Disable Java for security?

Question

growler62000 Author

Level 1

120 points

Disable Java for security?

I have Mac OSX 10.6.8.

I read these articles:

How to Detect and Protect Against Updated Flashback Malware

http://tidbits.com/article/12918

Flashback botnet: The end of the Mac’s malware immunity?

http://www.digitaltrends.com/computing/flashback-botnet-the-end-of-the-macs-malw are-immunity/

Beware the Morphing Flashback Malware

http://tidbits.com/article/12818

So, I disabled Java in all 4 of my installed browsers. So far I have not noticed any downside.

“Disabling Java will block Flashback’s “drive-by” attack, and is the most effective way for earlier users of Mac OS X to protect themselves.

• Safari—Go to Preferences > Security, and uncheck “Enable Java.” (While you’re in there, go to Preferences > General and make sure “Open ‘Safe’ files after downloading” is unchecked.)

• Firefox—Choose Tools > Add-ons, select the Plug-ins Tab, and click the “Disable” button next to Java Plug-in.

• Chrome — Type chrome://plugins in Chrome’s address bar. A list of available plug-ins will appear. Find Java and click the “Disable” link beneath it.

This doesn’t remove Java from your system, it just prevents Web browsers from launching or running Java apps. That’s enough to protect you from the drive-by nature of the Flashback attack. You’ll still be able to run desktop applications that require Java — a common example is things like Citrix’s GoToMeeting — but you may find you need to selectively re-enable Java in a browser to log in to services or download updates. In that case, you can selectively re-enable Java to get an app running, then disable it again when you’re done.”

http://www.digitaltrends.com/computing/flashback-botnet-the-end-of-the-macs-malw are-immunity/

I also disabled Java in Opera browser from opera:plugins

Comments?

iMac 24, Mac OS X (10.6.8), 4 GB RAM, LaCie d2 Quadra 500 GB HDD (Win XP Pro-Boot Camp)

Posted on Apr 6, 2012 8:37 PM

Reply

Answer 1

growler62000 Author

Level 1

120 points

Apr 6, 2012 11:46 PM in response to growler62000

Since I have disabled Java in all my browsers is there any reason to Go into Utilities/Java Preferences/General tab & uncheck both “Java SE 6” boxes? Not sure where else other than browsers Java is used & what threat any non-browser use of Java may pose.

Reply

Answer 2

John Galt

Level 10

141,060 points

Apr 7, 2012 12:16 AM in response to growler62000

The latest threat is through authentic-looking, but fraudulent Adobe Flash installation dialogs which can only appear when using a browser. Diabling Java will prevent the trojan from entering your system that way.

Java can also run as a standalone app for other programs designed for it. I believe Limewire was one example. It's been defunct for years and I don't know if there are any similar programs in common use. Disabling Java in Java Preferences as you explained will shut that door for good.

For what it's worth I have not needed Java for anything since I bought my latest iMac. When I opened Java Preferences I got this:

I was kind of surprised that I never even installed it. It's fair to say you probably won't miss it.

The digitaltrends headline you referenced is misleading - Mac malware has existed in many forms for many years. OS X gives complete and unfettered access to any program, good or evil, that a user chooses to install by granting access with his login name and password.

This is nothing new, nor does it herald the "end of immunity" since immunity never existed.

Reply

Answer 3

growler62000 Author

Level 1

120 points

Apr 7, 2012 1:01 AM in response to John Galt

John Galt,

First, I want to say awesome user name/location.

I went ahead & unchecked both “Java SE 6” boxes in Java Preferences.

I know the headline was sensationalized but, the article seemed to have good info.

I’ll be interested to see if others chime in with any reasons to not disable Java.

Good Premises,

Steve

Reply

Answer 4

etresoft

Level 8

46,200 points

Apr 7, 2012 9:37 AM in response to growler62000

growler62000 wrote:

I went ahead & unchecked both “Java SE 6” boxes in Java Preferences.

I’ll be interested to see if others chime in with any reasons to not disable Java.

You don't really need to disable all of Java like that. You can just turn off support for Java applets in Safari > Preferences > Security.

Reply

Answer 5

growler62000 Author

Level 1

120 points

Apr 7, 2012 5:23 PM in response to etresoft

etresoft,

I know you read my 1st post & know that I already did just that. (Turned off Java in Safari Preferences) Also, I turned it off in other browsers.

Do you disagree that Java can run in some programs (other than browsers) & disabling Java in Java Preferences will stop that? If you think that is unnecessary because there are very few programs that do run Java then what is the downside to disabling Java in Java Preferences as well as disabling Java in each browser?

I understand that this security hole has been belatedly patched by Apple & doing nothing & allowing Java to run may not lead to any problems but, why not disable Java completely as I have done. This may protect against future security holes that may not be patched by Apple for months.

Again, what is the downside to doing as I have done?

Reply

Answer 6

fane_j

Level 4

3,697 points

Apr 7, 2012 5:57 PM in response to growler62000

growler62000 wrote:

the downside to doing as I have done?

The downside is that you won't be able to use apps which require Java or Java applets. How much of a downside that is depends on what you do and what apps you use. Some apps are dependent on it (eg, muCommander—but how many Mac users run muCommander?). Some are only partially dependent—I'm not sure if OpenOffice and NeoOffice still need it for "full functionality". (You'd be seriously affected if you used it for x-platform development; but, if you did, you wouldn't have had to ask the question.)

There are also some specific circumstances which require Java, eg, if you study or teach certain subjects

<http://www.particle.kth.se/~fmi/kurs/PhysicsSimulation/>

Of course, you can always turn it back on the same way you disabled it. IMHO, it's safer if it's off, in case you need to use a different browser (eg, Firefox or Chrome) and forget to disable it in that browser.

Reply

Answer 7

etresoft

Level 8

46,200 points

Apr 7, 2012 6:03 PM in response to growler62000

If you don't need Java for anything, then it is fine to turn it off. I have a couple of Java programs I need for work. I have seen a couple of other decent Java programs. Aside from those, it is a sea of bloat and mediocrity.

Reply

Answer 8

growler62000 Author

Level 1

120 points

Apr 7, 2012 11:01 PM in response to fane_j

OK, so the downside seems to be if you need Java to run certain programs they will not work correctly & you would need to re-enable it. Hopefully, you would get some pop up window or message telling you that Java is disabled in case you forget that you disabled it long ago. <GRIN>

Unless I hear a reason for me to enable Java I will leave it disabled in all my browsers & disabled in Java Preferences. Should I ever need if for a specific program I can re-enable it in Java Preferences while leaving it disabled in all the browsers.

Since several hundreds of thousands of Mac users (that we know of) were adversely affected (via Java) during the several months it took Apple to patch the hole, it seems prudent to disable it unless you know that you require it.

Reply