Tech Tuesday #12? What’s up with Java?

It’s time for Tech Tuesday, where we answer reader questions!

TechTuesdays from Charland Technology

Chris from Devens asks….

I saw a report on the news about disabling Java before hackers steal all my info. What’s up with that?

Thanks, Chris

There’s a lot of panic about Java right now. Headlines abound that the US Department of Homeland Security is recommending that all computer users disable java until this cyber-storm blows over. The media, has naturally jumped on this. Is it because “Department of Homeland Security” sounds more impressive than “Computer Emergency Readiness Team at Carnegie-Mellon University?”

Partly, I’m sure. And partly because we love to panic about our computers. Let’s start with the basics…but first this important message.

I don’t think any of these posts explain clearly WHAT Java is. So…What is Java?

Java is a web programming language. It allows websites to run programs on your computer. Similar to Adobe Flash and Microsoft ActiveX.

Allowing websites to run “stuff” on your computer sounds scary..and there are scary elements to it, but it’s also a powerful thing:

  • Want to use web-based remote control like GotoMyPC or Logmein? You need to run a Java, Flash, or ActiveX program on your computer.
  • Want to play Angry Birds, Texas Hold’Em or Bejeweled? The game runs a program on your computer.
  • Want to use web-based e-mail? You need several of these web-based programs to do that.
  • On a site like Facebook…the ticker, chat, and scrolling page updates are all implemented in these programming languages.

There are a number of flaws, recently revealed, that make it easy for someone to trick you into visiting a page that launches code that can take over your computer.

This can be “weaponized” by sending you e-mail that claims to be from the IRS, Quickbooks, the lottery, or your bank. Click on the link in the e-mail…and your computer is compromised.

This also can be brought to bear by compromising other websites and forcing them to host the bad code. This can be a problem for smaller websites without full-time monitoring and support staff.

It’s important to remember…any time you visit a website or load a program on your computer you are trusting the author of that program and the keeper of that website.

For example, if you want to play the online game Pirate Galaxy, you’re exposed to whatever code the developer (Splitscreen games seems pretty trustworthy) has decided to put in the game. You’re also exposed to whatever the host of the game publishes (Kongregate is also legit).

If the chain of trust ended there we’d be in decent shape. However, that’s not the case.

The ads in most pages are not necessarily vetted on a regular basis. It’s entirely possible for a rogue ad to link to a compromised site that looks like the game you want to play.

So for now I think it makes sense to disable java unless you find an important site that absolutely will not work without it. Don’t like those instructions? Try these.

Another way to go is to disable Java, Flash, etc in your primary browser…and use another one ONLY for trusted websites that require running code.

Of course, Java 7 Release 11 fixes the most glaring and commonly-exploited security issues, and adds a major new concept…that the user needs to actively click to let a java program (called an “applet”) run.

We’ll discuss best practices for business Internet safety later this week.

Got questions? Send them to CharlandTech via Facebook, post as a comment on this article, Tweet ‘em to @gregc00 or @CharlandTech, or find another creative way to get them to us.

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: