Best way to protect myself from Java issues?

Discussion in 'other security issues & news' started by javahole, Dec 5, 2012.

Thread Status:
Not open for further replies.
  1. javahole

    javahole Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    63
    Location:
    uk
    My antivirus has kept removing a java (oracle) exp virus only for it to keep returning.

    In frustration i decided to uninstall Java until i see some positive news about any patches regarding the latest security issues to install some confidence.

    Reality ,though has now set in with regards to the fact i actually use java alot and would like to find a secure way to use it - if possible.

    I use java for only successful commercial sites like ADVFN and such like.

    BUT is there any other way to use this software SAFELY on only 3 websites that i need it for and now i've uninstalled it should i check for any left behind Java files to remove with a CCleaner scan (not clean) IF i reinstall.

    So how can i keep myself safe if i just wanted to use java on 3 or so websites on MAYBE my firefox browser and use chrome for everyday browsing non java stuff. I've only just this minute checked out the sandboxie website so know very little about it and even less about virtual machines.

    I read a great thread on here on this topic hence now signing up on here.

    Thanks for any help. I'm willing to go rambo style on any possible future java intruder....as long as its free.:D

    Thanks in advance for any help.
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I would do some scans of your Windows System Partition with at least two (2) different additional AntiMalware scanners. A few suggestions are: Malwarebytes AntiMalware, Emsisoft Emergency Kit, Dr.Web Cureit, Kaspersky Virus Removal Tool.

    I would then reinstall Java and install and start using Sandboxie(paid). Configure Sandboxie reasonable tight (Forced Programs (web browsers),Start/Run Restrictions, Internet Access Restrictions, Automatically delete sandbox, etc.).
     
  3. javahole

    javahole Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    63
    Location:
    uk
    Thanks for that. I should have said that my AV has shown no virus is present now, but i'm in the middle of a Malwarebytes scan now.

    Just been on the Sandboxie site. Considering i only want to use java for 3 websites is there much difference between the free and paid versions?

    Thanks again.
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    You can get by with the Free version of Sandboxie if you do no mind a Nag Screen after 30 days. The pay version has the capability of making multiple sandboxes and the option to Force programs to run in a sandbox.

    You may want to also consider using the Firefox web browser with the QuickJava browser Addon. I have never used QuickJava, but the user feedback reviews seem to be good.

    https://addons.mozilla.org/en-US/firefox/addon/quickjava/
     
  5. javahole

    javahole Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    63
    Location:
    uk
    Thekid7,

    Thanks alot. Has there been any issues with Sandboxie working on top of Chrome ?

    I'd be quite happy to use sandboxie with Firefox and use that for java stuff,emails etc, and use Chrome stand alone for main/other web browsing with its java plugin turned off (with plugin turned off i'm safe from java right?), but trying to weigh up whether Chrome + Sandboxie would be MORE protection or would they possibly conflict ?

    Or use FF for everything. Thats another topic i guess - which is the safer/better browser. Doh!

    Cheers
     
  6. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I don't use Chrome. However, I think that many members of this forum do use Chrome and they should be able to tell you if it works with Sandboxie.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You can include EMET and maybe even ScriptNo.

    Although ScriptNo can be a difficult adjustment, because you have to whitelist safe sites, you can change Default Mode to Allow and Unwanted Content Mode to Strict to make it a good blacklist.
     
  8. BrandiCandi

    BrandiCandi Guest

    Java can be exploited in all of the browsers, so don't let that drive your decision.

    You could disable Java whenever you don't go to those particular websites. Here are instructions on how to disable it from your browsers.

    http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/

    It's not a painful process at all in Firefox as it's rather simple to enable/disable it - you just have to restart the browser after your selection. This is what I would do if I needed Java.

    A more extreme solution is to run a live CD like Linux Mint, which comes pre-installed with Java. That's actually what I do.
     
    Last edited by a moderator: Dec 5, 2012
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Firefox with NoScript plugin and just temporarily allow the content you need on the sites you need.
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Javahole, this works great and more so if you run Firefox sandboxed.

    Bo
     
  11. javahole

    javahole Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    63
    Location:
    uk
    Thank you people !

    Dont want to be a pain with my questions, but i also have Rapport installed.

    Whats the awnser there ? Disable Rapport + Firefox + Sandboxie but still enable Rapport for specific sites for which it was made for ?

    Or uninstall rapport?

    Cheers
     
  12. erim

    erim Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    43
    Why complicate so much?

    Just install a separate (portable) Firefox (or Opera/Chromium), enable the Java plugin there and only use that browser for visiting those 3 websites.

    Disable Java in all other browsers.
    (Note: to be able to run two Firefox portable instances at the same time you might have to add AllowMultipleInstances=true to that .ini file.)


    And with the time you saved, you can write to those 3 website admins and tell them they should drop Java.;)
     
  13. Dundertaker

    Dundertaker Registered Member

    Joined:
    Oct 17, 2009
    Posts:
    385
    Location:
    Land of the Mer Lion

    Nice idea. I'll try that. On my current setup I block it with Outpost WebControl see here,

    http://s11.postimage.org/wooywek9r/image.jpg
     
  14. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Finally dumped Java entirely -- the only site using it that I regularly visit has now also dropped it from their games and switched to some kind of scripting. So far, NoScript hasn't raised any warnings or complaints.

    Question -- I've still got the Java Deployment Toolkit showing as a Firefox plugin, which seems to be generally agreed is of no use to the typical home user. I've got it disabled, but is there any way to completely remove it? Can't find anything obvious relating to it in Add-Remove or Win Explorer. Thanks.
     
  15. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    When using Java also take a look at JavaRa, either to update or to easily remove all remnants of/or previous versions.

    "JavaRa is an effective way to deploy, update and remove the Java Runtime Environment (JRE).
    Its most significant feature is the JRE Removal tool; which forcibly deletes files, directories and registry keys associated with the JRE.
    " link
     
  16. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Looks like you have residual files, which JavaRa can remove. Here's how to specifically uninstall that plugin.
     
  17. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Many thanks for that link, JL. I had to do it the hard way ... the line about exposing full path, for some reason, isn't in my about:config, so I did a search in Win Explorer for npdeploy*.*. That only turned up the first dll of the two mentioned in the article (I'd already cleaned out the Java Folders in Program Files and in Docs & Settings, so the other one was probably already gone).

    Anyway, it's no longer showing in Tools/Add-ons, so presumably that did the trick. Thanks again.
     
  18. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  19. BrandiCandi

    BrandiCandi Guest

    This won't affect Java at all. NoScripts blocks javascripts which are completely different and independent from Java.
     
  20. Actually Noscript can also block Java applets. See the attached image - you can apply the restrictions to whitelisted sites as well.
     

    Attached Files:

  21. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Outpost works like a charm. You can block Java by default on all websites and then create exception for those websites that need it.
     
  22. BrandiCandi

    BrandiCandi Guest

    Thanks for that- I've been using NoScripts for a year and hadn't noticed! Stuff it blocks:
    http://noscript.net/features#contentblocking
     
  23. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
Loading...
Thread Status:
Not open for further replies.