Java flaw exposes computers to attacks

Author: Lenette Votava, OIT

man_working_on_computer300

Virtually all computer users who browse the Internet use Java software. It is usually found as a plug-in on Internet browsers, including Internet Explorer and Firefox.

The Java software (including Java 7 Update 10, Java 6 Update 37 and earlier versions) contains a flaw that can allow a remote attacker to take over your computer, steal your data and/or perform other malicious activities. The attack is reported to work on any Web browser with Java enabled (Internet Explorer, Firefox, Safari and Chrome), and on Windows, Mac OS and Linux computers.

How can you protect your computer? The best course of action is to remove Java, but many Internet sites still rely on it. If you’re like most people and use Java, just download the most recent Java patch.

For your home computer, upgrade to the latest release, Java 7 Update 11. It can be found at www.java.com/en/download/index.jsp. For your work computer, please contact your departmental IT support person to update your system.

Installing the Java patch on your computer doesn’t mean that it is COMPLETELY safe from a potential attack. The best way to protect your computer during daily use is to disable the Java plug-in in your Web browser when it’s not needed.

Disabling the Java plug-in will prevent you from using several University applications, including Concourse, Banner and Sakai. When you need to access these applications, it is recommended that you choose one browser with Java enabled to work only with University applications. Then choose a different browser (with Java turned off) for browsing the Internet.

If you choose to browse the Web with Java enabled, please follow safe browsing habits:

  • Only visit TRUSTED SITES with browsers that have Java enabled.
  • BE CAUTIOUS when visiting unfamiliar websites.
  • Update your computer’s OPERATING SYSTEM AND SOFTWARE, and allow it to reboot when it asks you to complete the update.
  • Turn your browser’s pop-up blocker ON.

For instructions on disabling Java for Firefox, Safari and Chrome browsers, visit http://krebsonsecurity.com/how-to-unplug-java-from-the-browser.

Unfortunately, Internet Explorer does not have an effective means of turning off Java.

Please contact the OIT Help Desk, 631-8111 or oithelp@nd.edu, if you have questions.