US-CERT Alert (2013-01-10) : Disable Java for web browsers
Sat, 01/12/2013 - 9:39am
13 years
|
The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) issued an alert last Thursday (2013-01-10) regarding a Java 7 security vulnerability. They recommend disabling Java for all browser content. For more information and instructions on how to secure your system, see the following link:
Thanks
Thanks for the info.
I've disabled java now and will watch over the next couple of days to see if I've lost any functional use of my browser.
Java
Thanks for the info.
I've disabled java now and will watch over the next couple of days to see if I've lost any functional use of my browser.
I shut Java down in my browser this morning. Then found that I had lost the ability to navigate most of the sites I normally visit. Re-enabled Java.
Yep
that's the problem with just shutting JAVA down.
Nuvi 350, 760, 1695LM, 3790LMT, 2460LMT, 3597LMTHD, DriveLuxe 50LMTHD, DriveSmart 61, Garmin Drive 52, Garmin Backup Camera 40 and TomTom XXL540s.
Java, not JavaScript
Just to be clear, the CERT alert is about Java, not JavaScript. They are very different things. A very small percentage of websites use Java. (JavaScript, on the other hand, is used by a rather large percentage of sites.)
My Firefox had automatically
My Firefox had automatically blocked it in Oct 2012.
All the worlds indeed a stage and we are merely players. Rush
How do I disable Java?
I'm on Win 7. How do I disable Java?
"No misfortune is so bad that whining about it won't make it worse."
Check the initial link again
Just to be clear, the CERT alert is about Java, not JavaScript. They are very different things. A very small percentage of websites use Java. (JavaScript, on the other hand, is used by a rather large percentage of sites.)
As posted in the link from the OP, the latest Java (Version 7, Update 10) has a very easy way to disable Java. And for folks using earlier Java, an update to 7,10 is probably a good idea in and of itself. So far, I haven't come across any web sites that fail to run with Java disabled.
I disabled Java on three PC (Win7-64, Win7-32, and XP). On one PC, the option to disable all Java appeared as expected. On the other two for some reason, I had to find and run javacpl.exe to get to the Security tab allowing for the easy disabling feature.
Once again, thanks, VG.
From the link
I'm on Win 7. How do I disable Java?
Solution
Disable Java in web browsers
This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment.
Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client:
For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab.
More
Check your current enabled Java, if installed:
http://java.com/en/download/installed.jsp
Disable Java:
http://java.com/en/download/help/disable_browser.xml
Install Java:
http://java.com/en/download/manual.jsp
Thanks, CraigW
Seems that I'm on Java 6 so I guess I should be okay.
Phil
"No misfortune is so bad that whining about it won't make it worse."
look at this
I'm on Win 7. How do I disable Java?
http://nakedsecurity.sophos.com/2012/08/30/how-turn-off-java...
My Java didn't
Check your current enabled Java, if installed:
http://java.com/en/download/installed.jsp
Disable Java:
http://java.com/en/download/help/disable_browser.xml
Install Java:
http://java.com/en/download/manual.jsp
My Java didn't look like the one in the disable link.
I had Java 7 9 so I updated to Java 7 10 and I still don't have that.??
Mary, Nuvi 2450, Garmin Viago, Honda Navigation, Nuvi 750 (gave to son)
Me, too X2
Check your current enabled Java, if installed:
http://java.com/en/download/installed.jsp
Disable Java:
http://java.com/en/download/help/disable_browser.xml
Install Java:
http://java.com/en/download/manual.jsp
My Java didn't look like the one in the disable link.
I had Java 7 9 so I updated to Java 7 10 and I still don't have that.??
Ha, I had the same issue on two of my three PCs. Apparently, it's some kind of a bug that prevents it from being easily run from the java icon in Control Panel.
The solution is to run javacpl.exe (which is probably in your computer's C:\ProgramFiles\Java\jre7\bin folder).
Run this file and you should see the appropriate Security page allowing you to uncheck "Enable Java content in the browser" and this will disable java in all browsers on your computer.
Thanks for the info
My thanks to VersatileGuy for advising us and to CraigW for providing the links.
I am Running XP SP3 with Internet Explorer 8 and Firefox V 17.01.
I checked CraigW's link and it showed nothing was installed on either IE8 or Firefox
"Check your current enabled Java, if installed:
http://java.com/en/download/installed.jsp
To double check I ran a search on XP and the file
"javacpl.exe" was not present so it appears I'm OK.
