Java 7 users have been warned by U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) of a weakness enabling the installation of malicious software and malware that could potentially increase the chance of identity theft. According to US-CERT “Oracle Java Runtime Environment (JRE) 7 and earlier that is currently being exploited in the wild. This vulnerability may allow an attacker to execute arbitrary code on vulnerable systems.” DHS recommends disabling or uninstalling the software, as hundreds of millions of customers are vulnerable to the threat.
Simply disabling or uninstalling the software is not exactly ideal here, as many websites you probably access daily utilize it. If you’re a Lion or Mountain Lion user, there is a remote possibility that you don’t have Java on your system –Apple stopped including it as a default in their releases. But, unfortunately, we all know how widespread Java is, so this kind of warning should not exactly be taken lightly. Especially since US-CERT rarely issues an all out recommendation for disabling software.
You can always disable and reenable for trusted websites, but recognize this might be a bit cumbersome, so here’s a great suggestion from our friends at Tuaw.com: the Fluid.app. Here’s what it can do:
“With Fluid.app you can make a “standalone” web browser with its own set of preferences, including Java. Fluid.app will also let you say exactly which websites (domains, URLs, etc) that you want to use with that browser. Go to the “Whitelist” preferences and enter the domains. Add all of your known and trusted sites which use Java. If you come across a link to a different site, it will automatically send you over to your regular browser (where you have disabled Java). Using this system you can have the security of having Java disabled, but still have the convenience of being able to use it on sites that you trust.”
Based on this and further exploration, the app will give you better control, and enable you to proceed safely. Thanks Tuaw.com for the awesome suggestion! Now go turn off your computer and read a book or something. Java’s freaking everywhere!