dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10
share rss forum feed

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to MagnusM

Re: Java flaw allows complete bypass of security sandbox

I am getting really tired of being "authoritatively" told (not just by you either) to uninstall Java. I have to have Java for an important application I own and for Visualware and Web100 speed tests. I don't use joke Flash speed tests.

The more sensible answer would be to suggest that users keep Java unchecked in the Control Panel for both IE and nonActiveX browsers until they must use Java, and they are sure the website has not been compromised, or that their application that requires Java is also clean, and then they should enable Java only on one type of browser and only for as long as needed and then disable it again.

Another suggestion would be that knowledgeable users consider using a virtual machine for risky things like Java.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

4 edits
said by Mele20:

The more sensible answer would be to suggest that users keep Java unchecked in the Control Panel for both IE and nonActiveX browsers until they must use Java

one of the tabs I opened was to a site that uses Java and it started Java right up

maybe you need to disable "java"?

FYI, short of uninstalling "java", "USCert" recommends using "firefox" with the "noscript" addon:

»www.kb.cert.org/vuls/id/636312

"Use NoScript.. Using the Mozilla Firefox NoScript extension to whitelist web sites that can run scripts and access installed plugins will mitigate this vulnerability. See the NoScript FAQ for more information"..

similar to using "noscript", you could follow microsoft's recommendation to use high security-settings in IE and, then, "whitelist" some websites, as necessary, by adding them to IE's "trusted sites" zone..


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to Mele20
BTW ever try this ...Need to see the HTML source of a website you don't want to browse to but only have a PC with no tools? Run Notepad and File/Open the URL.


rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA
Neat trick. Safe, too.