Nuvi 2460LMT 2 Units
To confirm
Check your current enabled Java, if installed:
http://java.com/en/download/installed.jsp
Disable Java:
http://java.com/en/download/help/disable_browser.xml
Install Java:
http://java.com/en/download/manual.jsp
My Java didn't look like the one in the disable link.
I had Java 7 9 so I updated to Java 7 10 and I still don't have that.??
Once you've disabled Java in all browsers, you can confirm it by clicking the big red "Verify Java version" button in:
http://java.com/en/download/installed.jsp
and receiving a message stating "No working Java was detected on your system. Install Java by clicking the button below."
And to beat a dead horse, ...
...it's strongly recommended that older versions (currently, pre-version 7, Update 10) be uninstalled:
http://java.com/en/download/faq/remove_olderversions.xml
Other options--
Run a different browser than IE, such as Chrome or Firefox.
With Firefox, adding NoScript and AdBlock Plus lets you control java/javascript use by websites as well as cross-scripting and other attacks (NoScript), and filters out ads and other nasties (AdBlock Plus).
Nuvi 2460, 680, DATUM Tymserve 2100, Trimble Thunderbolt, Ham radio, Macintosh, Linux, Windows
Are you saying
...it's strongly recommended that older versions (currently, pre-version 7, Update 10) be uninstalled:
http://java.com/en/download/faq/remove_olderversions.xml
Are you saying that Verison 7 update 10 is ok?
Mary, Nuvi 2450, Garmin Viago, Honda Navigation, Nuvi 750 (gave to son)
Thanks
Thanks for all the help
Mary, Nuvi 2450, Garmin Viago, Honda Navigation, Nuvi 750 (gave to son)
No
...it's strongly recommended that older versions (currently, pre-version 7, Update 10) be uninstalled:
http://java.com/en/download/faq/remove_olderversions.xml
Are you saying that Verison 7 update 10 is ok?
No, we're hearing that v7u10 is still to be disabled according to CERT and many tech web sites this week.
But besides the issue now present that brought this big warning, earlier versions of Java had other security issues--and for folks still using the older versions, these other older security issues remain.
(bleep) Acronyms
In my life, CERT = Community Emergency Response Team.
Stupid government...
*Keith* MacBook Pro *wifi iPad(2012) w/BadElf GPS & iPhone6 + Navigon*
Suggested reading
http://ask-leo.com/should_i_disable_java_and_if_so_how.html
Thanks
http://ask-leo.com/should_i_disable_java_and_if_so_how.html
Thanks.
Given what I've read there, rather than just disabling Java, I'm going to uninstall it and see how things work without it.
Thanks CrigW
Check your current enabled Java, if installed:
http://java.com/en/download/installed.jsp
Disable Java:
http://java.com/en/download/help/disable_browser.xml
Install Java:
http://java.com/en/download/manual.jsp
My Java didn't look like the one in the disable link.
I had Java 7 9 so I updated to Java 7 10 and I still don't have that.??
Ha, I had the same issue on two of my three PCs. Apparently, it's some kind of a bug that prevents it from being easily run from the java icon in Control Panel.
The solution is to run javacpl.exe (which is probably in your computer's C:\ProgramFiles\Java\jre7\bin folder).
Run this file and you should see the appropriate Security page allowing you to uncheck "Enable Java content in the browser" and this will disable java in all browsers on your computer.
This worked.
How will we know when there is a fix for Java?
Thank you very much. Nice to have all of this information on here.
Mary, Nuvi 2450, Garmin Viago, Honda Navigation, Nuvi 750 (gave to son)
How do I disable Java 6?
...it's strongly recommended that older versions (currently, pre-version 7, Update 10) be uninstalled:
http://java.com/en/download/faq/remove_olderversions.xml
How do I disable (not uninstall) Java 6? The examples all show Java 7.
Phil
"No misfortune is so bad that whining about it won't make it worse."
This is interesting
I took a look at my computer and played with the different links that are listed here. I wanted to see what I had and how correctly things were displayed.
The "check this version" states that there are no versions installed.
The Java control link in control panel shows I have version 7 update 10. That is confirmed in the add/ remove control panel. That makes no sense. I then unchecked the "disable in all browsers".
I also used a program called javara to get rid of all old versions. It will get rid of all old versions and keep the latest.
