On Thursday, the US Department of Homeland Security recommended that everyone disable Java in their Web browsers after pinpointing vulnerabilities in the Oracle software. The notification was posted at the website of the US Computer Emergency Readiness Team at http://www.us-cert.gov/cas/techalerts/TA13-010A.html All versions of Java 7 through update 10 are affected. Web browsers using the Java 7 plug-in are at high risk. It is unusual for a US government agency to make such a recommendation and adds to Java's woes. Back in October, Apple removed Java from OS X claiming that it was an effort to close some of the loopholes that potential attackers could use to compromise a Mac. Reuters noted that hackers have figured out how to exploit Java to install malicious software enabling them to commit crimes ranging from identity theft to making an infected computer part of an ad-hoc network of computers that can be used to attack websites. In a typical scenario, attackers trick computer users into visiting malicious websites that would infect their machines with software capable of exploiting the bug in Java. The website could be a legitimate website into which malicious software has been loaded. Users of the site would trust it and accept downloads from it because they previously browsed the website without experiencing any problems. “We are currently unaware of a practical solution to this problem,” the Department of Homeland Security's Computer Emergency Readiness Team said in a posting on its website. “This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, disable Java in Web browsers.” Oracle has remained remarkably silent on the issue. Java is a computer language that enables programmers to write software utilizing just one set of code that will run on different operating systems. Computer users access Java programs through modules, or plug-ins, that run Java software on top of browsers such as Internet Explorer and Firefox. Unfortunately, the software has become a prime target for hackers. The best way to handle the situation in a PC is to go to the computer's start menu and then the control panel. After clicking on the control panel, the menu of available items appears. Look for and click on “Java.” Once the “Java Control Panel” appears, click on the “security” tab. If the PC is running an updated version of Java, there will be the choice to remove the checkmark from “Enable Java content in the browser.” Then, click “apply” and then “okay.” If Java is required for some reason, just go back and enable it again, temporarily, but don't forget to disable it once the need has passed. If the security menu doesn't offer the choice, “Enable Java content in the browser,” this means Java is not up-to-date. Click on the “update” tab and click on “update now.” Once the update completes, go back to the security tab and de-select “Enable Java content in the browser,” followed by clicking “apply” and “okay.” If Java can't be found in the Control Panel list or to confirm that Java has been disabled in a computer, go to www.java.com and click on “Do I have Java?” That brings up the Verify Version of Java screen. Click on the “Verify” box and it will advise if Java is available in the computer. The desired message is, “No working Java was detected in your system.”
