Newly discovered critical security hole in IE

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Newly discovered critical security hole in IE

Post by RonH »

Here we go again :sad:
I read somewhere that Java is needed on IE9 for this threat to be enacted ...exploit code now publicly available through the Metasploit framework.
I am aware that my bank needs Java but I am unsure about some other programmes eg Secunia PSE2. Is there an easy way to determine this?

As things stand, I think that I will disable Java at all times except when it is absolutely necessary. To do this easily it would be useful to have a desktop shortcut to the Java Control Panel ... I can't seem to work out how to acheive this on either Windows7 or Vista. Clicking in the Control Panel/Advanced/Misc does not seem to bring up a shortcut.
Any ideas please?
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Newly discovered critical security hole in IE

Post by HansV »

If you leave Java disabled you'll find out quickly enough which applications/websites won't run correctly.

The Java control panel is javacpl.exe in the folder C:\Program Files\Java\jre7\bin, or in C:\Program Files (x86)\Java\jre7\bin if you have 32-bit Java on 64-bit Windows. If you have Java 6 instead of Java 7, use jre6 instead of jre7.
You can create a shortcut to javacpl.exe.
Best wishes,
Hans

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Newly discovered critical security hole in IE

Post by RonH »

Thanks Hans ... I thought that turning off Java would be the solution but you never know.
Didn't realise that you could shortcut a .exe to the desktop.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Newly discovered critical security hole in IE

Post by HansV »

By the way, I don't think Java is needed for Secunia PSI (the stand-alone program); it is required for the online version, Secunia OSI.
Best wishes,
Hans

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Newly discovered critical security hole in IE

Post by RonH »

Hmm, it seems that if you have just one Java version on pc (in my case the 7/7) then you can't turn it off in the JCP/Java/View tab. Maybe the only way to turn it off is to completely uninstall?
Ron
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Newly discovered critical security hole in IE

Post by HansV »

Can you disable it if you right-click the shortcut to the Java control panel and select Run as Administrator from the context menu?
Best wishes,
Hans

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Newly discovered critical security hole in IE

Post by RonH »

No Hans.
But maybe this is the place to disable eg Advanced/Java Consule/Do not start Consule :scratch:
attachment=0]JCP.JPG[/attachment]
You do not have the required permissions to view the files attached to this post.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Newly discovered critical security hole in IE

Post by HansV »

Showing or hiding the console is not the same as enabling/disabling Java.

Try disabling Java in IE9 itself:
- Click the gear icon in the upper right corner and select Manage Add-ons... (or select Tools | Manage Add-ons...)
- Select each of the Java(tm) items and if they're enabled, click Disable.

If you need to enable Java temporarily, do the same but click Enable.
Best wishes,
Hans

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Newly discovered critical security hole in IE

Post by RonH »

Heck ... I always work with these two disabled but 'Java' still works ... :scratch: I think that these add-ons are not needed for 'normal' Java operation eg when used in a bank log-on. Seems that once installed, Java is very persistant.
Java.JPG
[/url]
You do not have the required permissions to view the files attached to this post.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Newly discovered critical security hole in IE

Post by HansV »

I found some articles that state that the only way to be sure that Java is disabled is to uninstall it completely. But that it not an attractive solution if you need Java for online banking. Perhaps you should leave Java enabled and hope for the best... :crossfingers:
Best wishes,
Hans

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Newly discovered critical security hole in IE

Post by HansV »

By the way, there is no need to place [url] and [/url] tags around an uploaded image.
Best wishes,
Hans

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Newly discovered critical security hole in IE

Post by RonH »

Thanks Hans ... looks like they have got me by the bxxxx.
I just love some of these organisations :groan:

I suppose that I could opt to install a different browser but you get so used to IE ... If I did change are there Eileen views on which is the best.
Thanks for spending Wed afternoon helping me ... we both should be watching the Cycling Worlds coming from your country!

Ref browsers ... this review pretty much rates IE as good as the other two favorites.
http://internet-browser-review.toptenreviews.com/
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Newly discovered critical security hole in IE

Post by HansV »

Each browser has its fans and its detractors.

Google Chrome is very popular at the moment; it works well but you have to like the minimalistic interface, and it's rather invasive - it installs several services that run all the time even if you're not browsing, and it's difficult to uninstall cleanly.

Firefox appears to have fallen back in the race recently, and it's had its share of problems, but it's still an excellent browser.

Opera is a much smaller player, but it's fast, versatile and safe. (And it's from Norway!)

Safari from Apple is also a small player on Windows; people either love or hate Apple, it seems...
Best wishes,
Hans

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Newly discovered critical security hole in IE

Post by RonH »

Thanks Hans ... as with playing cards I think I will 'stick' with what I have and take the chance.
Google is attractive but, as you say,invasive is their style.
IE9 just works with no hassle from MS ... I guess I will eventually move onto IE10 which will be supporting Windows 7.

Enjoy the cycling now and thanks again.
Ron
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Newly discovered critical security hole in IE

Post by RonH »

Just a quick one ... is Java safer to use with the Chrome browser?
Just for a look and play I actually downloaded Chrome and first impressions are good.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Newly discovered critical security hole in IE

Post by HansV »

No, I don't think Java is safer in one browser than in another.

The recently discovered security hole in IE has nothing to do with Java, it's in the browser itself - see the thread Security problem in IE6 - IE9.
Best wishes,
Hans

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Newly discovered critical security hole in IE

Post by RonH »

Thanks Hans ... yes I understand that but somewhere I read that 'it' needed Java to enact the security hole in IE9. So I was guessing that using Java with Chrome would be an OK short term solution since Chrome browser did not have the 'hole' and Java is not currently an issue as I understand.
It never stops does it ... :hairout:

Stop Press. To turn off Java in Internet Explorer rt click (hold down) on the Default Java for Browsers/Microsoft IE and then press space bar. Reverse to get it back.
Java.JPG
You do not have the required permissions to view the files attached to this post.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
Leif
Administrator
Posts: 7193
Joined: 15 Jan 2010, 22:52
Location: Middle of England

Re: Newly discovered critical security hole in IE

Post by Leif »

Leif

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Newly discovered critical security hole in IE

Post by HansV »

Thanks, Leif.
Best wishes,
Hans