There has been a lot of warnings about Java in recent days. It’s a
complicated issue. If you want to better understand the issues, Google
“Homeland Security java disable”. There are lots of articles. Here are
a few:
We know that Java has many unpatched vulnerabilities and has had for
some time but AFAIK this is the first time that the United States
Computer Emergency Readiness Team has recommended uninstalling.
For most of my customers, this is impractical. I’m trusting on my
security software to catch any malicious software before it is
installed. It’s not a perfect solution but what are the alternatives?
How are you dealing with this?
–
Kevin Boyle - Knowledge Partner
If you find this post helpful and are using the web interface,
show your appreciation and click on the star below…
There has been a lot of warnings about Java in recent days. It’s a
complicated issue. If you want to better understand the issues, Google
“Homeland Security java disable”.
How are you dealing with this?[/color]
Yeah I saw that a day or two ago. Personally the way I think folks
should deal with this is by using ZENworks Patch Management to make
sure they always have the latest version of Java.
For most of my customers, this is impractical. I’m trusting on my
security software to catch any malicious software before it is
installed. It’s not a perfect solution but what are the alternatives?[/color]
At least in theory, you should be able to run java in a “cloud” style
environment with full isolation; in fact, I am looking forward to the
day when you can run any browser and have that be true (that hardware
accelerated visualization on-chip is used to hard-sandbox each tab)
[color=blue]
How are you dealing with this?[/color]
One way to use Java without exposing it to risk is to have it on a
dedicated citrix host, limited to just talking to the internal resources
that need Java (usually internal CRM and other solutions) and push out
as a delivered app to the users.
Its a lot of work though, to work around the fact that java security is
a joke and Oracle more concentrating on monetizing their “IP” and suing
Google than actually improving the security and functionality.
There has been a lot of warnings about Java in recent days. It’s a
complicated issue. If you want to better understand the issues, Google
“Homeland Security java disable”.
How are you dealing with this?[/color]
Yeah I saw that a day or two ago. Personally the way I think folks
should deal with this is by using ZENworks Patch Management to make
sure they always have the latest version of Java.
[/color]
Except the CERT warning includes Java 7 Release 10, which is the latest!
There has been a lot of warnings about Java in recent days. It’s a
complicated issue. If you want to better understand the issues, Google
“Homeland Security java disable”.
How are you dealing with this?[/color]
Yeah I saw that a day or two ago. Personally the way I think folks
should deal with this is by using ZENworks Patch Management to make
sure they always have the latest version of Java.
[/color]
Except the CERT warning includes Java 7 Release 10, which is the latest!
Supposed to be an update by Thursday, they say.[/color]
Which says all the "emergency patch that quickly fixed everything "
released on Sunday does is set security to “high”.
So the government still says:
“As a result, the Department of Homeland SecurityÂs Computer Emergency
Readiness Team has recommended users should actually disable Java from
running in web browsers – even after applying the latest update”