Turned on and off, just like any other plugin (that's what makes it a plugin in the first place
)Java and viruses
- Thread starter Fujitsu_Technician
- Start date
Turned on and off, just like any other plugin (that's what makes it a plugin in the first place
)
I have kept up with this thread and found it interesting enough to pop in and add something.
Poorly written or malicious code can be created in any language. Take vBulletin mods for example. Badly written code can punch a truck sized door in your security and make you vulnerable to hackers. Malicious code skillfully written can do far worse. You wouldn't believe how bad things can get with either one.
It's not the language that's at fault. It's how it's used.
Poorly written or malicious code can be created in any language. Take vBulletin mods for example. Badly written code can punch a truck sized door in your security and make you vulnerable to hackers. Malicious code skillfully written can do far worse. You wouldn't believe how bad things can get with either one.
It's not the language that's at fault. It's how it's used.
Both are probably related in all likelihood -nothing wrong with disabling both those plugins.
As I've said numerous times in the past, and will continue to say many times in the future, Javascript is an entirely separate technology, nothing to do with Java whatsoever!
For these very such occasions can I recommend the 'noscript' addon for firefox.
Disclaimer: It will take a few days 'normal' browsing to stop it asking you for confirmation about everything but is DEFINITELY worth the time to do so
It allows you to configure, domain by domain, what sites are allowed to run any type of scripting and those which aren't. There are essentially zero threats that are in common use which can be taken advantage of in your browser with scripting playing some part (the exception being blindly clicking 'download some malware from here - click me!' links).
And aside from the security benefits (which are reason enough on their own), when combined with AdBlockPlus and Ghostery it actually speeds up your page loading times significantly because of all the resource requests which aren't performed.
Some very simple rules to using noscript:
1) Go around all your main day-to-day sites which you solidly trust and select 'permanently allow domain.com'
2) NEVER click 'allow scripts globally'
3) Any page which you visit which doesn't provide you access to all the features you need (forms, voting buttons, videos etc.) - find the domain which is most likely to be hosting those features and either temporary allow (if you're unlikely/unknowingly going to visit again) or permanently allow if you're coming into regular contact with it. For example sites like facebook will require akamai's content distribution domain (akamai-hd.net I think) to work normally, so that I would add to my permanent list, but ads.doubleclick.net I would not even do temporary unless the site didn't work without it.
4) For the occasion when you're in a rush and just 'want a site to work' then choose 'Temporarily allow all this page' and it will work until you close firefox.
That should keep you plenty safe enough from 99% of web threats, for the really paranoid there's the lynx text browser in a linux vm running from a live-cd on ESXi virtualised hardware - aka the dark ages.
You *can* of course do this, though I'd say it's hugely overkill to be honest... the time taken to do this to every website I frequent would be huge, and I don't think I'd get that time saving back!
I'm using No Script, and I find it very easy to use. There is another called Flash Block that substitutes a button to see media.
