Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java.įor Java power users - or for those who are having trouble upgrading or removing a stubborn older version - I recommend JavaRa, which can assist in repairing or removing Java when other methods fail (requires the Microsoft. The latest versions of Java let users disable Java content in web browsers through the Java Control Panel.
If you have an affirmative use or need for Java, unplug it from the browser unless and until you’re at a site that requires it (or at least take advantage of click-to-play). This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants. I’ve long urged end users to junk Java unless they have a specific use for it (this advice does not scale for businesses, which often have legacy and custom applications that rely on Java).
Otherwise, seriously consider removing Java altogether.
Keep in mind that updating via the control panel will auto-select the installation of the Ask Toolbar, so de-select that if you don’t want the added crapware. Updates are available from or via the Java Control Panel. If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. Updates also should be available via the Java Control Panel or from. Users also can visit and click the “Do I have Java?” link on the homepage. At the command prompt, type “java -version” (again, no quotes). Windows users can click Start, then Run, then type “cmd” without the quotes. There are a few of ways to find out if you have Java installed and what version may be running. The trouble with Java is that it has a very broad install base, but many users don’t even know if they have it on their systems. Oracle says vulnerabilities with 9.x CVSS score are those which can be easily exploited remotely and without authentication, and which result in the complete compromise of the host operating system. Those who’ve chosen to upgrade to the newer, “feature release” version of Java - Java 8 - will find fixes available in Java 8 Update 11.Īccording to Oracle, at least 8 of the 20 security holes plugged in this release earned a Common Vulnerability Scoring System (CVSS) rating of 9.0 or higher (with 10 being the most severe).
The latest update for Java 7 (the version most users will have installed) brings the program to Java 7 Update 65. In short, if you have Java installed it is time to patch it or pitch it. Collectively, the bugs fixed in this update earned Oracle’s “critical” rating, meaning they can be exploited over a network without the need for a username and password. Oracle today released a security update for its Java platform that addresses at least 20 vulnerabilities in the software.
0 kommentar(er)
