UCPCUG
Upstate Carolina PC Users Group

   




  . Home . Contact . Links . In the News . Directions .    




  . Java .

As of yesterday, 1.12.2013, Java is at version 7 update 11. Oracle has finally added more controls to how you can use Java, and if you're not familiar with these yet, let me bring you up to speed.

First of all, don't be confused between Java, the application and Java script.. the difference being: One, an application to run a program to preform functiions on your computer, and two, a simple piece of script to preform a function within the browser itself. Java Script works only from within the webpage at hand, whereas Java the application is preinstalled in the computer (operating system) which then takes commands from code in a webpage to run functions in real time and displayed in your browser.


Also.. let me state that I do allow the use of Java for a few websites. If I don't know, or am unfamiliar with the site I am on, I do not authorize the use of Java while at that site (nor the use of, or introduction of anyother app., codec, etc.)! And, I might add, many Universities make use of Java to power their websites.


Java control panel.. what (and where) are these new controls?

The first one, my favourite, allows you to disable the Java web plugin by unchecking a single tick-box. After installing Java 7u10 you can open the Java control panel (in Windows Control panel) and uncheck the option "Enable Java content in the browser".

Java control panel customize settingsFor users who have Java-based applications (like me!) disabling the web plugin eliminates most of the risk associated with having Java installed.

Java will also now check to see if it is at the latest security "baseline". What does that mean? Well, it means the latest Java version that was released with fixes for known vulnerabilities, which as of this posting is Java 7u11.

Oracle states:

If the JRE is deemed expired or insecure, additional security warnings are displayed. In most of these dialogs, the user has the option to block running the app, to continue running the app, or to go to java.com to download the latest release.

Java 7u10 also introduces the concept of security levels. The default level is Medium which allows untrusted apps to run if your Java is patched, but will only allow signed applications to run if you are out of date.

My experiece recently has been that Java is asking me when something wants to run something and gives me the option to opt in or to opt out. For me, this gives the opportunity to open another browser and do a Google search for what is being asked of me. My advice to you is for you to do the same.

Even signed applications might not be safe if your Java is vulnerable. Fortunately there is a custom option that allows you to fine tune this behaviour.

Java control panel customize settingsYou can control whether to Run without prompt, Prompt user or Don't run for three different situations.

You may prefer to disable Java in your browser entirely, but if you can't then I recommend Don't run for untrusted applications whether your Java is up to date or not.

For local applets the prompt user setting will alert you to the fact that something that uses Java is trying to run and provide an opportunity to block it if you aren't intentionally executing Java code.

For those coming to our regular meeting, I will expand upon this in a short disscussion this week (and next if neccessary).

Bottom line.. just like any other application that you use for or while connected to the internet (or any network), keep them updated and patched (just like with Windows updates and your Virus engines).

  Our Meetings are every
3rd Tuesday

@ 7:00pm
  This website designed and hosted by:
Luther Moon @
www.computersiam.com