Against a rising backdrop of multiple Java security issues – culminating in Oracle’s emergency patch causing the Java sandbox to be bypassed – I warn Windows users that the extensible code should now be disabled on users’ Web browsers – and only enabled as and when needed.
The fact that Bugtraq is reporting Oracle’s latest patch has sidestepped the Java sandbox protection shows that the extensive code environment – which hits its 21st birthday this year – is now clearly past its sell-by date.
Put simply, Java now creates more problems than it solves, so users should opt to disable the option to run – under Firefox this is relatively easy and there are various extensions to most mainstream browsers that allow rapid toggling when the facility is required.
QuickJava, for example, is a Firefox extension that does just this. And as I said last month, even though Windows Defender is going to be an integral security feature of Windows 8, enterprises will still need to use a centralised management and reporting system for their security technologies.
Modern malware writers are more interested in accessing valuable data than distributing denial of service attacks that cause computers to enter an endless reboot cycle.
In order to get to that information, no special operating system privileges are required. If administrative rights are needed for malware to run, it’s more likely to end in a mission failure for the cyber criminals, thanks to technologies which help enterprises run with standard user accounts.
As more businesses adopt least privilege on the desktop, hackers are changing their tactics to access sensitive data, meaning that layered security on endpoints remains important. By implementing measures such as application control, effective management and application whitelisting risks are minimised and sensitive data is kept safe.
It’s episodes like this string of Java security problems that show – despite the enhanced security seen in newer versions of Windows – there is still a strong need for third-party security solutions that give IT security departments the management and reporting tools – as well as additional layers of security – they truly need.