Posted on 01/10/2013 2:51:44 PM PST by alancarp
[No quote due to Reuters source. Title is accurate representation of article. Please see link.]
(Excerpt) Read more at reuters.com ...
I uninstalled Java several months ago. I only had one program that needed it, and I figured out another program to use for that task.
Remember that Java and JavaScript are two different things from different companies.
These two podcasts will get anyone who wants it up to speed, even though they’re a few months old.
http://www.grc.com/sn/sn-367.htm
http://www.grc.com/sn/sn-368.htm
“machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack.”
Yikes! I wish the article was more specific about the kind of damage the “attacks” do. I am only speculating that more harm could be done to older versions of Windows in particular, such as hiding entries in the Windows Registry.
Perhaps this might be a good time to review how to uninstall in Windows, Mac and Linux?
(saying that partly, from personal lack of experience at it)
How do I uninstall Java on my Windows computer?
http://www.java.com/en/download/uninstall.jsp
How do I uninstall Java 7 for my Mac?
http://www.java.com/en/download/help/mac_uninstall_java.xml
Here’s a useful page provided by Mozilla to check to see if you’re up to date with your browser plugins.
https://www.mozilla.org/en-US/plugincheck/
Thank you very much.
Thank you, MarineBrat!
Firefox says that I have Java Deplyment Tool Kit.
Should I uninstall that?
It is the only reference to Java on my Windows XP
Thanks
Nothing like throwing the baby out with the bathwater. The referenced problem is with Java browser plugins, not standalone Java. Yes, standalone Java probably has other security issues, but some of us need it and it is not nearly as exposed. In fact, I need the plugin, also, but haven’t yet decided what action to take if any.
Does it make sense to request an exe with your browser? No. I suppose it could be an obfuscated link in a web page. But how does it involve java?
Before you uninstall Java, you need to determine what programs it might impact.
IIRC, and maybe it was only earlier versions, but Firefox used to require Java. That may have been some of the add-ons, but I recall getting messages to install or upgrade Java when I upgraded Firefox.
Many web pages require Java. My cable ISP email requires it for HTML mode.
I have several Windows programs that require Java.
==
Without more information of this ‘threat’, I am not going to be too concerned about it. If it is serious, Oracle will probably release an upgrade to Java soon.
Upon further reflection, maybe the screen shot is the end of exploit where the java is now requesting some program to run via the browser. I believe java is allowed to make outgoing http connections to fetch data that it might need. I suppose a buggy version could fetch an exe and run it...
If you follow the link to http://malware.dontneedcoffee.com/ you can clearly see how java is involved.
Additional detail over at Ars-
http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/
Techie bookmark.
bump
nope I don’t see it. It doesn’t have much more than the screenshot I posted. The only other relevant screenshot they show is the browser asking for some jar file, presumably that’s what has the bad java in it. Then the renegade java asks for an exe and runs it.
I’ve been advising friends consider running their web browsers in a Sandbox via Sandboxie. http://www.sandboxie.com/
I run my browser in Sandboxie but, also on a non-persistent (load only) RAMdrive too (using Primo Ramdisk). It’s faster running from a ramdisk, and probably one of the most secure configs possible on Windows.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.