Homeland Security Says Kill Your Java Now! (overreaction?)

Posted on January 12th, 2013

DHS Logo

ZDNet is reporting today that the U.S Department of homeland Security is advising PC computer users to disable their Java software to protect their computers against active cyber attacks taking place across the Internet.

According to ZDNet:

Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.

But is this an overreaction? 

According to online security experts, there are real attacks happening in “the wild” right now that can allow an attacker to launch any program of choice from your computer after you simply visit an infected webpage.

The vulnerability is effective against all PCs regardless of the brand of Anti Virus software you are using, including the Schrock-recommended Norton 360.

However, there is another way to protect yourself that allows you to enjoy the web-based benefits of Java while also protecting your PC and few seem to be discussing it.

How You Can Keep Java AND Protect Your PC

There is a little talked about feature built into Google Chrome and Mozilla Firefox called “Click-to-Play” that could keep your computer safe and sound from this type of attack.

This feature required you to click on a media content box before the Java or Flash will automatically activate.  Since many of these infections result from this kind of content automatically executing when you visit the page, the click-to-play requirement effectively stops the infection in its tracks.  Unless of course you click-to-infect.

This feature is built into Mozilla Firefox and enabled by default.  Therefore, if you use Firefox you do not have to do anything at this point.

If you use Google Chrome, the click-to-play feature is also built in but is not enabled by default.  You must enable it manually.  Life Hacker has a simple set of instructions on enabling click-to-play in Google Chrome.

Recommendations From Schrock for Safe Computing

Ditch Internet Explorer RIGHT NOW.  Even if you hate Firefox or Chrome switch to it until an update for Java fixes this problem.  It shouldn’t take Oracle long.

To be safe to basic users, switch to Firefox instead.  For users confident in their ability to modify settings Chrome can be an alternative if properly configured.

As always, we recommend you equip your PC with Norton 360 because it does the best job of keeping the bad guys out.

If you want to automatically get the latest Java update as soon as it is released, install a trial copy of Secure Updater.  It’s free for 14 days and that should be enough time for Oracle to get this patched up.