Javara is here: http://sourceforge.net/projects/javara/
Bottom line is that you may think you don't have any installed, but you are being lied to. I would also recommend you check in the add/remove programs.
This is on a XP pro with SP3.
Nuvi 2460LMT.
Me too!
Me too!
you can't
...it's strongly recommended that older versions (currently, pre-version 7, Update 10) be uninstalled:
http://java.com/en/download/faq/remove_olderversions.xml
How do I disable (not uninstall) Java 6? The examples all show Java 7.
Phil
From the way I understand the article you can not disable any version of Java except the latest version, 7.10
You'd have to uninstall version 6, install version 7.10 then disable java.
. 2 Garmin DriveSmart 61 LMT-S, Nuvi 2689, 2 Nuvi 2460, Zumo 550, Zumo 450, Uniden R3 radar detector with GPS built in, includes RLC info. Uconnect 430N Garmin based, built into my Jeep. .
Update will be coming out shortly
http://www.pcworld.com/article/2025171/oracle-says-java-upda...
Nüvi 255WT with nüMaps Lifetime North America born on 602117815 / Nüvi 3597LMTHD born on 805972514 / I love Friday’s except when I’m on holidays ~ canuk
Re: Update will be coming out shortly
http://www.pcworld.com/article/2025171/oracle-says-java-update-coming-tuesday.html
That's good news. I have seen some blog posts saying that Oracle intended to release a patch sometime in mid-February. Maybe the US-CERT advisory and the attendant publicity got them moving a bit faster.
Alphabet Soup
In my life, CERT = Community Emergency Response Team.
Stupid government...
I'm afraid that I must accept some of the blame since I was sloppy in choosing the original title for this thread. US-CERT is run by DHS. The CERT Program is run by the Software Engineering Program at CMU.
CAM? ITS.
("Clear As Mud? I Thought So.")
Uninstall Java 6?
...it's strongly recommended that older versions (currently, pre-version 7, Update 10) be uninstalled:
http://java.com/en/download/faq/remove_olderversions.xml
How do I disable (not uninstall) Java 6? The examples all show Java 7.
Phil
From the way I understand the article you can not disable any version of Java except the latest version, 7.10
You'd have to uninstall version 6, install version 7.10 then disable java.
Thanks, soberbyker, that's exactly the precise answer I was looking for.
Phil
"No misfortune is so bad that whining about it won't make it worse."
~
In my life, CERT = Community Emergency Response Team.
Stupid government...
I'm afraid that I must accept some of the blame since I was sloppy in choosing the original title for this thread. US-CERT is run by DHS. The CERT Program is run by the Software Engineering Program at CMU.
CAM? ITS.
("Clear As Mud? I Thought So.")
Government needs an agency to oversee acronyms to prevent duplication/confusion.
*Keith* MacBook Pro *wifi iPad(2012) w/BadElf GPS & iPhone6 + Navigon*
Even Better...
Government needs an agency to oversee acronyms to prevent duplication/confusion.
What would be even better would be multiple overlapping agencies, e.g., one in each of...
- the Department of Commerce,
- the Department of Homeland Security,
- the Department of Defense (man, they would have a field day!)
- etc.
...and they could all be coordinated by the Department of Redundancy Department.
Acronyms
When using acronyms I try to always follow one with its full definition the first time it is used. Other wise I get confused myself.
Java SE 7 Update 11 plugs security hole.
Java SE 7 Update 11 is available on the Java website and addresses the security vulnerability.
Java SE 7 Update 11 Released:
https://blogs.oracle.com/java/entry/java_vulnerabilities_add...
Zumo 550 & Zumo 665 My alarm clock is sunshine on chrome.
Good to know
Java SE 7 Update 11 is available on the Java website and addresses the security vulnerability.
Java SE 7 Update 11 Released:
https://blogs.oracle.com/java/entry/java_vulnerabilities_addressed
It's good to know there's now a fix.
But for now, I've uninstalled my Java and haven't seen anything not working, so I won't install the new version unless I find that I need it.
I tried looking but didn't find any list. Does anyone know what common web sites or software requires Java (not javascript) to work?
I'm also trying to remember--does Java pretty much come on Windows PCs or did I think I needed it and therefore manually installed it to my PCs at some point in the distant past?
Remove?
I am very reluctant to follow any advice given by your "Homeland" agency.
I have yet to see any adverse effects on my laptop, but then I am using "Firefox" and NOT Internet Explorer.
