Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti

Security researcher recommends ditching Oracle Java platform


A security expert has warned users to uninstall Oracle's Java SE platform from their machines, as the software creates too many exploitable vulnerabilities.

Writing on his blog, Mikko Hypponen, chief research officer at security firm F-Secure, explained that users should ditch the software unless they absolutely need it.

He added that because of these vulnerabilities users need to be sure they are operating the latest version of the software, or be vulnerable to hackers.

"The risks of Java are nicely illustrated by the recent Java Rhino vulnerability. "If you're running Java, but not the latest version, you're vulnerable. So either you have to be certain you are running the latest version of Java – or get rid of it altogether."

Hypponen advised users to leave Java on their machines if they feel that they need it for a specific web application, or online banking, but to remove the plugin from their preferred browser.

He recommended that users leave the Java plug-in installed on one browser, which then can be used for this application only, to reduce the risks of using a vulnerable browser for everything.

He concluded that Google's Chrome browser is effective at securing potentially vulnerable browser plug-ins.

"Chrome has been doing a good job in sandboxing or otherwise securing risky add-ons and extensions. Many Java exploits do not work against Chrome."A recent Microsoft security report found that Java code is the most common target for hackers.





26/12/11    Çap et