dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6282
share rss forum feed


goalieskates
Premium
join:2004-09-12
land of big

2 recommendations

reply to no__1__here

Re: Feds warn PC users to disable Java

said by no__1__here:

That Mozilla "Check Your Plugins" page is misleading. I do not have Java installed at all, and yet I get the same "we've disabled it, please update" message.

I'd be distinctly unamused if Mozilla took it upon itself to disable Java or anything else. It's their right to warn me, it's not their right to reach out and do it for me.


HA Nut
Premium
join:2004-05-13
USA
reply to Oleg

I find this warning strangely funny. I work in an industry that REQUIRES federal reporting and the only way to report is via an online Java application...



no__1__here
Premium
join:2003-10-13
Tomball, TX
Reviews:
·AT&T Southwest

1 recommendation

reply to Cartel

Click for full size
Wrong!
That Mozilla "Check Your Plugins" page is misleading. I do not have Java installed at all, and yet I get the same "we've disabled it, please update" message.


Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth
Reviews:
·Comcast Formerl..
reply to Name Game

good point ..


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

1 recommendation

reply to onDvine

said by onDvine:

I ran into that page yesterday along with a list of plugins that weren't up to date.

Felt forced to update Java so I did but used WinPatrol to disable/remove everything possible afterwards. Am not sure the out of date plugins are worth messing with. I don't use IE and never accepted the EULA for applications in Windows Live Essentials 2011.

I rest my case.


onDvine
Don't Litter. Spay-Neuter.
Premium
join:2005-01-29
So. CA, USA
kudos:9
Reviews:
·Verizon Online DSL

2 edits
reply to Cartel

I ran into that page yesterday along with a list of plugins that weren't up to date.

Felt forced to update Java so I did but used WinPatrol to disable/remove everything possible afterwards. Am not sure the out of date plugins are worth messing with. I don't use IE and never accepted the EULA for applications in Windows Live Essentials 2011.

Edit: I just disabled the two plugins with "Java" in their names.

2nd Edit: Didn't have Java before Oracle took advantage of my ignorance and tricked me into that download. Nothing I do needs it. Uninstalled using Add/Remove Programs and searched for/deleted everything Java created when it installed. Sneaky!



Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

1 edit
reply to Oleg

Click for full size
Click for full size
This is probably good for 300-400 million computers that wouldn't otherwise be vulnerable.


Upgrade link takes you to the install java page.
60-70% users are clicking that up guaranteed.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

reply to dandelion

said by dandelion:

Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds.
I have read 2-3 posts all about java but this is the first time I have read about other applications also.

I think the reasoning is that certain Microsoft application software like Office have built-in 'features' that invoke IE to display certain web-residing information within the application software itself, so that a user who never ordinarily uses IE may still be exposed to the Java vulnerability if the exploits exist within pages that IE silently opens.

I did a couple of hours of researching this before finally uninstalling Java last night from the last of my systems that still had it. In the course of doing the research, I read a great number of reports about this and earlier Java exploits. Somewhere in all of that (unfortunately, I lost the reference, though I did write down the details) was information that shutting off Java from within IE's 'Add-on' control panel, etc. was only sufficient to block IE from employing Java's ActiveX in a normal IE user browsing session. It was not sufficient to block IE's invoking of Java's ActiveX software when IE was being used in the background by an external program like Office. To block that path, the report indicated that either/both jp2iexp.dll and/or npjpi170_06.dll files also needed to be directly disabled in the c:\program files\java\jdk7\bin folder. Whether all such pathways could be totally blocked by using the Java Control Panel browsing-block setting was never addressed. Rather than mess around any further with Java uncertainties, workarounds, patches, and perpetually-recurring security nightmares, I elected to simply uninstall Java on the remaining system and see if anyone here actually notices its absence. If they do and resulting complaints are loud, I'll cross that bridge when I come to it...
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
kudos:5
Reviews:
·Comcast
reply to Oleg

Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds.
I have read 2-3 posts all about java but this is the first time I have read about other applications also.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Oleg

»Java is still exploitable and is likely going to remain so..



Oleg
Premium
join:2003-12-08
Birmingham, AL
kudos:2

The Department of Homeland Security is urging computer users to disable or uninstall the Java programming language because of a serious security vulnerability.
»www.ksdk.com/news/local/story.as···d=356669

This is why i do not have Sun Java installed on my system.