# Unusual DHS warning: disable Java



## Jerusalem Blade (Jan 11, 2013)

I believe this is a legit warning: Homeland Security warns to disable Java amid zero-day flaw | ZDNet

One can google it -- it's in all the news.


----------



## Zach (Jan 12, 2013)

I checked and it is also on NPR. I don't think I have it on my computer, but thanks for the heads up, Steve.


----------



## baron (Jan 12, 2013)

I have been hearing about it also. My problem is I have no idea what Java is or how to find out if I do have it. Is there a way to know if its on your computer?


----------



## Nebrexan (Jan 12, 2013)

On a Windows PC, you can try typing *java -version* at a DOS prompt (Start > Run > *cmd* > OK):

C:\>*java -version*
java version "*1.6*.0_37"
Java(TM) SE Runtime Environment (build 1.6.0_37-b06)
Java HotSpot(TM) Client VM (build 20.12-b01, mixed mode, sharing)

The alert is for Java 1.7, the latest version.


----------



## Tim (Jan 12, 2013)

Here is an article that tells you how to disable it. You probably have it on your computer.

How to Disable Java | PCMag.com


----------



## Edward (Jan 12, 2013)

Don't know if this will get the job done, but in Internet Explorer. 

From the "Tools Tab", Select "Manage Add Ons"
Scroll down to Sun Microsystems, Find the Java Plug in, highlight it, and select the "Disabled" button.

A bit more sure about this one. In the current version of Firefox: 

From the Tools tab, select "Add Ons"

Select "Plug Ins"

Scroll Down to "Java (TM) Platform
(Mine shows as 'known to be vunerable. Use with caution.'

Click the "Disable" button.

While you are at it, scroll back up, and if you have "Java Deployment Toolkit", disable it as well

There probably isn't any need to disable Javascript.


----------



## gordo (Jan 12, 2013)

Most computers use Java as it is part of many web applications. From what I read, it's only Java 7 that is compromised. If you use Firefox, they have already blocked the upgrade to it so you should be safe.


----------



## Zach (Jan 12, 2013)

I use a Mac with google chrome. What is it that I need to do? I didn't see a Java folder in my applications support folder so I figured I was in the clear.


----------



## Berean (Jan 12, 2013)

Here are instructions and further info. Java Zero-Day (Again), Time To Disable/Remove Java ~ Security Garden


----------



## Pilgrim (Jan 12, 2013)

Not knowing about this, I manually updated yesterday. I periodically check my Firefox plugins because outdated ones can leave you vulnerable. I just checked my add-ons and see a message that the Java plug-in "known to be vulnerable use with caution." I disabled it, which I think should be enough.


----------



## jandrusk (Jan 12, 2013)

As a security engineer I can tell you that I did a considerable amount of research and was able to completly take over any host with Java 7 in about 5 seconds. Even with that though there are no known malicious exploits in the wild. The DHS gave the warning, because there are two crimekits containing malware that uses it. Even if you do not upgrade to Java 7 you are not that better off, since there are other exploits that take advantage of pre-Java7 versions. Most Anti-Virus vendors are protecting against it, so I think the risk is not as high as they are making it.


----------



## jandrusk (Jan 12, 2013)

Another good point of reference.

https://isc.sans.edu/diary/Java+0-day+impact+to+Java+6+(and+beyond?)/14917


----------

