Best way to protect myself from Java issues?

My antivirus has kept removing a java (oracle) exp virus only for it to keep returning.

In frustration i decided to uninstall Java until i see some positive news about any patches regarding the latest security issues to install some confidence.

Reality ,though has now set in with regards to the fact i actually use java alot and would like to find a secure way to use it - if possible.

I use java for only successful commercial sites like ADVFN and such like.

BUT is there any other way to use this software SAFELY on only 3 websites that i need it for and now i've uninstalled it should i check for any left behind Java files to remove with a CCleaner scan (not clean) IF i reinstall.

So how can i keep myself safe if i just wanted to use java on 3 or so websites on MAYBE my firefox browser and use chrome for everyday browsing non java stuff. I've only just this minute checked out the sandboxie website so know very little about it and even less about virtual machines.

I read a great thread on here on this topic hence now signing up on here.

Thanks for any help. I'm willing to go rambo style on any possible future java intruder....as long as its free.

Thanks in advance for any help.

 

I would do some scans of your Windows System Partition with at least two (2) different additional AntiMalware scanners. A few suggestions are: Malwarebytes AntiMalware, Emsisoft Emergency Kit, Dr.Web Cureit, Kaspersky Virus Removal Tool.

I would then reinstall Java and install and start using Sandboxie(paid). Configure Sandboxie reasonable tight (Forced Programs (web browsers),Start/Run Restrictions, Internet Access Restrictions, Automatically delete sandbox, etc.).

 

Thanks for that. I should have said that my AV has shown no virus is present now, but i'm in the middle of a Malwarebytes scan now.

Just been on the Sandboxie site. Considering i only want to use java for 3 websites is there much difference between the free and paid versions?

Thanks again.

 

You can get by with the Free version of Sandboxie if you do no mind a Nag Screen after 30 days. The pay version has the capability of making multiple sandboxes and the option to Force programs to run in a sandbox.

You may want to also consider using the Firefox web browser with the QuickJava browser Addon. I have never used QuickJava, but the user feedback reviews seem to be good.

https://addons.mozilla.org/en-US/firefox/addon/quickjava/

 

Thekid7,

Thanks alot. Has there been any issues with Sandboxie working on top of Chrome ?

I'd be quite happy to use sandboxie with Firefox and use that for java stuff,emails etc, and use Chrome stand alone for main/other web browsing with its java plugin turned off (with plugin turned off i'm safe from java right?), but trying to weigh up whether Chrome + Sandboxie would be MORE protection or would they possibly conflict ?

Or use FF for everything. Thats another topic i guess - which is the safer/better browser. Doh!

Cheers

 

I don't use Chrome. However, I think that many members of this forum do use Chrome and they should be able to tell you if it works with Sandboxie.

 

You can include EMET and maybe even ScriptNo.

Although ScriptNo can be a difficult adjustment, because you have to whitelist safe sites, you can change Default Mode to Allow and Unwanted Content Mode to Strict to make it a good blacklist.

 

Java can be exploited in all of the browsers, so don't let that drive your decision.

You could disable Java whenever you don't go to those particular websites. Here are instructions on how to disable it from your browsers.

http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/

It's not a painful process at all in Firefox as it's rather simple to enable/disable it - you just have to restart the browser after your selection. This is what I would do if I needed Java.

A more extreme solution is to run a live CD like Linux Mint, which comes pre-installed with Java. That's actually what I do.

 

Firefox with NoScript plugin and just temporarily allow the content you need on the sites you need.

 

Javahole, this works great and more so if you run Firefox sandboxed.

Bo

 

Thank you people !

Dont want to be a pain with my questions, but i also have Rapport installed.

Whats the awnser there ? Disable Rapport + Firefox + Sandboxie but still enable Rapport for specific sites for which it was made for ?

Or uninstall rapport?

Cheers

 

Why complicate so much?

Just install a separate (portable) Firefox (or Opera/Chromium), enable the Java plugin there and only use that browser for visiting those 3 websites.

Disable Java in all other browsers.
(Note: to be able to run two Firefox portable instances at the same time you might have to add AllowMultipleInstances=true to that .ini file.)


And with the time you saved, you can write to those 3 website admins and tell them they should drop Java.

 

Nice idea. I'll try that. On my current setup I block it with Outpost WebControl see here,

http://s11.postimage.org/wooywek9r/image.jpg

 

Finally dumped Java entirely -- the only site using it that I regularly visit has now also dropped it from their games and switched to some kind of scripting. So far, NoScript hasn't raised any warnings or complaints.

Question -- I've still got the Java Deployment Toolkit showing as a Firefox plugin, which seems to be generally agreed is of no use to the typical home user. I've got it disabled, but is there any way to completely remove it? Can't find anything obvious relating to it in Add-Remove or Win Explorer. Thanks.

 

When using Java also take a look at JavaRa, either to update or to easily remove all remnants of/or previous versions.

"JavaRa is an effective way to deploy, update and remove the Java Runtime Environment (JRE).
Its most significant feature is the JRE Removal tool; which forcibly deletes files, directories and registry keys associated with the JRE." link

 

Looks like you have residual files, which JavaRa can remove. Here's how to specifically uninstall that plugin.

 

Many thanks for that link, JL. I had to do it the hard way ... the line about exposing full path, for some reason, isn't in my about:config, so I did a search in Win Explorer for npdeploy*.*. That only turned up the first dll of the two mentioned in the article (I'd already cleaned out the Java Folders in Program Files and in Docs & Settings, so the other one was probably already gone).

Anyway, it's no longer showing in Tools/Add-ons, so presumably that did the trick. Thanks again.

 

Next time something isn't in your about:config, you can always create it. Here's a good resource: http://kb.mozillazine.org/Knowledge_Base

 

This won't affect Java at all. NoScripts blocks javascripts which are completely different and independent from Java.

 

Actually Noscript can also block Java applets. See the attached image - you can apply the restrictions to whitelisted sites as well.

 

Outpost works like a charm. You can block Java by default on all websites and then create exception for those websites that need it.

 

Thanks for that- I've been using NoScripts for a year and hadn't noticed! Stuff it blocks:
http://noscript.net/features#contentblocking

 

Oft-asked question, do I need Sun Java on my system, at all