Java, the new Adobe (+How To Protect Yourself)
Sun’s Java Earns Unhappy Distinction — The Hackers’ Favorite Target
Cybercriminal exploit attacks on Java have multiplied tremendously in number and they are proving to be incredibly effective.
First reported by Krebs On Security last week, now the Microsoft Malware Protection Center has a notice about the wave of Java exploitation they found when reviewing their monitoring data. In fact, the MMPC discovered that by the beginning of this year the number of exploits on Java code vulnerabilities well surpassed the number of Adobe exploits they monitored.
“What I discovered was that some of our exploit “malware” families were telling a scary story – an unprecedented wave of Java exploitation. In fact, by the beginning of this year, the number of Java exploits (and by that I mean attacks on vulnerable Java code, not attacks using JavaScript) had well surpassed the total number of Adobe-related exploits we monitored.”
Java is everywhere, but few people know what it is, or that it is even installed, as Java runs in the background. Java is used in a wide variety of computing platforms: from embedded devices and mobile phones on the low end, to enterprise servers and supercomputers on the high end.
What you should do: As I have mentioned here many times, the way these “exploits” get stopped is via vendor-released “patches” – better known as updates. Updates are your friend, and you want them.
(As a matter of fact, the Java patches have been out for some time..)
Keep your software up-to-date. Here’s the how to for Java.
1) Click the Start button then Control Panel.
2) Locate and click the Java icon
3) The Java “control panel” will open. Click on the Update tab.
4) Click the Update Now button. Then, OK.
Did you notice how the “Check for Updates Automatically” description says that Java will check for patches and hacker fixes on the 14th of each month?
In today’s world, that’s ridiculous. Once a month? C’mon.
So let’ fix that.
5) Click the Advanced button…
.. and change the radio button to either Weekly, or better yet, Daily. Then click OK.
Then click Apply and then OK again.
Sadly, folks, you are not done. Java has a nasty habit of leaving old versions of itself behind when it updates (why is that, Sun? Huh? Huh?) and these need to be removed.
1) You should still be in Control Panel so click on Programs and Features (“Add/Remove Programs” in Windows XP/Older)
1a.) Click “Uninstall or change a program” if you have to.
2) A list of the installed programs will “populate”. Look for, and then remove (click Uninstall) all but the most recent version of Java you find in the list. That is, all but the highest numbered one. There may be several entries…
Okay. now you’re done.
I know, I know! Seems like a pain. Sun could do a much better job with this. But, listen, please. Safety and security measures are always a bit inconvenient and require extra attention and effort. Your computer is no different. Take the time. Make the effort.
When you cross the street, you look both ways to make sure it’s safe. Staying safe on the Internet is similar. It takes some common sense steps — Stop. Think. Connect.
- Stop: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.
- Think: Take a moment to be certain the path is clear ahead. Watch for warning signs and consider how your actions online could impact your safety, or your family’s.
- Connect: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.
STOP. THINK. CONNECT. Protect yourself and help keep the web a safer place for everyone.
* My thanks to Bryce at Technibble for the great write up which brought this to my attention.
Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Sudden Internet trouble? News alert
Folks–
A large, Internet-wide, multi-vendor patch was released and implemented yesterday to resolve a critical vulnerabilty in the Internet system.
This patching process caused “weird” connectivity issues, hyperlinks seemingly don’t work, and slow connections. If you are suddenly having these issues and/or are unable to connect to the Internet, please don’t uninstall the Microsoft Update.. try these steps first.
1) reboot your PC–twice.
2) reboot your router/WAP
3) If you are running ZoneAlarm free firewall, you must set it to “medium”, or lower.
4) be a little patient.. this process is mostly accomplished, and the quirks should soon pass.
To read more about this disturbing vulnerability in the Web (or see which MS patch is the one affecting you), read: Patched Flaw Could Have Broken Internet Backbone.
(The geekier amongst you might prefer C/Net’s Zero Day Blog version.)
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 