What is Java?
Java: A computer language that allows programmers and application developers to write software that can run on many different operating systems.
Many applications and websites require end-users to have Java installed. Websites incorporate Java applets (small applications) to enhance the usability and functionality of a website. When a user visits one of these websites, depending on their browser's security settings, they may have no idea that the Java applet is automatically running.
End-users typically have "Java Runtime Environment" (JRE) installed on their computer. In many instances, this software was pre-installed on their computer. More recently, this practice is becoming less common. If JRE is not installed on your computer, and you visit a website that requires JRE, generally, you will be prompted to install JRE.
What Depends on Java?
Some campus applications still require a Java JRE.
- Blackboard: There are components of CSUSB Online (Blackboard) that require the latest releases of Java JRE 6 or JRE 7. Components include: the text editor, the math equation editor, collaboration tools, virtual classroom, and chat (updated Fall 2013).
- CO reporting: Some reports to the Chancellor's Office, such as ERS reports, require require JRE 6 (updated Fall 2013).
- Optional VPN features: Java is not required for the VPN's primary function: Junos Pulse. However, some optional features of the VPN, such as Support Meetings and in-browser remote desktop require Java (updated Fall 2013).
Risks with Java
Java is designed to work on almost any computer and has been prone to numerous reports of vulnerabilities. According to the SecureList IT Threat Evolution Report released by Kaspersky Lab in May 2013,
The most widespread vulnerabilities are found in Java and [the vulnerabilities] were detected on 45% of all computers.
These attacks are based, at least in part, on older versions of Java. When a newer version of Java is released and installed on a machine, the older version may not automatically be uninstalled. This was intended to provide an easy way to roll back to an older version in case of compatibility issues. Attacks can be used by hackers to leverage and to exploit the vulnerabilities that exist in those versions. This makes Java's weaknesses an attractive target for hackers and cyber criminals.
Mitigate Java Exploits by:
- Keeping only the latest Java. Uninstall all out-of-date versions of Java that may linger on your computer.
Visit: Instructions for removing older versions of Java.
- Enabling the automatic update feature will ensure you receive important security updates when they are released.
Visit: Instructions for turning on the Java auto-update feature.
- Setting the security level from within the Java Control Panel so that you are notified before any untrusted Java applications run. Make sure to set the security level to "High" or "Very High". The most recent versions of Java have the ability to manage when and how untrusted Java applications/applets will run.
Visit: Instructions for setting the Java security level.
- Clearing cache periodically. This forces the browser to load the latest versions of web pages and programs.
Visit: Instructions on clearing Java cache.
- Allowing only known publishers. Do not allow applications from unknown publishers to run.
For additional information, please visit:
- What is Java?
- Java Security Resources
- Uninstalling Java on Windows
- Uninstalling Java on Mac
- Disabling Your Browser's Java Plugin
This message is brought to you by the Information Security Office, in promotion of the Information Security Awareness program, in an effort to advocate for safe computing practices both on and off campus. The tips are adapted from the Multi-State Information Sharing & Analysis Center August 2013 Newsletter.
If you have any questions, please contact the Infosec Awareness Coordinator.