Java stinks: Turn off your Java browser plugin

[Loget]

Do any of you regularly visit a site that requires Java to be installed on your computer?

I was reading through some tech blogs a few days ago and heard about a new Java 0day exploit. Malicious websites are already using this exploit to compromise computers.

Naturally I hurried to disable the Java browser-plugin for my browser. I'm not sure why I had it installed in the first place. Which sites even use Java applets nowadays?

Anyway, If you're reading this thread, chances are:

• You're running a vulnerable version of Java
• You have the Java browser-plugin installed
• Your anti-virus won't be able to do much against most of these new backdoors (modified to avoid signature detection by AV's)

For now you probably haven't been infected with any viruses, but because all it takes is for you to visit a malicious website, you put yourself at risk of infection whenever you cruise the net.

I suggest you all disable Java or update it as soon as possible. Since I don't ever interact with a Java applet, I've disabled the Java browser plugin indefinitely.

PS: The update apparently also has an exploit in it that allows for sandbox bypass (which isn't being exploited...yet). Oracle's programmers clearly can't be trusted to code a secure sandbox environment.

Unless you're one of the few who regularly interacts with a Java applet; you should disable the browser plug-in permanently or enable it only for specific websites.

Edit By JmZ:

If you are using chrome ignore this warning completely, chrome disables java by default, do not worry, do not panic, do nothing.

 

[Thrill]

It's called a "Drive-by installation".
Super easy to setup. NEVER run a java applet.

 

[DejaVu]

firefox blocked that plugin automatic and i was wondering how i got that plugin?

https://addons.mozilla.org/firefox/blocked/p125

 

[Skords]

I am sorry I dont know much about this but isnt there a critical update 6.0.310.5 which fixes this? Or maybe I am wrong, anyways I have disabled it.

 

[Mac]

If you need to run Java applets, enable click-to-play* for plugins in your browser. If you don't, just disable the plugin. Also, don't mistake Java for JavaScript.

Oh and this issue only affects Java 7 update 7, version 6 is unaffected. Disable the plugin either way if you're not using it.

To those wondering how they have the plugin - you installed Java. Minecraft, Open/LibreOffice, Android SDK, Eclipse all require Java.

* Click to play in:

• Firefox: Go to about:config, search for plugins.click_to_play and double click to enable
• Chrome: Go to chrome://chrome/settings/ -> Show advanced settings -> Content settings -> Plugins: Click to play

 

[sathishkumar]

If you need to run Java applets, enable click-to-play* for plugins in your browser. If you don't, just disable the plugin. Also, don't mistake Java for JavaScript.

Oh and this issue only affects Java 7 update 7, version 6 is unaffected. Disable the plugin either way if you're not using it.

To those wondering how they have the plugin - you installed Java. Minecraft, Open/LibreOffice, Android SDK, Eclipse all require Java.

* Click to play in:

• Firefox: Go to about:config, search for plugins.click_to_play and double click to enable
• Chrome: Go to chrome://chrome/settings/ -> Show advanced settings -> Content settings -> Plugins: Click to play

is this setting is correct in my firefox browser or i need to change the value to false

[slide]http://i.imgur.com/7o4Qe.png[/slide]

 

[K3V]

I fell for this once, Never again ...

Last time i help members check their sites <_<

 

[JmZ]

FYI chrome disables java by default, it asks for your confirmation/permission to execute it before allowing it.

So anyone with chrome can pretty much ignore all of this since it doesn't run anyway.

 

[Mac]

Firefox also blocks Java 7u7 applets by default afaik.

 

[Cometolearn]

clicksor is major contain this java applet i already re-installed the windows because of adware stuck on my computer screen

 

[toRRfriend]

oh...no

for past few days, java is telling me to update

 

[protocoldroid]

clicksor is major contain this java applet i already re-installed the windows because of adware stuck on my computer screen

why do you open anything clicksor-related? install NoScript for firefox or Notscripts for opera and after setting things up you won't get anymore active content from clicksor and similar marketing bullcraps

 

[Apathetic]

This is how to properly disable Java in chrome.

1. 
   go to about:plugins or chrome://plugins/ in your browser.
   Find the appropriate button

[slide]http://i.imgur.com/4FMpp.png[/slide]

 

[xeniux]

Nice shared mate, I would suggest using chrome nowadays that had better protection against malware instead of disabling the java applet. I personally use the java to connect some of my important applications and using it with logmein.com to connect to my office comp.

looking for thoughts.

kind regards

xeniux

 

[offshore%]

updated to 1.7.0.7 few hrs ago ) :facepalm:

 

[tio2012]

Thanks for the information .

 

[ajo000]

if u using chrome with windows vista or 7 .. you are safe

but Ive updated java yesterday. thx

 

[DoctorX]

Thank you Loget for this warning

 

[WebCare360]

Critical information. Thank you for updating us !!

 

[BlaZe]

Yup, as JmZ said, there is a dialog box and it asks for permission to execute the java applet.

Thanks for this :D now gonna stay more cautious :D