Disable Java? Here's how, after US agency warns of software 'vulnerability.'
To prevent cyber crime, the Department of Homeland Security advises Americans to temporarily disable Java 7 software, commonly used in Web-browser programs.
(Updated Saturday, Jan. 12, at 3:30 p.m. EDT.)Skip to next paragraph
Subscribe Today to the Monitor
With an eye on the security of millions of Internet users, the US Department of Homeland Security is advising Americans to temporarily disable Java, a software commonly used in Web-browser programs.
It’s not that Java itself contains a malicious computer virus. The problem is what the agency calls a software “vulnerability,” a kind of open door for hackers to infiltrate a computer. That can result in identity theft or other bad things happening on your computer.
The urgent warning, in response to known hacker activity, comes from the US Computer Emergency Response Team, or US-CERT, a part of the Homeland Security Department. [Editor’s note: This paragraph and the following contain corrected wording, to clarify the distinction between US-CERT and CERT.]
“We are currently unaware of a practical solution to this problem,” said a notice released this week by CERT, a group at Carnegie Mellon University in Pittsburgh, which often provides technical services to US-CERT.
The recommendation highlights the rising threat level in the realm of cybersecurity, and the growing efforts to make devices and networks more secure. The vulnerability in Java is just one piece of that puzzle, but it’s significant because the software is so widely used in Web browsing.
If you want to follow US-CERT’s advice and disable Java, how do you do that?
First, if you use a Mac computer from Apple, the answer appears to be simple. According to reports by technology websites including MacRumors.com, Apple has already moved to force a disabling of Java on Macs with the OS X operating system.
For other computer users, a first step may be to check what version of Java you're running. The US-CERT announcements focus on Java 7. Computer-security blogger Brian Krebs notes some uncertainty about whether other versions going back to Java 4 are affected. But he points to evidence suggesting the problem is limited to version 7.
Oracle, the owner of Java, said on Twitter that the problem is limited to "JDK7," or version 7, and that it hopes to have a fix available "shortly." (JDK stands for Java Development Kit.)