Be wary of Java

Discussion started on Tech Problems and Solutions

Be wary of Java
Java (not JavaScript, which is different) has been a huge source of potential problems in the past. Fortunately, no new Java vulnerabilities have been discovered for a while, and there have been some changes to make Java in the web browser more secure, but I would not assume the danger is over. New vulnerabilities could appear at any time. If you don’t need to have Java installed on your computer, I advise avoiding it entirely. Don’t install it at all on systems that don’t include it by default (Mac OS X 10.7 or later).
If you do need to use it, be sure you are using Safari 6.1 or later and only allow it to trust Java on sites that you absolutely must use Java on. Alternately, use another browser with a “click to plugin” feature that will block any internet plug-ins unless you explicitly allow them to run.
Other troublesome web technologies
JavaScript is not related to Java, and can’t really be used at the same level for installing malware. The worst thing that JavaScript can do is download something malicious onto your computer, but it can’t open or install that malicious app. Keep your downloads folder empty, so that these surreptitious downloads are easy to notice, and you won’t find them later and open them out of curiosity. Turning off JavaScript will cripple many sites and really won’t give you that much gain in security. If you really want to disable JavaScript, a good choice would be to use JavaScript Blocker in Safari or NoScript in Firefox to selectively allow or block JavaScripts on each site. Using such software gives greater control over JavaScript, but can be a bit of a pain in the neck.
Flash is another issue, as there are always Flash-based exploits going around. Most of the time, these exploits have only affected Windows machines, but they have also been used to infect Macs. For this reason – well, and also because I just hate Flash – I always recommend blocking Flash on a site-by-site basis. In Safari, the ClickToFlash extension can be used to block unwanted Flash content, loading it only when requested by the user. For Safari 5.1 or later, get Marc Hoyois’ ClickToFlash extension. For older versions of Safari, use the older ClickToFlash plug-in. Alternately, using Chrome could be greatly beneficial, as Chrome has similar “click to play” functionality built-in and wraps Flash in an additional sandbox, making it more secure.

See next post for part 4
#2 - May 26, 2015, 08:08:34 PM


0 Members and 1 Guest are viewing this topic.