Scanning the web today [October 30] I still do not see a credible "all clear" signal regarding the JAVA exploit. This team came up with a patch:
Researcher Develops Patch for Java Zero-Day, Puts Pressure on Oracle to Deliver its Fix | threatpost
but I don't see affirmative Greenlight from the major 3rd party security firms.
And as the article clearly shows, its not foremost on Oracle's "do list" .
how are the big IT shops coping? Turning off all things Java?
I'd like more information on this JAVA problem too since I've been affected to the tune of 200 bucks for the DELL IT guys to remove the Trojan that was installed on my puter.
From what I've read, the security problem was only supposed to affect JAVA 7, but I had JAVA 6 before all of this bull. The only fix I've seen is to disable JAVA in your web browser.
I took it the next step.... I removed it from my puter!
I'd like to know if JAVA and ORACLE are going to have to pay for this? I wish I was puter savvy enough to remove Malware myself, but since I"m not, I had to get IT to do it. I wouldn't have needed to though, if JAVA wouldn't have had so many security holes in it.
Just disable or uninstall it, no one uses Java anyway
Welcome to the Seven Forums.
You said, "I'd like more information on this JAVA problem". I've highlighted the word this because there is a lot that I could say about the particular flaw that has gotten a lot of press lately. The executive summary is: Java has had hundreds (okay, thousands) of flaws over the years. Oracle thought that it had fixed one particularly nasty flaw that was only in version 7 - it turns out that they only fixed one way of getting to the flawed code. The article mentioned in the original post of this thread does not seem to deal with that particular flaw.
If you had version 6 update (whatever), then you had flaws - just not the one getting a lot of press.
...and no, Oracle will not be paying $$$ for any damages incurred by their flawed code to users like yourself.
I use Java everyday inside a web browser.
I turn off the temp file storage:
I set the security to High:
And I see this when I visit a site that want to run Java stuff:
caveat: there may be an exploit that lets the bad guys run stuff without that popup showing
Even if I were to place a check mark by "Do not show this again....", I'll still see it again because I don't let it store the answer in the temp file area. This is the way that I want it to operate - I want a prompt for every website that wants to run Java stuff.
If you ever get infected again, visit these forums and let people try and walk you thru the cleanup.
January 13, Krebs on Security – (International) Oracle ships critical security update for Java. Oracle released an update for Java to fix the recent critical vulnerability that allowed malware to exploit computers running the program. The update also increases the default security settings for running Java applications from ‘medium’ to ‘high.’ Source: Oracle Ships Critical Security Update for Java — Krebs on Security
I got rid of Java a long time ago. No more worries.
read about it , as it was all in the news about disabling java in the browser .
The U.S. Department of Homeland Security reiterated advice for computer users to disable Oracle Corp.'s widely used Java software for surfing the Web, saying it still poses risks to users after the company released an emergency update over the weekend.
"Unless it is absolutely necessary to run Java in Web browsers, disable it," the Department of Homeland Security's Computer Emergency Readiness Team said on Monday in a posting on its website.
Quote
