On Friday serious vulnerabilities in the Java platform were disclosed. Oracle has released Java 7 update 10 in an attempt to address this problem, however many experts are saying that it may take months or even years to address the problems in the Java platform. So what's the average user got to do to protect their computer?
Generally speaking, keeping your software up to date, running good anti-virus software, and doing a monthly ad-ware scan with AdAware or Spybot is enough to keep you feeling relatively secure. However Java is a platform that works across operating systems and different hardware, and therefore it's a juicy target for anyone looking to steal personal information, compromise a computer, or set up a "bot-net".
As a result many experts are recommending that Java be disabled as a precaution. Yet the ubiquitous nature of Java could mean that disabling it isn't feasible, or at least would be an inconvenience, for most users. So are the "experts" overreacting, or is this something that needs to be taken seriously? How does the average user address this threat?
The answer is likely different for everyone. The question that you have to ask yourself is "Which is more inconvenient to me; completely disabling Java and only enabling it when I must, or having my system compromised and having to rebuild and restore from backups?" Also you may look at the sites you frequent and determine if any of them use Java, if they don't, then you're probably better off disabling it. If many of them do, then you may want to set up a separate browser with Java disabled for your general browsing, and have another browser with Java enabled that you use to access trusted sites that require Java. (Details on how to do this can be found here.)
As always, my advice is to err on the side of caution. It's always safer to only have the bare minimum of software running on your computer... making your system as small a target as possible for any potential attackers. Sure it may be a hassle to have to enable Java when you visit sites that require it, however it is a small price to pay when compared to the cleanup that is required should your information or computer be compromised.
About Me
- Jonathan Watts
- Los Angeles, CA, United States
- I have over 15 years of professional experience in the I.T. field, working with individuals and small to mid-size businesses. I've received a certificate in Project Management from UCLA, and I am a member of PMI. I have expertise in Active Directory, Open Directory, VMWare, Windows, Mac OSX, *nix, Exchange, IIS, Cisco, Forefront TMG, MARS, ACS, CSA, EMC, NetApp, and Websense. I've worked in all aspects of I.T., from end-user support to engineering and design.
Subscribe
Posts
Comments