Friday, February 22, 2013

Java - What, me worry?

There's an interesting article today on THE VERGE. Joshua Kopstein poses the question "Why won't Java just go away?" That leads to our question: "What is Java, and do I need to worry about it?"

Java is present on many PCs - Windows, Mac and Linux. It's a both a programming language and an application platform. It enables programmers to write software one time and then run it on any computer that supports Java. It also plugs in to most modern web browsers so that users can run a variety of web applications. But after reading today's article you might be wondering if you really need Java on your computer.

Let's make some distinctions first. There are Java programs that run on your computer. There are Java programs that run in your web browser. And then there is JavaScript, which is not Java and thus not a topic for today's discussion. While all of the Java platform has vulnerabilities, your computer is most likely to be compromised through Java programs that run in your web browser. The web is the most efficient way to distribute attacks, and that is where you need to focus your attention.

What do you need to do today? First, let's make sure that you're actually running Java. Open a command prompt (or Terminal) on your computer and type java -version. If you see a version number returned along with a trademark notice, then you have Java installed on your computer. Or you can go to this website and run a quick test. Do you need it? Well, that depends. If you know that you need it, first you should update it to the most current version. Next, you should disable it in your web browser - follow the instructions here.

If you're not sure that you need Java, then I recommend that you uninstall it. If it turns out that you need it, you can always re-install it. But given the severity and frequency of the current attacks, my opinion is that it's best to avoid running Java if at all possible.

That brings up some other advice that I'd like to give you. Adobe Flash and Adobe Acrobat Reader (PDF) are notorious for exposing their users to vulnerabilities, via both by web browser and by downloaded documents. Keep your Flash updated, or uninstall it completely. It's slowly but surely being replaced by HTML5 video standards, and it's no longer supported on iPhone/iPad and Android. In order to read PDF files, consider using Nitro PDF Reader or Foxit PDF Reader. While they have had vulnerabilities in the past, they are generally more secure than Adobe Reader.

IT administrators, are you paying attention?