Java Enabled Browsers-Are You Crazy? 1
I was reviewing the web site statistics today and noticed that 63.7% of my visitors have java enabled. Java, not JavaScript.
ARE YOU CRAZY?
Having Java enabled in a browser by default seems crazy to me. There are not that many websites that need Java in a browser to run Applets, but if you run NoScript, then you can specify which websites can run Java Applets and all others cannot. If I had java enabled in a browser – which I do not – I’d definitely selectively enable it for specific web sites only.
Above are my real NoScript settings in Firefox 3.6.12 running on Lubuntu Linux 10.04.
I do understand that if you are visiting this site from work, you may not have the option to disable Java selectively.
From a security perspective, disabling all the extra plugins should increase security. Having them enabled by default is just a bad idea. These are my opinions. Computer security is one of those things where everyone thinks they are secure … until they are hacked. Then it is too late.
If you don’t use Java, turn it off by disabling the plugin. If you do use Java, please use NoScript to be selective where you allow it to run.
Of course, if you have Java applications and need to run on your desktop, please remember to stay patched. There was an important security update for Java earlier this week and there have been a number of important patches for Java the last few months.
Trackbacks
Use the following link to trackback from your own site:
https://blog.jdpfu.com/trackbacks?article_id=875
Just like Adobe software has lots of security holes, Java exploits are serious business too. There doesn’t seem the be much that can be done to stop these except deinstall Java, which probably isn’t a choice.