Java Vulnerabilities

Discussion in 'other software & services' started by XiRw, Apr 6, 2015.

  1. XiRw

    XiRw Registered Member

    Joined:
    Feb 14, 2014
    Posts:
    17
    Hi, I recently needed java on my computer to go with a plugin for VLC and was wondering if I completely remove java from my internet browser only, is my computer still vulnerable to outside attacks?
     
  2. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    854
    Last time I used Java for testing the behaviour of web-based exploits, the following was still true for Internet explorer:
    (http://java.com/en/download/help/disable_browser.xml)

    Which means that exploits based on vulnerabilities in Java will still run if triggered in IE, even after using other seemingly straightforward methods to disable the Java plugins from within IE. Having to disable Java in the control panel might not be a convenient option for you. However. EMET 5.2 has Attack Surface Reduction (ASR) feature which when enabled for IE, will prevent the Java plugin being loaded by sites in the internet zone - which should afford some reasonable protection.

    Otherwise for browsers such as Firefox and Chrome, then simply disabling the browser plugin should be sufficient. You can test this for yourself, and see if a Java applet will load.