A number of recent cyber-attacks, including high-profile security breaches at Apple and Facebook headquarters, have been “successful” by exploiting a single point of vulnerability: Java. The scary part about this is that Java makes most users on the web—even Mac users—highly susceptible to malware attacks.
Thankfully, there are relatively simple steps you can take to mitigate the risk involved with Java. Read on to find out how to make your office or home much more secure.
What Is Java?
When people say that Java is a security risk, what they’re usually talking about is the web browser plugin that enables you to run applications written with the Java programming language. We should point out that this is different from the Java platform (called a “runtime”) that exists on your computer, apart from your browser.
The problem with the Java plugin is twofold. First off, the way the plugin interacts with your computer makes it characteristically prone to holes that cybercriminals can exploit. In fact, there are so many security holes that, recently, Oracle (the company that owns Java) has had to release two or three security patches per week just to keep up with hackers.
Secondly, these security patches do not get automatically pushed to users. Since Java updates come from Oracle, a separate entity, they are not part of automatic browser updates. And if you’re running an outdated version of the Java plugin, you are highly vulnerable to cyber attacks.
Scary, right? But what’s even more scary is that a recent study by WebSense shows that around 95 percent of users are running outdated versions of the Java plugin.
What Can You Do About It?
The consensus on this question, as echoed by the U.S. Department of Homeland Security earlier this year, is that you should disable the Java plugin in your browser. This may sound extreme, but Java actually isn't all that necessary to everyday browsing. Unless you know that you need the Java plugin to do your work, it’s likely that you won’t even notice it’s gone.
How To Disable Java In Your Browsers
In most browsers (with the notable exception of Internet Explorer), disabling the Java plugin is relatively simple. Here’s a quick rundown:
- In Chrome, simply enter “chrome://plugins” in the address bar, find the “Java(TM)” plugin, and click toDisable it.
- In Safari, click the Safari menu, select Preferences, and then select Security. Then, unclick the check box beside Enable Java.
- In Firefox on a PC, simply click the Firefox menu at the top of the page, and then select Add-ons. Then, select Plugins, and click the Disable button beside the plugin labeled “Java(TM) Platform.”
- In Firefox on a Mac, click the Tools menu, select Add-ons, and then click to Disable the “Java(TM) Platform.”
Do note that recent versions of some web browsers (as well as recent updates of Mac OS X) may have automatically disabled Java for you. Still, it’s a good idea to double check. And as for Internet Explorer, the process is a bit more complicated. Feel free to give us a shout if you’d like help disabling Java there.
If you find yourself needing Java to view something important, it’s easy to re-enable it. But this won’t likely happen often. Again, unless you know for sure that you rely on the Java plugin, it is much safer just to leave it disabled. The good news here is that doing so will close a major security loophole.