Are you still using Java on your computer? Some of you may need it to run programs such as JDownloader or RSSOwl (there is Java Portable for that which does not integrate itself into web browsers), others because an Internet site they visit frequently makes use of it - heard that a lot of banks still use Java for their Internet banking offers. The chance is high on the other hand that the majority of users who read the article do not really need Java but have it still installed on their system.
Chance is also relatively high that the Java version on some systems is outdated and therefore vulnerable to Internet-based and local attacks targeting those security issues.
Oracle's latest Java 7 Update 10 brings along new security features that can make a Java installation more secure on the computer system.
When you open the Java Control Panel on Windows, for instance by clicking on the start button, then Control Panel, selecting View by small icons on the top right and then Java, you will notice quite a few changes in the control panel applet. One of the first is the option to disable Java content in web browsers. Just uncheck "Enable Java content in the web browser" under Security and Java won't be integrated into browsers anymore. That's great if you only need Java for local applications but not for web apps.
Doing so will render all web-based attacks targeting Java useless on the system where you have made that chance.
Here you also find the new security level listing. The default level is set to medium which allows signed applications to run even if Java is not up to date, and unsigned apps only if Java is up to date on the system. Here is an overview of all security levels available:
There is also a custom level that gives you more options in regards to how Java apps are handed on the system:
Two additional checkboxes are made available under the Advanced tab:
Java 7 Update 10 introduces furthermore new warning dialogs when the JRE is insecure and needs to be updated.
Please note that you can also modify the security levels and web Java access from the command line on Microsoft Windows:
The option to disable Java from being used in web browsers is an excellent addition that should help users who only need Java support locally and not on the Internet. The security levels too improve the overall security on systems where Java is installed, especially if they are customized or set to high or very high. It may take some testing to find out the best security level for your system though.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.