Wednesday, November 24, 2004
This underreported problem affects every browser and operating system
There's a computer language called Java which, among other things, lets Web developers write programs that can run (theoretically) safely on your computer.
There's a bug that takes away the "safely" part and makes it possible for nasty web sites to send you a Java program that can do much more to your computer than it should be able to. The important part is that this is a problem in any web browser, not just Internet Explorer. FireFox users are at risk. Even Linux systems are affected.
The good news is that so far it appears the bad guys aren't using this security problem to do bad things.
There are two ways to protect yourself. Well, three ways, counting "stay out of bad neighborhoods".
The easy way
You may not really need to run Java programs. Only a few web sites depend on sending them to you. You can tell your web browser never to run Java programs. In FireFox, go to the Tools menu and choose "Options...". In the dialog box that comes up, click the icon labeled "Web Features" on the left. On the right there will be a checkbox labeled "Enable Java". If it's checked, then uncheck it.
If you were still looking at the Internet through Internet Explorer, you'd go to Tools/Internet Options/Security/Internet/Custom Level/Microsoft VM/Disable Java (but I might be wrong here).
The hard way
If you use a web site that requires you to run Java, like my favorite secure email service, then you need to figure out whether you're affected and then install a fix if you need to.
The first question is what version of Java you have and where you got it. Sun and Microsoft both make the part that lives on your computer. This time the Microsoft version is the safe one and it's the competitor which has the bug. You might have either one depending on when and where you bought your computer.
Open a command prompt (in XP, go to Start/Programs and look for a black icon) and type "java -version" without the quotes and hit Enter. If it says something like "version 1.4.2_03" then you need to upgrade. If you're using the "Microsoft VM" then none of this applies to you. Visit http://java.sun.com/j2se/1.4.2/download.html and follow the links and instructions for the "Java Runtime Environment" (JRE).
|
There's a bug that takes away the "safely" part and makes it possible for nasty web sites to send you a Java program that can do much more to your computer than it should be able to. The important part is that this is a problem in any web browser, not just Internet Explorer. FireFox users are at risk. Even Linux systems are affected.
The good news is that so far it appears the bad guys aren't using this security problem to do bad things.
There are two ways to protect yourself. Well, three ways, counting "stay out of bad neighborhoods".
The easy way
You may not really need to run Java programs. Only a few web sites depend on sending them to you. You can tell your web browser never to run Java programs. In FireFox, go to the Tools menu and choose "Options...". In the dialog box that comes up, click the icon labeled "Web Features" on the left. On the right there will be a checkbox labeled "Enable Java". If it's checked, then uncheck it.
If you were still looking at the Internet through Internet Explorer, you'd go to Tools/Internet Options/Security/Internet/Custom Level/Microsoft VM/Disable Java (but I might be wrong here).
The hard way
If you use a web site that requires you to run Java, like my favorite secure email service, then you need to figure out whether you're affected and then install a fix if you need to.
The first question is what version of Java you have and where you got it. Sun and Microsoft both make the part that lives on your computer. This time the Microsoft version is the safe one and it's the competitor which has the bug. You might have either one depending on when and where you bought your computer.
Open a command prompt (in XP, go to Start/Programs and look for a black icon) and type "java -version" without the quotes and hit Enter. If it says something like "version 1.4.2_03" then you need to upgrade. If you're using the "Microsoft VM" then none of this applies to you. Visit http://java.sun.com/j2se/1.4.2/download.html and follow the links and instructions for the "Java Runtime Environment" (JRE).
# posted by Frederick @ 8:14 AM Email to a friend:
Haloscan: they provide trackback