What's All the Buzz About Java? Fixing The Vulnerability
No doubt you’ve seen news reports or a post on your social network alerting you to concerns about something called “Java” that could cause trouble on your computer. If you aren’t sure what’s happening or need a straight forward explanation for a friend or loved one, here’s an overview to help you sort this out:
What is Java? Both a language and a platform to run websites and programs, it’s used by many, many computer users, both on the PC and Mac operating systems. It’s also used by many other kinds of technology, from smartphones to parking meters to game systems.
Where is it found on my computer? It was likely installed by the manufacturer. If you have automatic updates for Java on Windows turned on (it’s called Java Auto Update), it’s updating itself. To configure Auto Update, you will need to open your Java program. For most Windows users it is found within the Control Panel. Java should update itself automatically for Mac users as well, but in case you aren’t sure, you can find information on updating Java for Mac at this page.
What is the problem? There is a “hole,” or vulnerability, in Java 7 unless you install the latest patch. There are toolkits allowing someone to gain control of your computer by leveraging the hole in Java if you should visit an infected or compromised website.
Who discovered a problem? Last week, the US Department of Homeland Security issued a warning to Americans, recommending we temporarily disable Java on our computers to minimize the opportunity for a hacker to leverage vulnerabilities and gain control of our computers.
How do I fix it? First, remain calm. Despite the urgency of the warning, it’s unlikely you’ve been infected if you are running security software such as Norton – we protect against this vulnerability – and haven’t visited the wrong websites. Update your Java to get the patch available to fix the issue. Visit the Oracle Java site to learn if you have the latest version. Click the “Do I have Java?” link to determine which version you have. The latest version with a patch to address this vulnerability is 7.11. If you still wish to disable Java as the DHS recommends, you can do so. Oracle has a page with detailed instructions for you.
What other actions should I take? Take the opportunity to review your security software. Make sure the subscription for your Norton security product (or other brand) is still valid and the product is up to date. Review your operating system and other key programs to be sure you are using the most current versions and have applied all appropriate patches.
Where can I learn more? For a more technical review of the issue and Norton by Symantec’s recommendation, look no further than our Security Response team’s blog:
http://www.symantec.com/connect/blogs/additional-protection-recent-java-zero-day
http://www.symantec.com/connect/blogs/java-zero-day-dished-cool-exploit-kit
Or the Oracle Security Assurance blog: https://blogs.oracle.com/security/entry/security_alert_for_cve_2013
© 2023 NortonLifeLock Inc. All rights reserved.
Comments
edsennett: It's frustrating when these instances crop up--when you feel like you don't get enough information on how to protect your very expensive computer. I was advised a couple of years ago to run NoScripts EVEN IF I USE NORTON. Every website you go to is instantly checked for malware by NoScripts. It feels very intrusive until you get used to it, because it disables Java everywhere until you enable it. Enabling is easy, at the bottom bar of your computer screen (provided by NoScripts). If you install it, it means you don't have to worry about going to the "wrong" websites. You're always protected. You can get it free at filehippo.com, a very safe download site. This information was given to me by geekstogo.com, a free computer trouble-shooting site based in London.
What is Java? Both a language and a platform to run websites and programs, it’s used by many, many computer users, both on the PC and Mac operating systems. It’s also used by many other kinds of technology, from smartphones to parking meters to game systems.
Where is it found on my computer? It was likely installed by the manufacturer. If you have automatic updates for Java on Windows turned on (it’s called Java Auto Update), it’s updating itself. To configure Auto Update, you will need to open your Java program. For most Windows users it is found within the Control Panel. Java should update itself automatically for Mac users as well, but in case you aren’t sure, you can find information on updating Java for Mac at this page.
What is the problem? There is a “hole,” or vulnerability, in Java 7 unless you install the latest patch. There are toolkits allowing someone to gain control of your computer by leveraging the hole in Java if you should visit an infected or compromised website.
Who discovered a problem? Last week, the US Department of Homeland Security issued a warning to Americans, recommending we temporarily disable Java on our computers to minimize the opportunity for a hacker to leverage vulnerabilities and gain control of our computers.
How do I fix it? First, remain calm. Despite the urgency of the warning, it’s unlikely you’ve been infected if you are running security software such as Norton – we protect against this vulnerability – and haven’t visited the wrong websites. Update your Java to get the patch available to fix the issue. Visit the Oracle Java site to learn if you have the latest version. Click the “Do I have Java?” link to determine which version you have. The latest version with a patch to address this vulnerability is 7.11. If you still wish to disable Java as the DHS recommends, you can do so. Oracle has a page with detailed instructions for you.
What other actions should I take? Take the opportunity to review your security software. Make sure the subscription for your Norton security product (or other brand) is still valid and the product is up to date. Review your operating system and other key programs to be sure you are using the most current versions and have applied all appropriate patches.
Where can I learn more? For a more technical review of the issue and Norton by Symantec’s recommendation, look no further than our Security Response team’s blog:
http://www.symantec.com/connect/blogs/additional-protection-recent-java-zero-day
http://www.symantec.com/connect/blogs/java-zero-day-dished-cool-exploit-kit
Or the Oracle Security Assurance blog: https://blogs.oracle.com/security/entry/security_alert_for_cve_2013
if your PC has been infected and is locked, what can you do to restore it?
I am a Norton 360 user. I use my PC on line most of the day just about every day, and after reading the comment by marine5 I was concerned that Norton may not be protecting my PC, so I downloaded and ran Microsoft safety scanner. Did a scan and found no problems, viruses, or any malicious anything, so clearly Norton is doing exactly what it is supposed to. Have been infected before when using MacAfee, but never had any problems since I changed over to Norton, 18 months ago.
I wanted to comment after reading the other comments on this virus on Java, I have Norton also and after years of trusting and only going with Norton 360 I have been so much protected and so very satisfied. I had MacAfee before and nothing but trouble all the way even messed up my computer so bad we had to destroy it. Have always trusted Norton and have it set up to the best qualification they suggest and no problems. Thanks Norton 360!!!!!
This software is crap! I had the 360 and I added Norton PC checkup on my computer and now it's like a virus I can't get rid of. I've been digging around my computer for months trying to get rid if it but all it does is make my PC crash. I'm going to start bombing HP with emails because I didn't buy a new computer to have to deal with these types of issues from an add on program.
To wipe t\your computer clean, as I found out after Norton 360 twice crashed my laptop, after you power on press the esc key, and when the screen gives you option press the fn9 key. This will reformat your hard drive. It will take maybe close to an hour. Then load the Norton recovery disk and restart. Your computer will be restored to the original. This will also take maybe and hour. I've had to do it twice because of 360 problems.
In Norton's HOW DO I FIX IT section...I have a problem within the wording of the sentence in this section.
.(...its unlikely you've been infected if you are runnining security software such as Norton - we protect against this vulnerability - and have'nt visited the wrong web sites.) I wonder how protected I am IF I did visit "the wrong website" unknowingly. Is there a list somewhere that includes where and who these wrong web sites are. Seems to me I am screwed if I do visit the wrong web site accidently and will not be protected even if I do have Norton if I read their statement correctly.
Comments are locked for this post.