U.S. warns on Java software as security concerns escalate

Discussion in 'Backup and Security' started by Banjo, Jan 11, 2013.

  1. Banjo

    Banjo

  2. In control panel I am able to disable java as a user but not for the system and as long as its enabled in the system TWS still will run .

    The article is very vague but I dont know anything about java. Hope I am not being attacked
     
  3. mm19

    mm19

    crazy man that has important stuff on computer with access to internet.
     
  4. The Java exploits normally are miscreant anonymous java "applets" hidden on a web page. As long as you disable those one way or another you are fine. I disable them by disabling all plugins (including Flash, Java etc.) in Chrome. You can override when you want on an individual web page that way.

    Your way of disabling them in the control panel is fine too.

    Since we are obtaining TWS directly from a trustworthy source (IB) we do not need to worry about that Java program.
     
  5. By the way Sun has now sent out a patch for this exposure which you can install by checking for updates from the Java control panel.

    But personally as mentioned I use Chrome and disable all plugins, including Flash and Java etc. You can still override on an individual basis. This really speeds up web browsing too.
     
  6. I meant Oracle not Sun.....


     
  7. Bob111

    Bob111

    pass this to IB..
     
  8. Here is a more detailed description of what to do:

    "Gowdiak and Chou each recommended that users run Firefox or Chrome, both of which provide a feature dubbed "click-to-play" that requires the user to explicitly authorize a plug-in's execution.

    In Chrome, the setting is under the advanced section of Settings (Windows) or Preferences (OS X), in the Privacy subsection. Users must click the "Content Settings" button, then scroll to view the "Plug-ins" listing."

    http://www.computerworld.com/s/arti...S_CERT_continues_call_to_disable_Java_plug_in

    This will shield you from almost all Java, Flash, Acrobat etc. web exploits (because you are not running these plugins any more except when you click-to-run in a specific case).