The Banyan Theory Blog

Disable Java to Stay Safe Online

posted by Nick

Java has not had a good 2013 so far, suffering from several critical security vulnerabilities in just the first few weeks of the year. The vulnerabilities are so dangerous that the Department of Homeland Security is advising people to disable Java in their web browsers.

Read on to find out how to keep your computers safe by disabling the Java web plugin.

Drawing of the Java logo
Java, not looking so healthy

Java has not had a good 2013 so far, suffering from several critical security vulnerabilities in just the first few weeks of the year. The vulnerabilities are so dangerous that the Department of Homeland Security is advising people to disable Java in their web browsers.

Java has been hit hard with a slew of zero-day attacks starting January 10. (A zero-day attack is one that exploits a previously unknown vulnerability. “Zero-day” means security professionals had zero days to fix the vulnerability before the the attacks started.) News broke that day of a critical security bug being “massively exploited in the wild” by hackers.

Oracle, the company that makes Java, released an emergency security patch four days later to fix the vulnerability. However, it was discovered the very next day that another vulnerability was being exploited in the wild. (“Weaponized” software for exploiting this vulnerability was for sale for $5,000 on a hacker forum.)

Oracle’s failures to properly secure Java has the US CERT (Computer Emergency Readiness Team, part of the Department of Homeland Security) recommending: “Unless it is absolutely necessary to run Java in web browsers, disable it […]. This will help mitigate other Java vulnerabilities that may be discovered in the future.”

Another vulnerability in the Java framework was found on January 28, prompting Apple to remotely disable the Java Web plugin for all Internet-connected Mac computers. Then, on February 1, Twitter announced it had been the victim of a sophisticated hack and is recommending that users disable Java in their browsers.

News of all these attacks should be motivation enough for you to disable Java in your browsers.

How To Disable Java In Your Web Browsers

  • Chrome – Type chrome://plugins in the address bar, then click Disable below any Java plugins.

  • Firefox – Go to the Tools menu and choose Add-ons, click Plugins, then click Disable next to any Java plugins.

  • Safari – Go to the Safari menu and choose Preferences, then go to the Security tab and uncheck the Enable Java checkbox.

  • Internet Explorer – There is not an easy way to disable Java in Internet Explorer, but you can follow these instructions on the Java website. If you’d like to stay safer online and enjoy a better browsing experience all around, consider upgrading to Chrome.

Being Careful Online Isn’t Enough Anymore

Drawing of a laptop showing a blue screen
The Blue Screen of Death

A piece of advice: don’t assume you’re safe just because you avoid visiting “sketchy” websites. As part of the Java exploits above, it was discovered that multiple ad networks were sending people to infected websites after they clicked on legitimate advertisements. Cisco, makers of much of the hardware that powers the Internet, went so far as to say that online ads are more dangerous than adult websites.

How Do These Attack Work?

If you’re curious about how attackers can hack your computer, it’s easier than you might think. The latest trend, and the one that is able to exploit these Java vulnerabilities, is to hack a website and install malware on it. Then, anyone who visits that infected website will be attacked. (When you visit a website, your browser downloads the HTML, images, and other pieces that comprise the website. One of these pieces can be a Java applet.) The actual intrusion occurs when your computer downloads and runs a malicious Java applet that was added to the website by a hacker.

Drawing of a security camera
A virus can literally watch you

Once that intrusion occurs, anything goes. At this point the applet can grab private files and send them back to the hacker, or it can just install a virus on your computer. The virus can be anything – it be a key logger, grabbing passwords as you log in to online accounts; it can make your computer part of a “botnet” that is used to send spam; or it sit in silence, waiting to be activated by the attackers. In general, a virus is just a computer program, so anything your computer can do, a virus can do (like turning on your camera and microphone).

You would be well served to make it a priority to disable the Java web plugin in any browser and on any computer that you use. Spending just a few minutes now will help reduce the risk of falling victim of a time-consuming and possibly expensive attack.

Is Your Website Safe?

At Banyan Theory, we employ several layers of security measures to protect the insurance agency websites we manage. We also do not use Java applets on our websites, making it easy for us to quickly verify that no applets have been added to the websites.

We take security seriously and are constantly monitoring online threats to prevent them from impacting the insurance websites we manage. If you want a company like us managing your website, consider getting an instant quote online.

If you don’t have a website from Banyan Theory, it would be a good idea to check with the person or company who hosts your site to ensure it is safe.

If you have any thoughts or questions that would be helpful to others, please leave a comment below.

Share this — 

Article Comments

There are no comments yet.

Be the First to Leave a Comment

Indicates a required field

(Do not fill out this field, or your comment will be ignored. This field is here to help us protect against automated comments.)
Your name, comment, and URL will appear above after approval. Your email address will not be published.