Disable Java NOW, users told, as 0-day exploit hits web

Concerned User · 28. Aug 2012, 06:14 PM

http://www.theregister.co.uk/2012/08...block_exploit/

http://reviews.cnet.com/8301-13727_7...y-affect-macs/

...sighs deeply....

Quote:

For individual users, the researchers say, the best solution for now is to disable the Java browser plugin until Oracle issues an official patch.

Thankfully, all modern browsers have functionality to turn off or turn on plugins easily.....

Looks like mac and linux are also equally vulnerable?:

Quote:

But the hackers behind the Metasploit penetration testing software say they have studied the exploit and found that it could just as easily be used to attack machines running Linux or Mac OS X, given the appropriate payload.

Rather unfortunate, that some online banking sites have to use java for two factor authentication. Example:

2 Factor Authentication - Safe & Secure ebanking:

If you are enabled for 2 Factor Authentication, then it is essential for you to install latest JAVA on your system.

bo.elam · 29. Aug 2012, 08:33 PM

Not a bad idea to disable Java, even better is to uninstall it if its not required by a program. I got rid of it 3 years ago, don't miss it. People that needs to have it because of a program or two, can have it and still keep it blocked when browsing with Firefox. For that, you can use NoScript.

Bo

placou 1968 · 30. Aug 2012, 06:09 AM

last night when i took my computer out of stand by, i noted i was prompted by java to update. the prompt showed oracle. i started the update process and was prompted to install the ...ask toolbar. at this point i canceled as i found in the past that the tool bar add on (ask) can be a bad thing. i guess im asking this, should the update from oracle have the ask toolbar or search engine prompt attached to the update process? the update was called version 7 update 6 (build 1.70_06-b24)

MidnightCowboy · 30. Aug 2012, 06:45 AM

Quote:

Originally Posted by placou 1968

last night when i took my computer out of stand by, i noted i was prompted by java to update. the prompt showed oracle. i started the update process and was prompted to install the ...ask toolbar. at this point i canceled as i found in the past that the tool bar add on (ask) can be a bad thing. i guess im asking this, should the update from oracle have the ask toolbar or search engine prompt attached to the update process? the update was called version 7 update 6 (build 1.70_06-b24)

Use Secunia PSI to do your updates and avoid crap like Ask.

https://secunia.com/vulnerability_scanning/personal/

"Other companies have repackaged third-party software with their own installers for various reasons in the past. Some software distribution websites like Download.com do this to bundle browser toolbars for extra revenue. However, Secunia will not add anything to its installer. "The only thing we want to do is apply a minimal patch without interacting with the user," Kristensen said. In some cases vendors might distribute third-party toolbars or advertisements with their software updates themselves, in which case Secunia's silent installer could cut into their revenue stream."

bo.elam · 30. Aug 2012, 06:58 AM

placou 1968, you are right, Ask is been "offered" when you install Java. I cant believe Oracle is doing this.

http://www.java.com/en/download/faq/ask_toolbar.xml

I recommend you stay away from installing Java but if you must have it, you can get a toolbar free installer from here. Make sure you download the" Windows offline" installer.

http://java.com/en/download/manual.jsp

Bo

Anupam · 30. Aug 2012, 07:07 AM

Good advices by MC, and Bo... but, looking at the present situation, I would advise uninstalling java altogether. Java is only required on some sites... so, most probably, you won't need to install java.

In case you do need java, then you can follow Bo's advice in the 2nd post.

MidnightCowboy · 30. Aug 2012, 08:19 AM

Using Secuina will avoid similar instances with other program of course that seek to bundle unwanted components with their updates.

placou 1968 · 30. Aug 2012, 01:24 PM

many thanks, i never knew what it was for, and i find that if you folks dont need it, i certainly wont, its now uninstalled

Remah · 30. Aug 2012, 01:30 PM

My kids play Java games all the time

but only on their computers

except that I have to fix them if there's a problem

but burglary and a meltdown have reduced us to one

eyeb · 30. Aug 2012, 06:30 PM

Not sure how useful this will be for people, but i like portable apps, mentioned it before

but running portable firefox, I have a portable copy of java that works as well. And I can launch java files to run them too. Anyways because java isn't installed, I have a tad bit more control over things looking for java since they ask if i want to install it, I just say no. Rest of time all things java is set to launch inside sandboxie

30. Aug 2012, 06:09 AM	#3 (permalink)
placou 1968 Senior Member Join Date: Oct 2011 Posts: 187	last night when i took my computer out of stand by, i noted i was prompted by java to update. the prompt showed oracle. i started the update process and was prompted to install the ...ask toolbar. at this point i canceled as i found in the past that the tool bar add on (ask) can be a bad thing. i guess im asking this, should the update from oracle have the ask toolbar or search engine prompt attached to the update process? the update was called version 7 update 6 (build 1.70_06-b24) Last edited by placou 1968; 30. Aug 2012 at 06:17 AM.

30. Aug 2012, 07:07 AM	#6 (permalink)
Anupam Super Moderator Join Date: Jul 2008 Location: India Posts: 15,334	Good advices by MC, and Bo... but, looking at the present situation, I would advise uninstalling java altogether. Java is only required on some sites... so, most probably, you won't need to install java. In case you do need java, then you can follow Bo's advice in the 2nd post. __________________ Anupam

30. Aug 2012, 08:19 AM	#7 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 15,357	Using Secuina will avoid similar instances with other program of course that seek to bundle unwanted components with their updates. __________________ Buy a Hoover and prove technology sucks.

30. Aug 2012, 01:30 PM	#9 (permalink)
Remah Senior Member Join Date: Jul 2010 Location: New Zealand Posts: 1,741	My kids play Java games all the time but only on their computers except that I have to fix them if there's a problem but burglary and a meltdown have reduced us to one __________________ Better to light a candle ... than to curse the darkness.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

29. Aug 2012, 08:33 PM	#2 (permalink)
bo.elam Senior Member Join Date: Nov 2009 Posts: 1,714	Not a bad idea to disable Java, even better is to uninstall it if its not required by a program. I got rid of it 3 years ago, don't miss it. People that needs to have it because of a program or two, can have it and still keep it blocked when browsing with Firefox. For that, you can use NoScript. Bo

30. Aug 2012, 06:58 AM	#5 (permalink)
bo.elam Senior Member Join Date: Nov 2009 Posts: 1,714	placou 1968, you are right, Ask is been "offered" when you install Java. I cant believe Oracle is doing this. http://www.java.com/en/download/faq/ask_toolbar.xml I recommend you stay away from installing Java but if you must have it, you can get a toolbar free installer from here. Make sure you download the" Windows offline" installer. http://java.com/en/download/manual.jsp Bo

30. Aug 2012, 01:24 PM	#8 (permalink)
placou 1968 Senior Member Join Date: Oct 2011 Posts: 187	many thanks, i never knew what it was for, and i find that if you folks dont need it, i certainly wont, its now uninstalled

30. Aug 2012, 06:30 PM	#10 (permalink)
eyeb Senior Member Join Date: Sep 2010 Location: Planet X Posts: 887	Not sure how useful this will be for people, but i like portable apps, mentioned it before but running portable firefox, I have a portable copy of java that works as well. And I can launch java files to run them too. Anyways because java isn't installed, I have a tad bit more control over things looking for java since they ask if i want to install it, I just say no. Rest of time all things java is set to launch inside sandboxie