The comments are great.
Aside from the very, very real warning about this (here's the serious one)
comments from the Yahoo site were funny but sad at the same time, sad because the posters just think it's another cry of 'here's the wolf''. Folk tend to ignore them now 'cause there has been so many.
To My Good Friends Corona and Hazel,
I first became aware of this issue while checking the news on my primary E-mail. I then checked my Add/Remove list; oops wrong place to go. Then I checked my add-ons and bless Firefox's heart they had already disabled Java 7 Update 9 for me. My kind of computer help. Then I hopped on the Forum and read your posts. Please assist this poor ole dumb paranoiac with your great wisdom. Am I in good shape now or in shark-infested waters. I have to go but will certainly check back for your valued advice. Take care dear folks.
Warlock
If they have only disabled the Update then perhaps the previous version of Java is still active and makes you just as vulnerable.
Hi Alan,
Sorry I missed you as I had already signed off. Thanks for hopping in. I was under the impression that the entire plugin was disabled. I guess I'm not following what you are presenting to me. Any further would be appreciated. Got to go again so will check back later hopefully and with no complicated issues, aka land mines. Take care.
Warlock
They've only just realised to disable Java. How many years late is that?
Andavari, have you always had Java disabled? To be honest I haven't given it much thought and have always had Java enabled. However, due to this post, I just now disabled Java Platform in Firefox.
Warlock was right. I also looked at my Firefox Java applet and they have disabled it without my interference.
Hi Razz, like Andavari I've had java uninstalled for years. If you don't need it (which few people do) just uninstall it.
On the aside, oooh, I almost feel as smart as Hazelnut, if only for a brief moment.
I think that was a compliment, but as it was from you Corona it may not have been
Regarding java, info here which may help poeple as it shows not only how to uninstall java but how to disable it depending on which browser you have.
No Hazelnut, that was a compliment. And thanks, I'll read up on your post.
Hi Alan,
Sorry I missed you as I had already signed off. Thanks for hopping in. I was under the impression that the entire plugin was disabled. I guess I'm not following what you are presenting to me. Any further would be appreciated. Got to go again so will check back later hopefully and with no complicated issues, aka land mines. Take care.
Warlock
Last night I chose to conceal my ignorance by waiting for experts to clarify the situation for you (and for me).
So far I am still not sure of the exact situation, but my views are :-
1. It is quite possible that you do NOT have JAVA installed in which case I believe you are not subject to this latest "zero day" vulnerability that Oracle knew about since early last year.
2. Javascript and JAVA are very different and should not be confused.
3. Javascript is something that comes out of a website you are currently connected to,
and does its special job regardless of whether you have a JAVA installation.
When you disconnect from that site the Javascript should die.
4. Javascript can be a security hazard but can be thwarted by NOSCRIPT and probably other things.
5. Javascript is NOT the subject of this topic. The problem is a JAVA installation.
6. You probably get a JAVA installation along with Adobe Flash and other security hazards and bloated freeware if you buy a computer with Windows Pre-installed,
but the supplier has a "clean conscience" because he also preloaded a trial version of a Security suite to protect you -
and when you cannot uninstall and have to pay a licence fee I guess the supplier gets a commission.
Every one wins - except the customer.
Otherwise you should be in the clear unless you have chosen/permitted a JAVA installation.
7. In the past JAVA security updates always left the superseded vulnerable version installed,
and attacks that the latest version could resist were able to bypass the latest and gain access through the earlier vulnerable versions that had NOT been removed.
http://www.computerh...p?topic=61227.0
In the past the CCleaner forum has strongly recommended the use of JAVARA to remove obsolete JAVA installations and thus :-
Enhance security from malware ; and
Gain a few hundred MBytes extra free space.
http://singularlabs....oftware/javara/
8. I am NOT HAPPY with misinformation I encountered via Hazel's link
Oh dear - I fear that has put me alongside Corona on Hazelnut's "Watch List",
her avatar will now be glaring down at both of us
The link takes me to
...
How to disable Java in Firefox
...
I have Palemoon which is based on Firefox so I click on the link which takes me to
http://nakedsecurity...le-java-chrome/
This is disinformation from a company that would not exist if malware did not exist.
This has two main headings :-
"Windows removal instructions"
and
"Firefox disable instructions"
Under the heading "Windows removal instructions" they tell how to remove via the Control Panel -> Programs.
I find it disappointing that a security company that exists due to malware would risk our protection by allowing older vulnerable versions to remain installed.
I suppose they have their reasons.
Then they tell me to visit http://java.com.
In fear and trepidation I click on the link
I see a massive invitation to DOWNLOAD JAVA TODAY, but underneath is the faint tiny link "Do I have Java?"
I click and get to
http://java.com/en/d...d/installed.jsp
This looks similar to, but also different from, what Sophos said.
Under the heading "Verify Java version" it does NOT say
"No working Java was detected ..."
and the big red button is not inscribed
"Download Java Now"
Instead the text reads
"Check to ensure that you have the recommended version of Java ..."
and the button is inscribed "Verify Java version".
I click the big red button,
confident that I will suffer no permanent harm because I am about to restore a partition image that will remove any Java that comes my way.
Click done - Now I see what Sophos promised
"No working Java was detected ..."
This was followed by a Pop-Up from JAVA asking "Tell us what you think"
They really do not want to know what I think of Java
Under the heading "Firefox disable instructions" it tells me to look at my Plugins.
I am happy to say that this PC has never had any JAVA or Silverlight Plugin.
My Conclusion :-
For present and future safety it is best to use JavaRa to exterminate every trace of JAVA
and it will give the benefit of more free space.
N.B.
I am "Old School" and it works for me
Alan to cut your long story short...
just remove java via 'add/remove programs' in XP or later operating systems from 'programs and features'.
Job done.
For anyone who absolutely has no choice but to run java (for whatever reason) oracle has released today the update which fixes the security exploit.
JRE 7 update 11
http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html
I keep java installed for Minecraft and Libreoffice, but I cannot remember the last time I had enabled the browser plugin and used it.
well, i've decided to bite the bullet and remove JRE from my PC. (the exploit apparently only effects JDK but i don't know enough on java to know how similar JRE & JDK are and what they share)
it's the only way i'll tell what i use that in turn needs java.
not just this forum, but i've never come across a topic like java that gets to everyone as passionately as this one.
Hi Razz, like Andavari I've had java uninstalled for years. If you don't need it (which few people do) just uninstall it.
I uninstalled java after this topic: http://forum.pirifor...ava#entry194784
Have never looked back. Almost never need it, maybe twice in almost a year and a half.
Before this, I would install it on a temporary basis if some web site just HAD to have it, but no more.
If the website just HAS to have it, I shall skip that site.
I wouldn't uninstall anything just because the US gvt says to, but if Hazelnut doesn't like it, it's gone.
I uninstalled Java. Unfortunately my wife needs it to play games on Pogo, so on her PC I disabled Java in Fierefox and left it enabled on her IE. Now she only uses IE for Pogo and Firefox for everything else.