Posts Tagged ‘java security’

Decaf Java?

Posted: February 26, 2013 in Uncategorized
Tags: , ,

https://i0.wp.com/rack.3.mshcdn.com/media/ZgkyMDEzLzAyLzI2Lzk4L0phdmF0aHJlYXQuZGQwN2QuanBnCnAJdGh1bWIJOTUweDUzNCMKZQlqcGc/74de838b/259/Java-threat.jpgHopefully, you’ve heard about the recent security vulnerabilities involving Java. I blogged about it last month in this post.

“Patch and pray” might be a good start for dealing with software issues like this but you can do more. The reason? There’s always going to be another vulnerability and, in some cases, the bad guys will exploit it before the good guys have developed a defense for it — the dreaded “zero-day” vulnerability.

So what can you do? In my previous post I extolled the virtues of the NoScript browser plug-in as one approach. It doesn’t have to stop there, though.

There’s a good article entitled “How to Safely Keep Java in Your Web Browser” that points out just how difficult it is to wean yourself off of Java (the software — not the beverage) along with some possible strategies to lessen the risk. Among the techniques described involves using separate browsers for Java and non-Java content (which is sort of a more drastic version of the NoScript approach).

I hope you find it useful since going cold turkey with Java could be the equivalent of cutting off your nose to spite your face …