Homeland Security still advises disabling Java, even after update
CERT Vulnerability Note VU#625617
Although there is a new round of attacks, Java vulnerabilities are not new at all--Java has been outrageously unsafe for at least the last four years. I take over computers with Java attacks often in hacking demonstrations.
If you don't know what Java is, you probably don't need it, and the safest action is to uninstall or disable it, using the instructions below:
How do I uninstall Java on my Windows computer?
How do I uninstall Java 7 for my Mac?
How to disable Java using the Java Control Panel
Java has been updated to stop the attacks that are underway right now, and for most users the update is automatic. Just allow the update to run next time it pops up. You can also visit the official Java update page:
http://www.java.com/en/download/help/java_update.xml
Here are some good free antivirus products:
For Windows, you can use Microsoft Security Essentials:
http://windows.microsoft.com/en-US/windows/security-essentials-download
For the Mac, you can use Sophos:
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
For Android, use Lookout:
Here are some known problems with the products I have recommended, and alternatives:
The Java patch doesn't fix both bugs in the current attacks, but only one of them.
Microsoft Security Essentials failed a recent test by "AV-Test". You may get better protection with Avast!
Several security problems were recently found in Sophos Antivirus. Those problems have been fixed, but users who don't want to use Sophos may prefer to use some other free antivirus for Mac.
You may want to allow Java only for specific pages.
You could also use a two-browser approach.
Posted 10 am 1-15-13 by Sam Bowne