28 April 2013

Java hates you - Java and internet security

Well Java doesn’t quite hate you, but it is without doubt one of the biggest attack vectors for malware and other internet nasties.

Honestly, it feels like its every other day The Register reports that another vulnerability has been found in Java and these articles tend to recommend uninstalling Java as soon as humanly possible if you don't need it.

Unfortunately most of us simply have to have Java installed on our computers in Ireland for online filing of tax returns over ROS, the revenue online service from the Revenue Commissioners, or banking with Bank of Ireland business banking and many other websites..

Java attacks are very dangerous attacks and normally involve some sort of phishing attack or some kind of dodgy attachment - e.g. clicking on a link in Twitter or Facebook, the website you visit runs calls Java and from your web browser, escalates, to run a piece of malicious code on your computer.

Apart from uninstalling Java which is not always possible, some steps you can take to limit your exposure include:

Confirm first if you want Java to run (Chrome - > Settings -> Privacy -> Plugins).
 
In Google's chrome browser choose if you want to run plugins (e.g. Java) automatically or to ask permission each time you visit a website that runs Java. You can add websites to the exception list e.g. http://www.ros.ie