This entry addresses vulnerabilities within Java. We’ll talk about the others in future posts.
Is Java Malware? NO! Absolutely Not! – Some users still don’t understand Java. It’s a needed tool for your browser. It’s what makes some automated components of web sites you visit or web enabled problems you use work. You CAN turn it off but the consequence is that some web content may not function as intended.
Because
companies like Oracle and Adobe have been slower to patch vulnerabilities in their software than other
companies, they have become targets of malware writers because of that slow
response time and the ubiquity of programs like Java, Flash Player and Acrobat in over 1
billion computers worldwide.
When they find a vulnerability in a program like Java, they have a bigger window of opportunity to run wild on the Internet and on your computers before that vulnerability gets repaired.
The
consensus in the industry is that Java attacks will continue to increase - Malware authors are targeting plug-ins like
Java because they are more easily exploited than products systems like Windows
which are more frequently patched. Check
for updates from Oracle frequently to reduce your exposure.
Upgrade
to Java 7 Right Away - Oracle has retired Java 6 - Users are slow to apply Java
upgrades for a variety of reason – In the American workplace at least 61% of Java users were still using Java
version 6, versus 11% on Java 7, and 21% are using a version of Java that couldn't
be detected.
Java 6 will
Auto-Replace Itself as of February 2013, "Uh, sometimes!" Make sure your system upgrades Java if
prompted. Don’t “IGNORE” the update
warning messages!
Are There Fake Java
Updates? - Sadly yes, some attackers have exploited the confusion about Java by crafting malware which
pretends to be a Java update from Oracle. That's a reminder to only install updates obtained from the Java website.
No comments:
Post a Comment