1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

US-CERT: Disable Java

Discussion in 'Tech Talk - Gadgets, Gizmos and Technology' started by SayWhat?, Jan 11, 2013.

  1. jimmie57

    jimmie57 Hall Of Fame

    7,524
    433
    Jun 26, 2010
    Texas City, TX
    It is possible that you do not have it installed at all.

    If you go to Java.com it checks to see if you have it as soon as you get to the site. If it tells you to Download it for free or similar then you do not have it.
     
  2. wilbur_the_goose

    wilbur_the_goose Hall Of Fame

    4,523
    62
    Aug 16, 2006
    Oracle patched Java today - 7u11.
     
  3. billsharpe

    billsharpe Hall Of Fame

    2,748
    80
    Jan 25, 2007
    Southern...
    Just pay attention when you install or update Java. On one computer it asked me if I wanted to install McAfee a/v. Had to uncheck to proceed without it. On a second computer it asked me if I wanted to have Ask as my search engine and ask.com as my home page. Again, I had to uncheck to proceed.

    GoDaddy would not open their upload/download Java applet when I tried to update my web site. GoDaddy insisted my current Java was out of date.
     
  4. dpeters11

    dpeters11 Hall Of Fame

    16,345
    503
    May 30, 2007
    Cincinnati
    Interesting that they changed the default setting to high. In your experience though, do people tend to just hit allow?
     
  5. dpeters11

    dpeters11 Hall Of Fame

    16,345
    503
    May 30, 2007
    Cincinnati
  6. heathramos

    heathramos Legend

    277
    0
    Dec 19, 2005
    do browsers that offer some type of sandboxing provide any protection from these types of exploits?

    java updates don't seem to ever help for very long
     
  7. wilbur_the_goose

    wilbur_the_goose Hall Of Fame

    4,523
    62
    Aug 16, 2006
    Unfortunately, yes, they normally just hit "allow".

    For me (I'm a CISSP), the only safe Java is no Java.
     
  8. dpeters11

    dpeters11 Hall Of Fame

    16,345
    503
    May 30, 2007
    Cincinnati
    Agreed, problem is that at my employer, there are a lot of sites, including at the Federal level (PACER, USPTO for patent filing etc) that require Java. We're working on a solution for USPTO, since they only support Java 6, using a Terminal Server. PACER is used by a very large portion of the firm.
     
  9. houskamp

    houskamp Active Member

    8,636
    3
    Sep 14, 2006
    GM uses java app for programing ecms on cars..
     
  10. AntAltMike

    AntAltMike Hall Of Fame

    3,790
    108
    Nov 20, 2004
    College...
    I just got this e-mail from norton@nortonfromsymantec.com

    **********************************************

    You are protected
    against the latest
    Java vulnerability


    You may have recently seen some of the extensive news coverage, including statements from the United States Department of Homeland Security, regarding a vulnerability in Java. Java is both a language and a platform to run websites and programs used by many computer users, both on the PC and Mac operating systems. This vulnerability leaves millions of computers open to malware attacks and can lure online traffic to virus-infected websites.

    Rest assured, because you have a Norton security software product installed on your computer, you’re protected against the Java bug (CVE-2013-0422), as long as you have not disabled the automatic updates feature.

    We also recommend that you apply Oracle’s recently released security patch and make sure you are running the most updated version of Java.

    Thank you for being a valued Norton customer.

    Sincerely,
    The Norton Team

    Learn more about Java Zero-Day vulnerability

    *************************************


    I haven't clicked the red lettered links. Is this notice on the up-and-up, or is someone trying to sucker me? I have Apache OpenOffice installed, which I thought used to be Oracle Open Office.
     
  11. SayWhat?

    SayWhat? Know Nothing

    6,262
    133
    Jun 6, 2009
    ^^

    First, I wouldn't trust anything from Norton.

    Second, I had heard that O-o wasn't happy under Oracle, so I just went and looked:

    http://en.wikipedia.org/wiki/OpenOffice

    Third, I wouldn't trust anything from Norton.
     
  12. AntAltMike

    AntAltMike Hall Of Fame

    3,790
    108
    Nov 20, 2004
    College...
    What I am trying to confirm is that the e-mail is really from Norton and that the clickable links are to the real Norton. I pay them $60 a year for whatever it is they do, so I am not averse to them doing it, but I just want to make sure that "they" are "them".
     
  13. wingrider01

    wingrider01 Hall Of Fame

    1,764
    2
    Sep 9, 2005
    My first move would be to call them and ask, or go directly to their support site
     
  14. jimmie57

    jimmie57 Hall Of Fame

    7,524
    433
    Jun 26, 2010
    Texas City, TX
    I use Norton Internet Security and I got this email also.
    It is just informing you that they have the problem handled in the security software.
    They are also recommending that you go to the Java website and make sure you have the latest Java on your machine.

    When the first announcement came out I disabled Java in my "Browsers" and have not needed it for one single website since then.
    I do run Open Office and have since 2006. It runs on Java and I need it for that program only.

    As a rule I never click on a link that tells me to go to somewhere, except from ads from stores that I shop at, to check anything.
    Open your Norton product and go to the website from there to be sure you are going to the right place.

    I have been running this software, Norton Internet Security, since I got my new HP machine, it was already installed on it , 3 years ago and have had no problems with it.
     
  15. wilbur_the_goose

    wilbur_the_goose Hall Of Fame

    4,523
    62
    Aug 16, 2006
    In my opinion, as a certified IT security guy, Norton is a waste of money. Microsoft Security Essentials is more effective, has a smaller footprint, and is free.
     
  16. dpeters11

    dpeters11 Hall Of Fame

    16,345
    503
    May 30, 2007
    Cincinnati
    Though didn't they lose certification from av-test?
     
  17. jimmie57

    jimmie57 Hall Of Fame

    7,524
    433
    Jun 26, 2010
    Texas City, TX
    I ran Security Essentials for a couple of years.
    After a full scan with it I would then run a full scan with MalwareBytes. It found several things most of the time that Security essentials missed.
    I can do the same with Norton and MalwareBytes and the latter never finds anything.
     
  18. wingrider01

    wingrider01 Hall Of Fame

    1,764
    2
    Sep 9, 2005
  19. FHSPSU67

    FHSPSU67 CE'er & Retired Engineer DBSTalk Club

    2,592
    41
    Jan 12, 2007
    Windber, PA
    I've also used MSE since it came out and love it - don't even know it's there, unlike McAfee which I used previously.
     
  20. jimmie57

    jimmie57 Hall Of Fame

    7,524
    433
    Jun 26, 2010
    Texas City, TX
    I don't know what Norton Internet Security is rated on the site you all are referencing but Security Essentials is only rated 1.6 out of 6 for Protecction on that site.

    AVG Free version is rated 5 out of 6 for Protection. I did run it for awhile and I did install it on several peoples coumputer a few years ago.

    Edit: If you look at the ratings in May / June the Norton Internet Security is rate 5 out of 6 for Protection.
     

Share This Page