Java security questions

  • 17 January 2013
  • 7 replies

Badge +1
I have played games on, which has java based games, and also other websites I go to have java features.  With the recent java security problems, which I admittedly have no CLUE about; what does Webroot suggest?  Obviously, I have not played any java based games, and my browser combined with my computer operating system (OSX 10.8.2) blocked java completely, but in the meantime, I can do without the games, but what about the other programs or sites that still use java?  I have noticed that if I go to a site that still uses java, I am being told to download java, and of course, java's website just advises that you download the newest version for your computer, and only enable it when you are using it.  That sounds like potential disaster to me!  Any thoughts?

Best answer by JimM 17 January 2013, 00:29

View original

7 replies

Userlevel 7
While Webroot does not protect against the actual exploit, as it is a hole in the Java program itself, SecureAnywhere will protect you from malware that tries to access your computer via the exploit.
This thread contains a full explanation of the issue, as well as instructions on disabling Java, if you choose to do so.
You can find additional information regarding disabling Java here.  Java has released a patch to resolve the issues. However this may not repair all critical vulnerabilities.  There is more information on that in this thread.
Userlevel 7
Badge +56
Hello instacat and Welcome to the Webroot Community Forums.
Well with even the latest version of Java is not https:///t5/Security-Industry-News/Security-experts-on-Java-Fixing-zero-day-exploit-could-take-two/td-p/21564 try not to visit sites that you are not familiar with and if and if you visit a site and it tries to download a dopper or payload WSA will step in and protect your computer. Try to exercise safe surfing in the mean time. Also more info https:///t5/Security-Industry-News/New-Java-Exploit-Fetches-5-000-Per-Buyer/td-p/21684
Userlevel 7
More holes have been found in java over the past few days, even with the new update. My advise for anybody: unless you absolutly have to have Java installed, remove it!
Userlevel 2
Do have to uninstall Java even if paranoid and have NoScript or similar on all browsers? And you have Sandboxie?
Userlevel 7
Badge +56
It's a personal preference as I do keep it on my system but I'm careful of sites I visit! Also WSA will keep an eye if a payload tries to download and will block it because of any exploit.
Userlevel 7
I agree with TH! It's down to preferences but more rather to needs because Java is embedded in many webs and simply you have to have it installed otherwise you won't be able to access these sites/applications. So my recommendation is if you don't need Java uninstall it or disable it at least. On the upside if you need it (like me) be always sure to have installed the latest version and WSA 😉
Userlevel 7
The following article is a update on Java Security
(49% of security pros think Java apps are vulnerable to attacks)
By/ HNS Staff/ Posted on 17 July 2014.
In a recent poll, half of the senior IT professionals polled said their Java applications are vulnerable (32%) or very vulnerable (17%) to attacks. They cited insecure coding (60%) and vulnerabilities in third party libraries (25%) as the leading threats.

Meanwhile, nearly 90 percent of respondents said their security teams didn’t possess enough information about data center applications to enable them to properly protect those apps from attack.

“Custom developed Java-based applications dominate virtually every industry, especially financial services and ecommerce,” said Brian Maccaba, CEO of Waratek. “Since many of these enterprise applications are running on older versions of the platform and use third party code, it’s not surprising that so many security professionals are concerned about vulnerabilities in these programs.”

Help Net Security/ Full Read Here/