Java

, ,

How to Isolate Java

, ,

                Jim Hamm grabs our attention with important info on Java.  "in case you didn't see it, here is another article discussing Java, and how to remove or disable Java in your browser of choice. Some time ago I had disabled Java in the three browsers I use: Safari, Firefox and Chrome. I happened to be using Firefox when reading this article, so I thought I'd check the Java plug-in. Ouch! Sure enough, it was enabled again. How, I don't know. Perhaps when the browser itself is updated. I immediately disabled Java again. 

        That's probably why the author of this article recommends removing Java -- because somehow it can become enabled again, which is not a good thing from a security standpoint.     Following is a summary from the article on how to disable Java.”  
How to isolate Java
        Isolating Java means leaving it on your Mac, but removing it from your browser except when you want it to run. Apple now does this by default for all Macs (10.6 and later) and will re-isolate it after about a month even if you've turned it back on. Isolating Java is a bit more complex now that Apple has removed the Java preferences utility from Lion and Mountain Lion.
        If you run Java 6 (the Apple supplied version), you need to restrict it on each of your browsers. In Google Chrome, type chrome://plugins in the address bar and click the link to disable Java. In Safari, go to Safari > Preferences and uncheck Enable Java in the Security pane. In Firefox go to Tools > Add Ons > Plugins and uncheck Java Plug-In.

, ,

Java & JavaScript Explained

, ,

        You've seen it, too.  Java.  JavaScript.  Are they related?
         Here John Carter explains what the difference is.  "Java and JavaScript are not the same. Disabling Java in the browser is necessary to prevent the possibility of getting one of the new Java enabled viruses. 
        "You have to have JavaScript enabled on your browser because nearly every web page has some kind of JavaScript in it. Currently, it is not possible to get a virus from JavaScript, but that was once said about Java.
        "JavaScript is language that has become popular with web designers to perform sophisticated operations. To view a web site that contains JavaScript does not require an application on the computer. To view a web site that contains a Java app requires that the computer have Java installed. However, the release of HTML5 may see the end of both JavaScript and Java in web sites."
        And John finishes today's explanation with this, "Updates will come out soon for Java that will make it okay to use with browsers, but like any other 'fix,' the hackers will find yet another undiscovered hole to give them an opportunity to pass on more viruses."

, ,

Apple Got Hacked

, ,

        John Carter alerts us to the hacking, "'Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plugin for browsers,' the company said in a statement to AllThingsD. 'The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.'

        "The company noted that it has been shipping Macs without Java since the release of Mac OS X Lion, and that it also has a software mechanism that disables Java if it goes unused for 35 days. Apple is also releasing an updated software tool to detect and remove Java-related malware."
       John comments, "The sad part of this is that some websites, like GoDaddy, need to have Java enabled in the browser, and disabling Java in the browser is the only way to secure yourself from a Java attack.
        "Just yesterday I got an update from Apple for Java. I installed it. So I don't understand why I'm getting this update if Apple isn't installing Java on new computers. It could be because I already had Java installed and its presence triggered the notification for the update. Now I'm waiting for more news and maybe another Java update about this." 
        Here are several sites reporting on the situation: 
http://www.businessinsider.com/apple-releasing-malware-removal-tool-after-being-hacked-2013-2 
, , , , , , , , ,

Need Another Reason to Switch from Windows?

, , , , , , , , ,

         Whether you use Windows— or not — there's some helpful info here for all of us!  Don't miss the suggestions about thumb drives and external drives.  Thanks to John Carter for the following detailed report!   He starts with the news article.  Feds: Infected USB drive idled power plant 3 weeks

