During the recent kerfuffle over yet another Java zero-day vulnerability, I saw that Carnegie Mellon CERT advised...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
everyone to disable the Java browser plug-in. However, there are users at my company that need Java outside the browser setting. Will just disabling the browser plug-in ensure Java is secure otherwise? If we roll back to an old version of Java, would it be safe to keep the plug-in installed?
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
The Java Runtime Environment (JRE) has taken a beating over the last several years. The numerous security problems with Java have led some security-conscious organizations to weigh the risks of installing the JRE against the benefits, and even consider uninstalling Java altogether.
Enterprises without an extremely compelling reason to use Java should not install the Java plug-in or JRE, as they should not install any software that isn't required by the business. If only the JRE is required, but not the browser plug-in, the JRE should be disabled in all Web browsers on the system. If the JRE and browser plug-in are installed, they should be updated as quickly as possible if they aren't set to auto-update. If the JRE is required to run an enterprise application, the JRE and application could be remotely published to the desktop or set up in a virtual environment. This could allow an enterprise to not install Java on client systems, but still have the basic functionality.
Enterprises that require the JRE should follow CERT's advice on using a network device, like a Web proxy, to selectively allow Java applets. This will help protect client systems regardless of the Web browser settings. Enterprises that require Java applets could potentially configure systems to only run a Java applet when specifically executed on the local system, or could use NoScript to control Java applets. Enterprises could also use a virtual machine for Web browsing when requiring the JRE or a virtualized Web browser (software that runs a Web browser in a virtual machine or sandbox) to limit the risk from a malicious Java applet. However, the management overhead for all of these options should be carefully weighed against the risk posed by a compromised endpoint, given the ever-increasing cost of managing client systems.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Nick Lewis
Vonteera adware has the ability to disable antimalware software on endpoint devices. Expert Nick Lewis explains how enterprises can prevent this ...continue reading
ModPOS, a new POS malware, compromised millions of credit card accounts in 2015. Expert Nick Lewis explains how cybercriminals use this malware and ...continue reading
Amex cards have been discovered to be vulnerable to credit card hacking. Expert Nick Lewis explains how this happens, and what can be done about Chip...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.