Cybersafety- Java & Flash

If you practice safe computing such as only downloading and installing Java and Flash from their respective legitimate sites these programs are safe. If you do not practice safe computing any program such as your browser that interacts with the Internet can be unsafe.

1. There have been reports in the past but if you keep the programs updated and practice safe computing there is likely no problem

2. Uninstall them but you will not be able to view Flash videos or use Java

3. Yes

4. I have no idea. Ask them what they were referring to. It sounds to me that they were being a little paranoid. Unless of course they were talking about government installed computers containing sensitive info. But if that was the case you should be talking with your IT Security Professionals.

5. It is a good computing practice to separate admin users from regular users. All regular users should not have admin rights to prevent malicious or accidental changes to the system. But on a single user home computer this is not a critical requirement since the casual user is typically also the admin user anyway.

1. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.

Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.

Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.

Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.

2. Another perennial weak point is Adobe Flash Player. Like Java, Flash is in well-deserved decline, but Flash content is still much more widespread than Java content on the Web. If you choose to install the Flash plugin, you can reduce your exposure to Flash by checking the box marked

Stop plug-ins to save power

in Advanced tab of the Safari preferences window, if it's not already checked. Consider also installing a Safari extension such as "ClickToFlash" or "ClickToPlugin." They will prevent Flash content from loading automatically, and will also cause non-Flash video to be substituted for Flash on YouTube and maybe some other sites. I've tested those extensions and found them safe, but you should always do your own research before deciding whether to trust any third-party software.