Jump to content
CCleaner Community Forums

US gov tells computer users to disable Java


Corona

Recommended Posts

  • Moderators

Aside from the very, very real warning about this (here's the serious one)

 

http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/

 

comments from the Yahoo site were funny but sad at the same time, sad because the posters just think it's another cry of 'here's the wolf''. Folk tend to ignore them now 'cause there has been so many.

Link to post
Share on other sites

To My Good Friends Corona and Hazel,

 

I first became aware of this issue while checking the news on my primary E-mail. I then checked my Add/Remove list; oops wrong place to go. Then I checked my add-ons and bless Firefox's heart they had already disabled Java 7 Update 9 for me. My kind of computer help. Then I hopped on the Forum and read your posts. Please assist this poor ole dumb paranoiac with your great wisdom. Am I in good shape now or in shark-infested waters. I have to go but will certainly check back for your valued advice. Take care dear folks.

 

Warlock

Link to post
Share on other sites

Hi Alan,

 

Sorry I missed you as I had already signed off. Thanks for hopping in. I was under the impression that the entire plugin was disabled. I guess I'm not following what you are presenting to me. Any further would be appreciated. Got to go again so will check back later hopefully and with no complicated issues, aka land mines. Take care.

 

Warlock

Link to post
Share on other sites

Andavari, have you always had Java disabled? To be honest I haven't given it much thought and have always had Java enabled. However, due to this post, I just now disabled Java Platform in Firefox.

Link to post
Share on other sites

Hi Alan,

 

Sorry I missed you as I had already signed off. Thanks for hopping in. I was under the impression that the entire plugin was disabled. I guess I'm not following what you are presenting to me. Any further would be appreciated. Got to go again so will check back later hopefully and with no complicated issues, aka land mines. Take care.

 

Warlock

 

Last night I chose to conceal my ignorance by waiting for experts to clarify the situation for you (and for me).

 

So far I am still not sure of the exact situation, but my views are :-

 

1. It is quite possible that you do NOT have JAVA installed in which case I believe you are not subject to this latest "zero day" vulnerability that Oracle knew about since early last year.

 

2. Javascript and JAVA are very different and should not be confused.

 

3. Javascript is something that comes out of a website you are currently connected to,

and does its special job regardless of whether you have a JAVA installation.

When you disconnect from that site the Javascript should die.

 

4. Javascript can be a security hazard but can be thwarted by NOSCRIPT and probably other things.

http://noscript.net/features

 

5. Javascript is NOT the subject of this topic. The problem is a JAVA installation.

 

6. You probably get a JAVA installation along with Adobe Flash and other security hazards and bloated freeware if you buy a computer with Windows Pre-installed,

but the supplier has a "clean conscience" because he also preloaded a trial version of a Security suite to protect you -

and when you cannot uninstall and have to pay a licence fee I guess the supplier gets a commission.

Every one wins - except the customer.

Otherwise you should be in the clear unless you have chosen/permitted a JAVA installation.

 

7. In the past JAVA security updates always left the superseded vulnerable version installed,

and attacks that the latest version could resist were able to bypass the latest and gain access through the earlier vulnerable versions that had NOT been removed.

http://www.computerh...p?topic=61227.0

 

In the past the CCleaner forum has strongly recommended the use of JAVARA to remove obsolete JAVA installations and thus :-

Enhance security from malware ; and

Gain a few hundred MBytes extra free space.

http://singularlabs....oftware/javara/

 

8. I am NOT HAPPY with misinformation I encountered via Hazel's link

Oh dear - I fear that has put me alongside Corona on Hazelnut's "Watch List",

her avatar will now be glaring down at both of us :ph34r:

 

The link takes me to

...

How to disable Java in Firefox

...

 

I have Palemoon which is based on Firefox so I click on the link which takes me to

http://nakedsecurity...le-java-chrome/

This is disinformation from a company that would not exist if malware did not exist.

 

This has two main headings :-

"Windows removal instructions"

and

"Firefox disable instructions"

 

Under the heading "Windows removal instructions" they tell how to remove via the Control Panel -> Programs.

I find it disappointing that a security company that exists due to malware would risk our protection by allowing older vulnerable versions to remain installed.

I suppose they have their reasons. :unsure:

 

Then they tell me to visit http://java.com. :angry:

In fear and trepidation I click on the link

I see a massive invitation to DOWNLOAD JAVA TODAY, but underneath is the faint tiny link "Do I have Java?"

I click and get to

http://java.com/en/d...d/installed.jsp

This looks similar to, but also different from, what Sophos said.

 

Under the heading "Verify Java version" it does NOT say

"No working Java was detected ..."

and the big red button is not inscribed

"Download Java Now"

 

Instead the text reads

"Check to ensure that you have the recommended version of Java ..."

and the button is inscribed "Verify Java version".

I click the big red button,

confident that I will suffer no permanent harm because I am about to restore a partition image that will remove any Java that comes my way.

Click done - Now I see what Sophos promised

"No working Java was detected ..."

This was followed by a Pop-Up from JAVA asking "Tell us what you think"

They really do not want to know what I think of Java :angry:

 

Under the heading "Firefox disable instructions" it tells me to look at my Plugins.

I am happy to say that this PC has never had any JAVA or Silverlight Plugin.

 

My Conclusion :-

For present and future safety it is best to use JavaRa to exterminate every trace of JAVA

and it will give the benefit of more free space.

 

N.B.

I am "Old School" and it works for me :)

Link to post
Share on other sites
  • Moderators

well, i've decided to bite the bullet and remove JRE from my PC. (the exploit apparently only effects JDK but i don't know enough on java to know how similar JRE & JDK are and what they share)

it's the only way i'll tell what i use that in turn needs java.

 

not just this forum, but i've never come across a topic like java that gets to everyone as passionately as this one.

Link to post
Share on other sites

Hi Razz, like Andavari I've had java uninstalled for years. If you don't need it (which few people do) just uninstall it.

 

I uninstalled java after this topic: http://forum.pirifor...ava#entry194784

Have never looked back. Almost never need it, maybe twice in almost a year and a half.

Before this, I would install it on a temporary basis if some web site just HAD to have it, but no more.

If the website just HAS to have it, I shall skip that site.

 

I wouldn't uninstall anything just because the US gvt says to, but if Hazelnut doesn't like it, it's gone. :D

Link to post
Share on other sites

I uninstalled Java. Unfortunately my wife needs it to play games on Pogo, so on her PC I disabled Java in Fierefox and left it enabled on her IE. Now she only uses IE for Pogo and Firefox for everything else.

Link to post
Share on other sites

These are the times that try men's souls. Boy this firestorm with Java just about made me want to take this thing over to the tracks and let 150 tons of steel have its will. No, I would not be able to enjoy my good friends on this forum. And to Alan, thank you for your dissertation. I just a moment ago nuked Java so that's that. Have a good day everybody and thanks to all for your input.

 

Warlock

Link to post
Share on other sites

I am still running Java for several years without problems. If you are using Firefox it could be a good idea to shield it using Noscript, Adblock plus, ghostery and so on. And ditto for Chrome (Scriptno, adblock plus, ghostery). I haven't run into any issues for years. I keep Java updated too of course.

 

On the other hand, if you are pretty sure you don't need Java, just uninstall it (JavaRa might be needed to do a proper clean uninstallation).

Link to post
Share on other sites
  • Moderators

... if you are pretty sure you don't need Java ...

 

i think that's the start of the confusion (at least me me), it's one of those things we tended to install by default and now do it by habit and don't realise what needs it - if anything these days.

seems like many people have been getting by just dandy withoiut it.

 

since nuking mine, all my usual sites and software have not been effected.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...