This entry addresses vulnerabilities within Java. We’ll talk about the others in future posts.
Is Java Malware? NO! Absolutely Not! – Some users still don’t understand Java. It’s a needed tool for your browser. It’s what makes some automated components of web sites you visit or web enabled problems you use work. You CAN turn it off but the consequence is that some web content may not function as intended.
Because companies like Oracle and Adobe have been slower to patch vulnerabilities in their software than other companies, they have become targets of malware writers because of that slow response time and the ubiquity of programs like Java, Flash Player and Acrobat in over 1 billion computers worldwide.
When they find a vulnerability in a program like Java, they have a bigger window of opportunity to run wild on the Internet and on your computers before that vulnerability gets repaired.
The consensus in the industry is that Java attacks will continue to increase - Malware authors are targeting plug-ins like Java because they are more easily exploited than products systems like Windows which are more frequently patched. Check for updates from Oracle frequently to reduce your exposure.
Upgrade to Java 7 Right Away - Oracle has retired Java 6 - Users are slow to apply Java upgrades for a variety of reason – In the American workplace at least 61% of Java users were still using Java version 6, versus 11% on Java 7, and 21% are using a version of Java that couldn't be detected.
Java 6 will Auto-Replace Itself as of February 2013, "Uh, sometimes!" Make sure your system upgrades Java if prompted. Don’t “IGNORE” the update warning messages!
Are There Fake Java Updates? - Sadly yes, some attackers have exploited the confusion about Java by crafting malware which pretends to be a Java update from Oracle. That's a reminder to only install updates obtained from the Java website.
0 comments:
Post a Comment