Ok...I figure someone in here is bound to know if this is a legit concern for everyone or not. Lately I'm seeing more and more mention of the Java vulnerability issue, with everyone being recommended to disable Java script on their browsers.

Legit concern or not? I have googled several reads on it and it seems to be fairly consistent on the need to disable.

Thoughts?

I went ahead and uninstalled it today and ran a scan. nada.

I figured better safe than sorry. I am curious to see what others will say about this. I am by NO means a computer officianado.

Legit. I havent had a virus on my computer in a few years. Yesterday morning I had a notice saying that a Java update was available. I selected ok, DL'd and installed the update as I've done dozens of times. About an hour later I had a screen pop up, saying that my computer was locked by the Justice Dept...etc etc. Turns out i got the "FBI" virus which after doing some research I discovered is being spread through a Java security hole.

Just my experience. Hope it helps.

Legit. I havent had a virus on my computer in a few years. Yesterday morning I had a notice saying that a Java update was available. I selected ok, DL'd and installed the update as I've done dozens of times. About an hour later I had a screen pop up, saying that my computer was locked by the Justice Dept...etc etc. Turns out i got the "FBI" virus which after doing some research I discovered is being spread through a Java security hole.

Just my experience. Hope it helps.

Just curious, what kind of AV are you running?

Malware bytes

Java and Javascript are not the same thing, related though. You should keep your java updated though. Its highly unlikely that the update you did had anything to do with the FBI virus.

Admittedly I was in ohio on a business trip and had not updated in over a week

Yeah, I kind of doubt your update had anything to do with your infection. It's always possible but not highly likely. I love Malwarebytes for an on-demand scan but unless it has changed it is not an anti-virus program. It is a program you would use in conjunction with an AV.

There was a segment on this tonight on NBC News. The problem, as they explained it, is with Java 7, which they recommend you disable (while Java works on a fix). It is different from Java Script, which is okay.

There is no real connection between Java and javascript. One is a platform and the other is a language.

I see no way to disable Java on IE 8 or Firefox either (using Windows XP). Should I uninstall Java? How will that affect online computer performance?

Dillo I have the same questions . Im not a knowledgeable computer guy just know how to use one LOL ! What does disabling Java do and what limitations will I have on computer use ? Thx...

There are several versions of Java 7 so I don't know if they were talking about the latest which is Java 7 update 10 or not. However doing a little research I haven't found any strong proof to disable or remove the latest version. If you don't have the most up to date version I would suggest you install it if you are going to keep it on your system. If you don't want to keep it or you want to disable it the following link will tell you how to do so. Just keep in mind Java is used by a lot of different things so you may find yourself trying to access or navigate somewhere and they will prompt you to download the program in order to proceed.

java (http://www.java.com/en/download/faq/whatis_java.xml)

According to a Washington Times article, if you have Java 7 you should first get Update 10 and then disable Java. It also tells you how to do it, which I've already done. It also says that a Java patch is due on Tuesday to fix 86 vulnerabilities. (Only 86? That sounds good.)

I'm not providing a link right now because my computer is running so slow this morning it has taken three attempts, after three reboots, just to open this thread. If I'm able to go to the article again and then get back here, I'll post the link.

http://communities.washingtontimes.com/neighborhood/life-lisa/2013/jan/12/how-disable-java-following-homeland-security-warni/

I hope this post goes through.

Good find coco. I did some checking this morning and came across the following:

http://blog.malwarebytes.org/intelligence/2013/01/cta-unpatched-java-exploit-in-the-wild/#

I found the article interesting in that it says certain browsers, like Mozilla Firefox, may be disabling Java automatically. This could be the case with my machine since I did a check for Java at their site last night and it did not return info saying I already had it installed, but I have both the x64 version and the x86 version.

If you are using Mozilla Firefox, Java might already be disabled because it seems that some browsers are taking the initiative and just disabling it automatically because of the threat.

There is no real connection between Java and javascript. One is a platform and the other is a language.

Both are languages. What Java does is run interpreted through a virtual machine, meaning it can be run cross-platform without any code adjustments.

Both are rife with vulnerabilities and along with Flash constitute the biggest avenues for malware on the Web. It's worth noting that almost all of these vulnerabilities are exploited through remnant ad servers, so step 1 always for Web security is to install Adblock.