       " There are four ways to protect yourself from a virus: 
        1) Keep an hourly updated anti-virus app running continuously. Since any new virus won't be detected and a cure found for up to 24 hours, this isn't any kind of guarantee that a Windows OS won't get a virus.
        2) Switch from Windows to any one of the dozens of Linux distributions. Linux is probably the most secure OS on the market simply because hackers know their return on investment isn't big enough to warrant going after it. There's just not that many Linux computers in use compared to the vast number of Windows computers. Still, installing an anti-virus app on Linux will give added peace of mind.
        3) Switch from Windows to a Mac. Because Mac is based on Unix, it has the same low-profile for hackers as Linux. There have been recent viruses found on Macs in the past couple of years — maybe two or three — so an anti-virus app is now recommended for Macs for added peace of mind.
        4) Stop using computers. (Now we know John is smiling when he says this!  Read on for more of his report.)
       "LInux and Mac are no longer safe now that hackers have discovered a way to infect any computer with a Java virus. But if the browser has Java turned off, or if you don't even install Java on your computer (and this does not include Javascript, which is still safe — for the moment), you're pretty secure when it comes to Java viruses that come in through email or a website. 
        "Still, this doesn't protect a computer when the virus is embedded in a brand new thumb drive or external hard drive that you just bought. So, another step in purchasing any thumb drive or external hard drive is to reformat it before using it.
        "Is Linux or the Mac really free from attack? Many companies using Unix as their primary operating system get attacked daily, but mostly by hackers trying to find a way into the computer through some unguarded port. Hackers don't go after personal computers in this way, simply because there's no assurance that their efforts will return as much of a reward, but this doesn't mean they won't try. 
        "Any computer, regardless of the operating system type, needs to be secured with a firewall for protection against attacks from the Internet, and that firewall needs to be monitored constantly and updated frequently — which almost no personal computer owner knows anything about."
        Well, it's time to come to the conclusion — for now — and John winds up with, "If everyone switched from Windows to Linux or Mac, the hackers will start going after them and we'll be back to grabbing at straws to figure out how best to protect our computers. But for now, either one is a better solution than using Windows."
, ,

Explaining Java & JavaScript

, ,

      Looking at Safari > Preferences > Security you might be puzzled.  You’ve heard we need to protect our computers from the latest Java exploit by unchecking “Enable Java” and “Enable Plug-ins.”   Maybe you've already checked to “Block pop-up windows” and “Enable JavaScript.” 
        A Google search for the difference between Java and JavaScript brings up some websites.  See http://www.htmlgoodies.com/beyond/javascript/article.php/3470971/Java-vs-JavaScript.htm  Written by the co-author of a JavaScript Primer Series, Joe Burns explains the similarities and differences. 

,

Here's Why to Disable Java

,

        "If you're still using Java, now is a good time to disable it," warns Jim Hamm.  See this article: http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/
        The fix is to disable Java in your web-browser.  Here Jim explains, "NOT 'java script'  just 'java' — they are two separate check boxes, as they are two separate things."

        You'll note this article is dated today, 1-10-13, and there are already 76 comments.  
, , , ,

Speed Up Web Browsing on iPhone, iPad

, , , ,

        "Here is a tip that might speed up your web browsing on an iPhone or iPad: turn off Javascript. I just did it, and will see if it impacts my web browsing one way or the other. I've disabled Javascript on all my computers and haven't missed it at all. Javascript is a great medium (access point) for malware hackers to get into your computer," declares Jim Hamm. 

, ,

Java and Security Risks

, ,

        Prez Art Gorski finds info we need to read and heed.  "In a recent update to Mountain Lion, Apple has removed the Java plug-in used in the Safari web browser. In the future, if you absolutely need Java in Safari, you will have to go download it yourself from the Oracle website.

        "The question is: Do you REALLY need Java in Safari. For the vast majority of Mac users, the answer is NO. So this probably won't affect you.
        "Why has Apple taken this step? Security! See the following interesting article.
, , , ,

Java Fix Doesn't Work (Updated 8-31)

, , , ,

  We start out with the latest warning on Java, received at 3:20 pm Friday, 8-31.  Jim Hamm brings us up to date.  (Then read the rest of this for the background of this huge issue.)         "Now this is amazing. A few hours after Oracle issued a patch for the security flaw in Java, another exploit has been found. This has been forwarded to Oracle, but since Oracle never comments on these security breaches they didn't say anything. It doesn't appear the hackers have found this opening yet, but after they read this article, they'll probably start trying.          "Although our risk of hacking might be small, I think it's best to disable Java. I did so a long time ago and haven't missed it yet."         You saw this here on 8-27.   Here's a warning from Jim Hamm,  "If you've still got Java enabled in your browser, now's a good time to disable it. Another vulnerability with Java has surfaced. Take a read on this. In Safari, Java can be disabled in Preferences > Security > uncheck enable Java."         With another notice of a potential malware risk from Java 7 Jim sends this link  The last paragraph in the article states, "Mac owners can disable the Java plug-in from within their browsers, or remove Java 7 from their machines. To do the latter, select 'Go to Folder' from the Finder's 'Go' menu, enter '/Library/Java/JavaVirtualMachines/' and drag the file '1.7.0.jdk' into the Trash."         Here's a quick test to see if Java is disabled in your browser, from our eagle-eyed Jim Hamm.  He tells us,  "Just click here and if the box comes up empty, you're okay — Java is disabled."         And, Jim sends the latest:  "Here's an article describing how Oracle knew about the Java vulnerability to a malware attack since early April. And, moving right along at a snail's pace, Oracle doesn't plan a fix till October. Given Oracle's slow response to acknowledging and fixing malware attacks, it's a wonder any developer use Java at all."         We were surprised to see a fix announced here this afternoon, (Thursday, August 30).  Keep us informed on the latest and we'll pass the word along!  !           A hot topic: this just out an hour ago, (8-31)  and recommends you turn Java off or delete it.  

