Turn off Java
Do you still have Java turned on in your web browser?
If your answer is “Yes” or “I’m not sure” then it’s time to take action.
Right now, cybercriminals are aware and exploiting serious security flaws in Java that could lead to your computer (Macintosh, Linux and Windows) becoming infected by malware.
As fast as Psychiatry IT or you can update Java to more secure versions, the vulnerabilities keep appearing and it sometimes take months for Oracle (makers of Java) to fix them.
Up until Fall 2011, Psychiatry IT installed Java RE on all new computers. Since then, it is only installed by request, due to increasing security issues. Recently the US Department of Homeland Security officially recommended disabling it. If you never need it, it should be uninstalled, or at the very least, disabled in your web browser. Supported computer users should contact us with your computer’s ID number, if you would like it uninstalled.
In Internet Explorer 9 or 10, click on the gear icon in the upper-right corner and choose Manage Add-Ons. Scroll down to the bottom, under Oracle America, Inc., select each of the entries in turn; they’ll probably say “Java(tm) Plug-In SSV Helper” or some such. In the lower-right corner click the button marked Disable. Restart IE. At the bottom of the screen, you’ll see a notice that says, “The ‘Java(tm) Plug-In SSV Helper’ add-on from ‘Oracle America, Inc.’ is ready to use.” Click Don’t Enable. If you get a second notice about a Java add-on, click Don’t Enable on it, too. That should permanently disable Java Runtime in IE.
In Safari, open the application’s preferences select the Security tab, deselect the Enable Java checkbox.
In Firefox, click the Firefox tab in the upper-left corner and choose Add-Ons. You should see an add-on for Java(TM) Platform SE 7 U15 (or similar). Click once on the entry, and click Disable. Restart Firefox.
In Chrome, type chrome://plugins in the address bar and push Enter. You should see an entry that says something like “Java (2 files) – Version: 10.7.2.11” Click on that entry and click the link that says Disable. Restart Chrome.
Test. Make sure the browsers are/aren’t running Java, according to your wishes, by running each of them up against the Java test site. If you go to that site using Google Chrome, there better be a big yellow band at the top of your screen asking permission to run Java just this once.
So, what are you waiting for?
Isn’t this just another scare?
No, it isn’t.
Time and time again there are examples of cybercriminals exploiting flaws in Java to infect innocent users’ computers.
For instance, in 2012 more than 600,000 Macs were infected by the Flashback malware because of a Java security flaw.
Cybercriminals also love Java because it is multi-platform – capable of running on computers regardless of whether they are running Windows, Mac OS X or Linux. As a result it’s not unusual to see malicious hackers use Java as an integral part of their attack before serving up an OS-specific payload.
What you need to do now is reduce the opportunities for attack. For most people that means disabling Java – and doing it now.
Computer System Coordinator | Dept. of Psychiatry | Information Technology
The University of British Columbia | Pt. Grey Campus
Room 2C1 – 2255 Wesbrook Mall | Vancouver, BC Canada V6T 2A1