Share This Page

Security too risky with Java

| Friday, Feb. 1, 2013, 12:01 a.m.

The weekly — sometimes daily — security scares that occur with the Java programming language are starting to remind me of the old whack-a-mole arcade game.

Researchers or hackers discover a major flaw in Java. Java's developer, Oracle, whacks it with a patch. Another mole pops up. Oracle whacks it with a patch.

Many experts say Oracle is losing this game or isn't trying very hard to win. And computer users are paying the price.

When a vulnerable version of Java is active in a web browser, visiting a compromised website is all it takes for crooks to sneak malware onto your computer. In most cases, you won't even know the site is compromised until it's too late.

Here's how to stay safe: Stop using Java — or stay on top of the upgrades and use Java a lot more guardedly.

I'm going to help you do just that.

But first: What the heck is Java? And why is it capable of scalding your computer?

First developed back in 1995, Java became ubiquitous almost overnight because it allowed programmers to write one program and use it on Windows, Apple OS X and other operating systems.

Today Internet browsers use Java for interactive web content, such as popular online games. Computers use it to run useful programs such as the free Office alternative LibreOffice, and Adobe Creative Suite. And Java is pre-installed on most systems. It's estimated that Java is running on 850 million computers in the world.

Java's security holes woke up Apple users last year when more than 600,000 Macs became infected with the Flashback malware that targeted Java.

Since then, moles have kept popping up through other holes. In response to the most recent exploit, the Department of Homeland Security a couple of weeks ago recommended that all Internet users disable Java. Apple and Mozilla have turned off Java plug-ins automatically in the latest editions of the browsers Safari and Firefox. But it doesn't hurt to double-check that Java is turned off.

Fortunately, the latest version of Java has a one-click button just for that purpose. That's handy because disabling it manually was a hassle, especially in Internet Explorer.

First, make sure you have the most recent version of Java from Oracle's site. The latest release as of this writing is Version 7 Update 11.

To bring up Java's new security settings, go to Start>>Computer and type “Javacpl.exe” in the search bar.

Mac users can find the setting by going to System Preferences and clicking on the Java icon — it looks like a steaming cup of coffee.

This will disable Java in your browser but still let you use it for desktop programs.

Warning: If you do head into your browser settings to check that Java is disabled, you might see something called JavaScript. Don't disable JavaScript! It's a different animal and has no security issues.

Although it's safer to run Java for a desktop program, it's best to get it off your machine if you don't need it.

Kim Komando hosts a talk radio show about consumer electronics. For details, visit www.komando.com.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.