, , ,

Precautions About Java

, , ,

        Got Java?  Note these precautions forwarded to us from Jim Hamm. 
        "Here's another article describing the risk of keeping Java enabled on your browser.  If you need to access websites that require Java, I like the suggestion in the article to have a browser set aside for this purpose. I think Chrome might be good for this. As I've mentioned previously, I have Java disabled in Safari and haven't had any problems accessing websites. It seems there are fewer of them nowadays." 

        Jim goes on to say, "I'm surprised that Oracle hasn't been more aggressive in patching Java and making it more secure against malware. There is some debate going on between Oracle and Google on who "owns" Java.  See this article. 
        "Regardless of the court outcome, I think it's wise to disable Java in your browser, just to be on the safe side."
        But Jim, is Java the same as JavaScript in the Preferences in Safari?  "No, they are completely different programs." 
, , ,

Watch Those Emails!

, , ,

        Jim Hamm sends this latest:  "You probably are already cognizant about this subject, but here's an article about protecting your computer against Java malware. I had disabled Java on my Mac some time ago but hadn't done so on my PC till now, when I read this article. However Java is used on a computer, I haven't noticed missing it once it was disabled.
       "In an unrelated malware incident involving attempted "phishing", I received an email a couple of days ago that looked like it was from Amazon thanking me for my order of Bose speakers for $120. Well, I hadn't ordered any speakers and there was different links in the message that one could click -- but I didn't click any of them. What was interesting was a message to the side that said this might be a "phishing" attempt. Have no idea how/why this was in the email. Anyway, I just deleted the email and checked to insure a charge hadn't got on our credit card for this amount. It hadn't. However, the document from Amazon sure looked real.
       "What with the proliferation of purchases online, think about all the places/websites where you have used your credit card — or at least I have. The bad guys are constantly on the prowl looking for ways to penetrate these websites — and your computer — to steal your credit card number. A life-long battle between them and us it seems," Jim comments. 

, , ,

Java in Lion: You Might Need Help

, , ,

        In a recent post regarding the Flashback virus, John Carter reported that he had a problem with Java. This “bug” appeared only after a recent update to Java. He brings us up-to-date here:
        "There is a workaround for the problem with Java in Lion. (The problem is that in the Terminal the command ‘java -version’ returns an error message: unable to locate java runtime to invoke) The workaround is accomplished by adding the system environment variable JAVA_HOME to the login environment in the file /etc/bashrc.
        "The variable should be set to '/System/Library/Frameworks/JavaVM.framework/Home'
        "There is no easy way to instruct the non-technical person on how to add a line of code to a system file. Anyone having a problem with Java should contact John Carter and he will install the workaround free."  Go to the PMUG site > About Us and scroll down to Contact Us and click on Webmaster.
        John closes with this, "The JAVA_HOME variable should not have to be added, so there is still some kind of Java problem that needs to be researched."
        Now, John Carter to the rescue!  Here's the very latest help: "Regarding why Java fails on the iMac Lion that I have, I just discovered this fix:
        Remove this file: /Users/[logname]/Library/Preferences/ByHost/com.apple.java.JavaPreferences.plist
        That file does not exist on the Mini, MB Pro, or MB Air.
         The next time you execute ‘java -version’ in Terminal, you get:
         java version "1.6.0_31"
        Java(TM) SE Runtime Environment (build 1.6.0_31-b04-414-11M3626)
        Java HotSpot(TM) 64-Bit Server VM (build 20.6-b01-414, mixed mode)
        "This is confirmed by: osdir.com/ml/java-dev/2010-10/msg00974.html  by Mike Swingler, Java Engineering, Apple Inc."
        Any other questions?  If so,  email John.  And remember, he's speaking this Saturday for PMUG.  See you there?