To Java or not to Java- that is the question. The answer from most renowned computer security experts of late is “not to Java”. But what’s a person to do? Many websites today rely on Java to deliver some of the rich content which has become our web experience of today.
Fact is, there is no easy answer to this question when visiting many of your favorite sites which use this popular technology.
What I am touching on is the Java vulnerability uncovered in Java version 7 update 10 (and may be a factor in older versions of Java as well- although Oracle’s bulletin CVE-2013-0422 says it is not). In short, this vulnerability alone could potentially impact any number of over 850 million computers (Mac or Windows). What can happen is that if you visit a site with malicious code (at this point it may also be legitimate websites as well that have been hacked), your computer can be "taken over" to perform whatever the malicious code was written to do. This is known as remote code execution. The possibilities are dangerous and quite honestly not worth the risk to your computer, your data and your identity.
What is not gaining as much exposure is that Java 7 update 10 is also vulnerable to another distinct but dangerous vulnerability per Oracle bulletin CVE-2012-3174. This one, as of this writing and even after the emergency fix that was released Sunday, has not been remediated. And it was discovered last year! And if you think that older versions are safe, think again. Vulnerabilities of differing varieties have been identified in each release.
The best course of action would be to disable Java and not visit sites containing Java components unless absolutely necessary.
If there are sites that you visit that you absolutely must have Java enabled to view, and it is worth the risk to you to visit, then you might want to consider a two browser approach. Although it is still not truly safe (and not really recommended), downgrade to JAVA 6 (latest patch release) and only enable it in one browser. All other web browsing to other sites should be visited from an alternate browser of your choice with Java plug-ins disabled.
That, and use good antivirus software to safeguard against "known" viruses and malicious code that has been identified. Now, good does not necessarily mean free. I have yet to see a single free antivirus package that is thorough and comprehensive in its level of protection (from website filtering, to intrusion prevention and firewall augmentation, as well as a heuristics based code scanner (anti-virus)).
For some more information (a good FAQ I have found that summarizes the issue),
please visit this site:
Just as you would not leave your front door open, or expose yourself or your family to undue risk or harm, understand that the Internet has a lot to offer, but not without a price. Browse with care!