They also advise against travel to and into Mexico. I, as well as hundreds of thousands people spend their winters or vacations in Mexico without any incidents.
I have been in Mexico since October the 29th.
Nuvi 2797LMT, DriveSmart 50 LMT-HD, Using Windows 10. DashCam A108C with GPS.
.
I tried looking but didn't find any list. Does anyone know what common web sites or software requires Java (not javascript) to work?
There's a list of "Popular sites using Java" at...
http://w3techs.com/technologies/details/pl-java/all/all
...but that list includes LinkedIn.com and PayPal.com -- both of which I use -- so I don't fully believe it. It may be that those sites used to use Java, or perhaps they have specific features that can use Java if it is available, but it certainly doesn't seem to be an absolute requirement.
I'm also trying to remember--does Java pretty much come on Windows PCs or did I think I needed it and therefore manually installed it to my PCs at some point in the distant past?
Plain installs of Windows do not include Java. IIRC, years ago Microsoft used to bundle its own version of Java with IE but (mercifully) that stopped.
Beware
Beware
A GPS can take you where You want to go but never where you WANT to be.
.
I am very reluctant to follow any advice given by your "Homeland" agency.
Suit yourself, I guess. BTW, it's not my "'Homeland' agency"; I'm a Canadian too.
They also advise against travel to and into Mexico. I, as well as hundreds of thousands people spend their winters or vacations in Mexico without any incidents.
I have been in Mexico since October the 29th.
The U.S. Department of State (not DHS) has issued warnings about travel to certain areas of Mexico, but so has the Government of Canada. Some parts of Mexico are very dangerous places right now.
Experts say new Java update does *NOT* solve the many problems
Java SE 7 Update 11 is available on the Java website and addresses the security vulnerability.
Java SE 7 Update 11 Released:
https://blogs.oracle.com/java/entry/java_vulnerabilities_addressed
NOT TRUE! It only addresses two of the many vulnerabilities, and experts still advise removing Java from your system despite this update:
http://www.msnbc.msn.com/id/50453720#.UPQRZoaKWSo
One effective way to remove all versions of Java from your system is to go to Control Panel in Start and Add or Remove Programs and nuke each version of Java from there.
Then open each web browser you use and go to http://javatester.org/version.html and make sure it does not show Java as still working.
JMoo On
Thanks
I tried looking but didn't find any list. Does anyone know what common web sites or software requires Java (not javascript) to work?
There's a list of "Popular sites using Java" at...
http://w3techs.com/technologies/details/pl-java/all/all
...but that list includes LinkedIn.com and PayPal.com -- both of which I use -- so I don't fully believe it...
Thanks. I agree with you. I routinely use three sites listed as Popular sites using Java and all work fine with Java fully uninstalled.
Rev 11
Rev 11 is out today.
Java, MS...
New stuff from Oracle on Java, but as others have said, if you don't need it, don't install it.
Also an update from Microsoft fixing some current issues with one of their programs, explorer or some such.
Nuvi 2460, 680, DATUM Tymserve 2100, Trimble Thunderbolt, Ham radio, Macintosh, Linux, Windows
Off the original question
I am very reluctant to follow any advice given by your "Homeland" agency.
I have yet to see any adverse effects on my laptop, but then I am using "Firefox" and NOT Internet Explorer.
They also advise against travel to and into Mexico. I, as well as hundreds of thousands people spend their winters or vacations in Mexico without any incidents.
I have been in Mexico since October the 29th.
We would love to go to Mexico again some day but have been told not to.
Where in Mexico do you go and how safe is it?
Thanks
Mary, Nuvi 2450, Garmin Viago, Honda Navigation, Nuvi 750 (gave to son)
E-Bay
I use e-bay a lot. I went to my account and see everything.
Has anyone tried to buy somehting since they disabled Java and did it work?
Mary, Nuvi 2450, Garmin Viago, Honda Navigation, Nuvi 750 (gave to son)
Pay pal
Also logged into Pay pal and it worked also.
Mary, Nuvi 2450, Garmin Viago, Honda Navigation, Nuvi 750 (gave to son)
It should be fixed soon, too
It should be fixed soon, too bad SUN MS doesn't see the need to rush so who knows. IE is always going to be a target, I rarely use it. Stick with Firefox or Chrome.
Problem installing JRE7u11
If you have a problem installing 7u11, uninstall (using add/remove programs) the old JavaFX. It's obsolete and useless and interferes with the new plugin installation.