Thursday, January 10, 2013

Java Zero-Day (Again), Time To Disable/Remove Java

Remove Java

Once again there are reports of a Java zero-day vulnerability being actively exploited in the wild.  All versions of Java are impacted, including the most recent release, JRE 7, Update 10.

With any version of Java installed on your computer, visiting a malicious link can result in a serious malware infection.  Significantly, the exploit is not operating system and, although currently targeting Windows systems, can also run the same code on Mac OS X or Linux.

Edit Note:  The recent Java update 11 did little other than adjust the settings to the Java Control Panel.  Additional vulnerabilities have been found in that latest Java update.  See Java, The Never-Ending Saga for additional information on removing or disabling Java. 

Recommendations

1.  Uninstall Java

First and foremost, most home computer users do not need Java installed on their computer.  In the past, Java was needed for websites to be properly displayed. However, that is generally not the case now.  I uninstalled Java several years ago and have not had a need for it.

To remove Java, navigate to Control Panel\All Control Panel Items\Programs and Features (Add/Remove Programs on Windows XP). Select for removal all instances of Java, including:
Java 7 Update 10 (or earlier)
Java Auto Updater
JavaFX 2.2.4 (or earlier)
Confirm that the folders shown below have also been removed.  If not, delete the folders manually.

C:\Program Files\Java
C:\Users\%UserName%\AppData\LocalLow\Sun

2.  Disable Java

The update to Java JDK 7u10 includes the option to disable Java in the browser.  Thus, if you have a business need to use Java, play online games or use OpenOffice, disable Java.  All you need to do is uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Java ControlPanel
(Image via Sophos Naked Security Blog)

In the event Java is needed for software installed on your computer, there should be a prompt for it.  In that situation, launch the Java Control Panel and re-check the option to enable Java.  Then, remove the check again when finished.

References


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


2 comments:

Stelis said...

Thanks so much Corrine, although words cannot express my gratitude!

That exploit happened on my fully patched system last week – however due to your timely post, I managed to find more information about this vulnerability, cleaned the infection and finally disabled Java.

May you have a flourishing life!

Corrine said...

You are very welcome. I am glad I was able to help.