If you’re a Windows user, viruses, malware, and other vulnerabilities are nothing new. If you’re a Mac user, it’s been a pretty nice decade. (Sorry. As a Mac user, I had to sneak that one in.) Well, times are changing, and over the last few years Mac OS X has been subject to an increasing number of security exploits to the point where users on any platform need to be aware of vulnerabilities that exist and take appropriate precautions.
Lately that threat has been with Java, which is, essentially, a platform/environment that allows other programs written in Java to run. One of the benefits of Java is that it’s cross-platform, in that Java applications will run the same on Windows or OS X, as long as Java itself is installed. But, that benefit has a downside, as we’ve seen lately with vulnerabilities in Java exposing any system – be they Windows or Mac – to exploits. Specifically, the threat is with Java browser plugins and not the full Java runtime environment on your computer. Add to that the additional attention these vulnerabilities create and you have a game of spy-vs-spy as attackers and Sun (who makes Java) go back and forth to exploit and patch Java. It’s gotten so bad that the US Department of Homeland Security recommended disabling Java plugins in web browsers.
I’m not a security expert, so what I’ve told you so far is just an overview of the Java threat. If you would like to learn more, do a Google search to find the latest articles. (There are too many good articles to list and the landscape keeps changing as new patches and vulnerabilities are discovered.) However, here are some steps you can take to greatly reduce your risk:
- Disable Java in all browsers. Many users don’t need Java enabled and will not notice any difference. Here is a link provided by Sun that will show you how to disable Java in all browsers system-wide, or to disable it in individual browsers (Internet Explorer, Firefox, Chrome, or Safari).
- Turn on Java in a browser when you need it, if you feel comfortable that the website is reputable. Sometimes you can’t avoid it and you need to enable the Java plugin. For example, in our office we use a screen-recording software called Screencast-O-Matic, which is a Java application that runs in the browser. This is a well-reviewed and reputable product, so we are comfortable enabling the Java plugin when we need it, and then disabling it after.
- Continue to update Java as Sun releases patches. The default Java settings should notify you when updates are available, but it’s not a bad idea to check the Sun Java website (www.java.com) periodically for updates.
- Stay aware of news surrounding future Java vulnerabilities and patches.
As is the case with these most recent Java security issues, a little bit of knowledge can go a long way to keeping your computer safe, without having to sacrifice more functionality and convenience than you need to.