How should I disable Java, and what impact will it have on my machine?I do not know how you should disable it, but one way you can do it is to remove it entirely from your system. That is a bit much, but you could always reinstall it again if you change your mind.My distro (RHEL 6) keeps theirs up to date automatically and I just let it run because I need it to access some of the stuff at my broker's web site.A slightly less drastic is to find the program that runs it and set the permissions to 0. Then only root could run it. And if you are smart, you never run a web browser as root anyway.On my system, I would suggest you set either /usr/bin/java or /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java permission to 0. Your system may be set up differently, but that is the idea.$ ls -l /usr/bin/javalrwxrwxrwx. 1 root root 22 Dec 12 21:44 /usr/bin/java -> /etc/alternatives/java]$ ls -l /etc/alternatives/javalrwxrwxrwx. 1 root root 46 Dec 12 21:44 /etc/alternatives/java -> /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/javaD
The way I read the article, hackers are attacking machines via a user's web browser. I'd think the popular Firefox extension No-Script would be the first line of defense. I've been running No-Script for years and have found it to be a most interesting experience. There are usually many domains being used to render a webpage. This page, for example, pulls data from fool.com, foolcdn.com, doubleclick.net, tacoda.net, aolcdn.com, clicktale.net, quantserve.com, and google-analytics.com. I am blocking scripts on all but the first two and can navigate TMF just fine.
Hi JeanDavid - thanks for the response!Apparently the problem is with the browsers:"Disable Java in web browsersThis and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, disable Java in web browsers.Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. From Setting the Security Level of the Java Client:For installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab.If you are unable to update to Java 7 Update 10 please see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per browser basis."http://www.us-cert.gov/cas/techalerts/TA13-010A.htmlIn both Firefox and Chromium, I could only identify (and disable) one plug in using Java apps: ' IcedTea-Web Plugin (using IcedTea-Web 1.2 (1.2-2ubuntu1.3)) '---------------MDP Home Fool
Apparently the problem is with the browsersYup. The 0 Day ( which might actually be the return of an imperfectly fixed bug spotted last fall ) is a defect that defeats the sandbox in which applets are supposed to run.So, no need to drop the hammer on java system wide ( and the things that use java, like open/libre office ).For backstory on this or other vulns, or for timely updates, there are a handful of regularly updated sources. Wolfgang Kandek at Qualys, does a nice job of keeping pace in a way that makes it easy to filter out things that don't interest you ( @wkandek on twitter, or http://laws.qualys.com ).
Best Of |
Favorites & Replies |
Start a New Board |
My Fool |