Javascript and Java aren't really even related; syntactically they share similarities with a lot of C variants, but that's about it.

I have had Java disabled on Chrome for a long, long time.

Java is both a platform and a language. My point was to make a discernment between the two since so many people think they are closely related. I totally agree that many exploits come through Java and much of that is to do with people not keeping it updated.

Javascript is, too, a platform in that sense. The engines that interpret Javascript are essentially analogs to the JVM.

http://communities.washingtontimes.com/neighborhood/life-lisa/2013/jan/12/how-disable-java-following-homeland-security-warni/

I hope this post goes through.

From your linked article..."If you have Java 7, the easiest way to disable it is to make sure you have Update 10 and you are not using Internet Explorer. If you do not have Update 10 but have Java 7, upgrade to Update 10. This will allow you to more easily disable the program than if you have previous Updates.

Next, go to the Java control panel. To access the Java control panel in windows, go to start/control panel and click on Java.

After the Java control panel appears, click on the Security tab.

De-select “Enable Java content in the browser.”

That will stop Java from running on your computer."

My question to the brighter geeks in here--does this mean I can use a one-step process and it disables Java from running in both of my browsers? I have both IE9 and Chrome as browsers so I was thinking I might need to disable Java on both...individually. This article makes it sound like a one-step method.

Someone here have an answer?

By going through the Java Control Panel it will be disabled in all browsers.

Site is slow to load but the info is here (http://www.java.com/en/download/help/disable_browser.xml)

The latest I have found on the Java exploit is in the following article. The newest version is 7 update 11. Keep in mind security experts are very cautious about this fix and with Java's history rightfully so. The best advice, imo, is to leave it disabled unless you need it or do what others have suggested and use one browser where it is disabled all the time for most surfing. With that in mind I would still suggest installing the latest version if you plan to use it. This should automatically remove older versions but it would be best to go into the Control Panel and check after you have done so. If there are any versions other that 7 update 11 unistall them.

Despite Oracle’s emergency fix to patch a serious vulnerability in its widely used Java software, several security experts on Monday advised computer users to minimize using the product, because of fears more flaws will be discovered.

"This is definitely a temporary fix," said Sorin Mustaca, a data security expert with Avira, a German-based company that sells anti-virus software. "If you do a fix under a lot of pressure and very, very fast, then only one thing will happen: more vulnerabilities. So, for me, this is just the rain before the storm. I think it will get worse, it will get much worse."
Photos


Still, Mustaca recommended installing Oracle’s security patch, which is available here: http://java.com/en/download/index.jsp

But once that is done, he advised computer users to disable Java and only switch it on when absolutely necessary for some functions, such as those that handle stock trades and employee payrolls.

http://www.sltrib.com/sltrib/money/55634816-79/java-fix-security-computer.html.csp

I haven't had any problems but I updated to the latest version anyways.

Thanks for all the info!

You're welcome.

Here's some more info from PC Pitstop. This comes from a blog where he is recommending to totally remove Java and only reinstall it if you run across a site that you have to have it. I thought it was worth passing along to help people make up their own minds.



Uninstall Java Now!

The Department of Homeland Security recently recommended that everyone disable Java. We at PC Pitstop will go one step further and recommend that everyone uninstall Java immediately. Here is why Java is such a threat to your computer, security, data and your identity.

First a little history. Back in the late 90′s, Java represented one of the core technologies that brought the web together. Java could run on Linux, Macs, and of course Windows, seamlessly. A developer did not need to create a separate version for each platform, and this simplicity drove a lot of Java’s adoption on the web.

As time has gone on, other technologies such as Flash and now HTML5 have essentially replaced Java as the standard for “web” applications. Every once in a while, we all come upon an old web site that still relies on Java, and that’s how Java gets on our machines.

The problem, and it is a big problem, is that Java has many security holes in it. If you have Java installed on your system, and you browse to a compromised web site, your computer is immediately infected. Let me repeat that. You don’t have to execute any malicious software, the malware enters through the security hole without your consent or knowledge. In the security business, this is defined as an exploit – a compromised web site and a vulnerable computer.

http://techtalk.pcpitstop.com/2013/01/16/uninstall-java-now/?rob-java=

You could alternately switch to Chrome which makes you confirm if you want Java to run on any given page.