dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
34

Selenia
Gentoo Convert
Premium Member
join:2006-09-22
Fort Smith, AR

1 edit

Selenia to chrisretusn

Premium Member

to chrisretusn

Re: Feds warn PC users to disable Java

In my case, it was safe to block the plugin. Only thing it was needed for was LAN resources. Fine, blocking it at network still lets you run and develop Java app and applets while eliminating the attack vector of the plugin. You could remove the plugin, chris, if you only need Java for local apps. No sites I visit actually need it. Only some of my programs and LAN applets I play with use Java. The LAN resources are the only reason I even kept the plugin installed. Otherwise, I could remove it and go without it completely. That being said, Notscript for Chrome/Chromium and Noscript for Firefox/Iceweasel are pretty easy to use, flexible, and close the attack vector to untrusted sources. My network block is to protect family's computers(their terrible computer skills of overriding something that will harm them until it works is terrible, so my gateway catches it instead) that join my network. Nobody has complained of their vital pages/services not working. I could override it just for me but haven't had to for anything. I know Runescape wouldn't, but oh well, one way to keep family off that awful game to have some actual family time when they visit(coming from an MMO fan, just hate Runescape).

chrisretusn
Retired
Premium Member
join:2007-08-13
Philippines

chrisretusn

Premium Member

I do have the plug-in disabled or not installed in some of my installations. Actually in a few instances Java is not installed either. If I don't need it, it's not installed. This computer I am using now is running Slackware64 with OpenJDK and the IcedTea-Web Plugin. (Not because I think it safer by the way, it's not.) I enable it when I need it; for example that Runescape site you like so much.

I don't really play it, just using that as an example. I did check it out just now, it fetching updates right now... oops..... just dumped me out and crashed Firefox. Oh well. Not a big deal, I'm more in to console games than PC ones. That and I don't care of on-line games.

I'm not all that concerned over this threat. It just like any other threat out there, except this one has taken on a life of it own as the threat to hate. Reminds me of Facebook, which I use on occasion and find it quite useful; like the Java programs I use.

I also have NoScript installed, I don't use Chrome. There are no Windows installation in my house, they are not allowed, with a few exceptions, my "work" laptop (dual boot, rarely to Windows, always to Slackware) or running in a VirtualBox VM on this machine. Only the laptop has Java installed because I need it for programs not browsing.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird

Premium Member

said by chrisretusn:

... I'm not all that concerned over this threat. It just like any other threat out there, except this one has taken on a life of it own as the threat to hate. Reminds me of Facebook, which I use on occasion and find it quite useful; like the Java programs I use. ...

According to Kaspersky Lab's 3rd-Quarter report, the concern is probably justified, especially given Java's prominence in current infections and the number of Java installations constituting potential targets. From IT Threat Evolution: Q3 2012:
quote:
... 2012 can justifiably be described as the year of the Java vulnerability, with half of all detected exploit-based attacks targeting vulnerabilities in Oracle Java. Today, Java is installed on more than 3 billion devices running under various operating systems. ...

rcdailey
Dragoonfly
Premium Member
join:2005-03-29
Rialto, CA

1 edit

rcdailey

Premium Member

I have Java installed on five systems, and decided not to uninstall it. Instead, I used the java control panel security tab to disable it in all browsers. That way I did not have to individual disable the plugins.

Added: One thing I forgot to mention is that disabling the browsers in the Java control panel also requires a restart to take effect. That's a small pain in the behind.