re: Disable JAVA for safer browsing
Post by: Peripatetic Phil on January 12, 2013, 11:22 AM: Quote from: George on January 12, 2013, 11:07 AM
I've now removed Java (v9) completely, via Control Panel. And don't you think it's also a good idea to have JavaScript disabled, even if it's completely different?

No, please see above George : I replied while you were composing this, so my reply precedes your message.

** Phil.
Title: Re: Disable JAVA for safer browsing
Post by: ELW on January 12, 2013, 11:29 AM: Most people keep javascript enabled George, a huge amount of web content relies on it & it's used in many different ways now.
I've never updated from Java 6. The threat from Java applets (remote Java code) is in short the Java languages capability to access your machine's file system, which is obviously not good

It's irrelevant to this post but javascript runs server side also :)

Well spotted anyway

ELW
Title: Re: Disable JAVA for safer browsing
Post by: Peripatetic Phil on January 12, 2013, 11:39 AM: Quote from: ELW on January 12, 2013, 11:29 AM
It's irrelevant to this post but javascript runs server side also :)

Not sure what you mean by that last observation, ELW. JavaScript /can/ be run server-side (within the context of, e.g., ASP.NET) but in general users will be unaware of which server-side technology is being run, and in any rate cannot disable it from their machine. For normal users and normal situations, JavaScript is run client-side (i.e., within the browser) and can be disabled using (e.g.,) PrefBar, Tools/Options or Edit/Preferences.

** Phil.
Title: Re: Disable JAVA for safer browsing
Post by: George on January 12, 2013, 01:23 PM: Wow, some of you seem so knowledgeable on fields far beyond curry making, from IT systems to jet engines and playing musical instruments, for example. And many more skills.

In practice, I find relatively few sites need JavaScript to work. Right now, on this forum for example, an icon shows that JavaScript is blocked, but it doesn't seem to stop everything working perfectly well. On sites I decide to trust, I re-enable it, whilst running a reduced risk on other sites I might stumble across which could perhaps take malicious advantage of JavaScript.

As for Java, now I've removed it via Control Panel, I wonder how long it will be until some web site says I need it again.
Title: Re: Disable JAVA for safer browsing
Post by: uclown2002 on January 12, 2013, 06:04 PM: lol

I uninstalled java then the first program (jdownloader) I tried to use didn't open as it needed java!
Title: Re: Disable JAVA for safer browsing
Post by: Peripatetic Phil on January 13, 2013, 11:26 PM: New version of Java released, analyst(s) claim it is still insecure. I have updated but still have it disabled in my browsers.

http://www.reuters.com/ (http://www.reuters.com/article/2013/01/13/us-java-oracle-security-idUSBRE90C0JB20130113)

** Phil.
Title: Re: Disable JAVA for safer browsing
Post by: Willyeckerslike on January 18, 2013, 12:55 PM: You may have recently seen some of the extensive news coverage, including statements from the United States Department of Homeland Security, regarding a vulnerability in Java. Java is both a language and a platform to run websites and programs used by many computer users, both on the PC and Mac operating systems. This vulnerability leaves millions of computers open to malware attacks and can lure online traffic to virus-infected websites.
Rest assured, because you have a Norton security software product installed on your computer, you?re protected against the Java bug (CVE-2013-0422), as long as you have not disabled the automatic updates feature.
We also recommend that you apply Oracle?s recently released security patch and make sure you are running the most updated version of Java.

Thank you for being a valued Norton customer.

Sincerely,
The Norton Team

Learn more about Java Zero-Day vulnerability

An update from the Norton Team I received today for anyone who is interested.

Will
.
Title: Re: Disable JAVA for safer browsing
Post by: RubyDoo on January 18, 2013, 01:42 PM: Quote from: Willyeckerslike on January 18, 2013, 12:55 PM
You may have recently seen some of the extensive news coverage, including statements from the United States Department of Homeland Security, regarding a vulnerability in Java. Java is both a language and a platform to run websites and programs used by many computer users, both on the PC and Mac operating systems. This vulnerability leaves millions of computers open to malware attacks and can lure online traffic to virus-infected websites.
Rest assured, because you have a Norton security software product installed on your computer, you?re protected against the Java bug (CVE-2013-0422), as long as you have not disabled the automatic updates feature.
We also recommend that you apply Oracle?s recently released security patch and make sure you are running the most updated version of Java.

Thank you for being a valued Norton customer.

Sincerely,
The Norton Team

Learn more about Java Zero-Day vulnerability

An update from the Norton Team I received today for anyone who is interested.

Will
.

Hahahaha Norton? Wouldn't touch it again with 'yours'. Personal opinion of course ( supported by millions ). Norton is utter rubbish. ;)