Experts urge PC users to disable Java, cite security flaw

Thu Jan 10, 2013 5:06pm EST

(Reuters) - Computer users are being advised by security experts to disable Oracle Corp's widely used Java software after a security flaw was discovered in the past day that they say hackers are exploiting to attack computers.

"Java is a mess. It's not secure," said Jaime Blasco, Labs Manager with AlienVault Labs. "You have to disable it."

Java, which is installed on hundreds of millions of PCs around the globe, is a computer language that enables programmers to write software using just one set of code that will run on virtually any type of computer.

It is used so that Web developers can make sites accessible from browsers running on Microsoft Corp Windows PCs or Macs from Apple Inc.

Computer users access those programs through modules, or plug-ins, that run Java software on top of browsers such as Internet Explorer and Firefox.

Three computer security experts told Reuters on Thursday that computer users should disable those Java modules to protect themselves from attack.

A spokeswoman for Oracle said she could not immediately comment on the matter.

"This is like open hunting season on consumers," said HD Moore, chief security officer with Rapid7, a company that helps businesses identify critical security vulnerabilities in their networks.

Moore said machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack.

Marc Maiffret, chief technology officer with BeyondTrust, said that businesses may need to keep using Java to access some websites and Internet-based programs that run on the technology.

"The challenge is mainly for businesses, however, which have to use it for some applications," he said. "Oracle simply needs to do a lot more to secure Java and get their act together."

Security experts said the risk of attack is currently high because developers of several popular tools known as exploit kits that criminals use to attack PCs have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.

(Reporting By Jim Finkle)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (5)
Java has defects just like any other software: Linux, Windows, IE, Firefox. All of these systems have security defects which are constantly being patched. Java actually has a lot fewer if you compare the numbers. But, everyone has to be diligent to upgrade or apply patches as they become available. The software world that we live in is imperfect. The real problem is that Java Update can not be configured to run automatically like Linux, Windows, IE, and Firefox. This is what Oracle needs to fix. The default setting for Java Update needs to be that it checks every day for updates and installs them automatically, instead of checking once a month and then asking you if you want to update.

Jan 11, 2013 11:21am EST  --  Report as abuse
Albatross wrote:
“a security flaw was discovered in the past day that they say hackers are exploiting to attack computers”

By that reasoning we should stop using Windows. And Mac. And Linux. And Android… AMIGA is okay though.

Jan 11, 2013 3:44pm EST  --  Report as abuse
simplyruta wrote:
How do we disable the Java?

Jan 11, 2013 4:04pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.