I run IcedTea, not the official JRE, so I'm pretty sure this doesn't affect me. I haven't done much research though, so feel free to correct me if I'm wrong about that.
Disable Java NOW, users told, as 0-day exploit hits web
- Thread starter deathninja
- Start date
Recommended Videos
That's pretty much always true, though. I think we can all agree that Java is as full of holes as a sieve, no matter what version you're on.Nikolaj Bilgrau said:The article stated that it was ill-adviced to use older versions. As they may contain other bugs or exploitable weaknesses.Owyn_Merrilin said:
I read this in Liquid Snake's voice2fish said:
GameChanger said:
Worst case scenario, it can lead to the kind of viruses you used to hear about in the 90's and early 2000's, where it downloads and installs without your knowledge or permission.
I'm not a big programmer, so I'm still a little confused as to Java vs Javascript (apparently they're different) but one of the tech guys in an article I was reading on the issue had an astute recommendation:
If you must use Java, use 2 different browsers. 1 specifically with Java enabled for only websites that need it. Browser 2 with java disabled does everything else.
If you must use Java, use 2 different browsers. 1 specifically with Java enabled for only websites that need it. Browser 2 with java disabled does everything else.
I just installed NoScript, and despite having clicked allow everything for The Escapist, I think it's still blocking ads. Any idea how to change it so it allows ads for sites I want to support?
It is, but they need an exploit, which are a lot more rare than they were back in the day. This is such an exploit.GameChanger said:
Edit: This is talking about true viruses. Most of what people have problems with today is technically called "malware," which is a program that you have to manually install, but it lies about what it is. For example, that "windows anti-virus 2012" program that people download after mistaking a popup ad for an anti-virus dialog.
I've done a bit of reading about this thing, and here's what I've found:
JavaScript has nothing to do with this; disabling it will simply cause a lot of sites to not work, and won't protect you anyway. Leave it alone and ignore the people advising you to disable it. Those doing the advising, please take the time to do some fact-checking before giving advice in the future.
Disabling your Java plugins in your browsers is all you need to do. Depending on your browsing habits, you might not even need to do that, but since proper computer security is indistinguishable from paranoia, I say just go ahead and disable it anyway. If you have the JRE or JDK installed for running programs and games outside your browser (Minecraft for example), you don't need to uninstall it. This only affects the browser plugin. Of course, any browser-based games that use Java will stop working with the plugin disabled, so if you have the option, download the games to your PC instead of running them in your browser.
If you'd prefer not to disable the Java plugins because you depend on them for work or school-related tasks, you can use NoScript on Firefox or its equivalent on other browsers. As its name implies, it will block JavaScript on pages you visit, but will also block Java, Flash, Acrobat, and other plugins as well until you specifically allow them to run for that site. I've used it for over a year and am very happy with it.
You could also just be careful which sites you go to, but I've learned that even sites you trust can occasionally display a banner ad with a malicious payload that will cause you all kinds of grief. Cracked, SomethingAwful, and IGN have all done this at some point, and I've since decided that being careful isn't enough on its own.
Also, if anyone's using IE, please go get Firefox or Chrome right now. Every time they come out with a new one, they say they've fixed their security problems and are as good as the others. And they're usually right, for a couple weeks at least. After that, IE and User Access Control will gleefully allow the installation of anything that asks nicely, and then UAC will do everything it can to protect that poor defenseless malware from your attempts to remove it. Yes, this shit happened to me, and I still scoff a bit whenever Microsoft utters a word about security.
JavaScript has nothing to do with this; disabling it will simply cause a lot of sites to not work, and won't protect you anyway. Leave it alone and ignore the people advising you to disable it. Those doing the advising, please take the time to do some fact-checking before giving advice in the future.
Disabling your Java plugins in your browsers is all you need to do. Depending on your browsing habits, you might not even need to do that, but since proper computer security is indistinguishable from paranoia, I say just go ahead and disable it anyway. If you have the JRE or JDK installed for running programs and games outside your browser (Minecraft for example), you don't need to uninstall it. This only affects the browser plugin. Of course, any browser-based games that use Java will stop working with the plugin disabled, so if you have the option, download the games to your PC instead of running them in your browser.
If you'd prefer not to disable the Java plugins because you depend on them for work or school-related tasks, you can use NoScript on Firefox or its equivalent on other browsers. As its name implies, it will block JavaScript on pages you visit, but will also block Java, Flash, Acrobat, and other plugins as well until you specifically allow them to run for that site. I've used it for over a year and am very happy with it.
You could also just be careful which sites you go to, but I've learned that even sites you trust can occasionally display a banner ad with a malicious payload that will cause you all kinds of grief. Cracked, SomethingAwful, and IGN have all done this at some point, and I've since decided that being careful isn't enough on its own.
Also, if anyone's using IE, please go get Firefox or Chrome right now. Every time they come out with a new one, they say they've fixed their security problems and are as good as the others. And they're usually right, for a couple weeks at least. After that, IE and User Access Control will gleefully allow the installation of anything that asks nicely, and then UAC will do everything it can to protect that poor defenseless malware from your attempts to remove it. Yes, this shit happened to me, and I still scoff a bit whenever Microsoft utters a word about security.
Screw Java and their shitty, buggy-as-hell, virus-sensitive and too widespread coding stuff.
I've never had a plugin that gave so much trouble to my systems over the years. Lately, it's been quite OK, but in the past it was beyond horrible.
*sigh*
I've never had a plugin that gave so much trouble to my systems over the years. Lately, it's been quite OK, but in the past it was beyond horrible.
*sigh*
Don't you have to actually visit a website that would run this exploit? SO it's safe for me to run this on, say, escapist. Or would I have to be worried about someone running it through one of the ads on escapist, as I understand they can't vet every ad.
PS: turns out captchas are Java based.... FUUUUUUUU
PS: turns out captchas are Java based.... FUUUUUUUU