No, we’re not talking about your morning coffee! We’re talking about security holes in Java! Okay, sure – you’re not worried because you’re so smart and have got your security settings on “High” or “Very High”. Sorry folks… you are still at risk. Flaws in the Java software mean an attacker could indeed sidestep those security settings, at which point he could go ahead and run malware, ultimately gaining remote control of your Java Web app.
Experts anticipate that security holes in Java, and therefore Java attacks will continue to be an issue. And they’re right. No sooner than Oracle had patched two vulnerabilities in Java, a new, never seen before bug was found online. Clearly this isn’t an issue that will be resolved any time soon. In recent months, Oracle has come under criticism for their slow response in fixing identified weaknesses within Java, leaving some businesses wondering whether using the software is worth the risk.
So, is it safe to use Java?
Surely if Oracle is issuing patches, the vulnerabilities must be under control. Unfortunately, despite the frequent patches, Oracle has been unable to stay one step ahead of the attackers and cybercriminals out there. Instead, these patches are just reactive solutions, and these solutions hardly deserve the name ‘solution’, as in several cases the bugs weren’t even fixed correctly. The general consensus from experts is that Java isn’t safe, predominantly because Oracle’s security testing processes just aren’t up to par, leaving the patches ineffective. Even the Department of Homeland Security in the U.S recently issued a warning against Java, urging citizens to avoid the Java browser plug-in where possible. Moreover, Apple has even decided to disable Java in the Mac OS.
So, the answer to the BIG question… “is it safe to use Java?” NO. Here’s how you can disable Java in your browser. But if you have no choice but to continue using Java…
How can you protect yourself?
One way to limit your exposure to risk is to utilize the “click-to-play” feature, which allows you to select when to run Java. However, this does sound extremely annoying and certainly not fool-proof, not to mention that it’s putting all of the onus on you. So what are your other options if you don’t want to be constantly fiddling with Java?
- First off, make sure you have the latest Java version installed.
- Don’t access an unsecure website when Java is enabled.
- If you get any kind of alert – and we mean ANY kind at all – don’t go further; never ignore computer/security alerts!
- Consider having two different browsers on your computer, one for general use, and one specifically used only for Java required sites.
- Use the software vulnerability scanner in BullGuard Internet Security 2013 to keep an eye out for old or dated software (a hackers’ dream) and keep your PC in good health.
Unfortunately, there is no quick fix to this issue. Watch this space for more updates and solutions to this Java Saga.
BullGuard’s comprehensive internet security suite protects you from the potential vulnerabilities your computer programs could have inflicted on your computer. Get BullGuard Internet Security 2013 now!