Oracle Beefs up Security in New Java 7 Update

Paul Mah

Oracle earlier this week released Java 7 Update 10 that adds new configuration options, which should serve to significantly beef up Web browser security. The key improvement here revolves around the ability to disallow Java applications from running in a Web browser, which can now be configured from a central location within the Java Control Panel.

Often considered to be the most security plagued plug-in, the Java runtime is heavily targeted by hackers in order to gain a foothold into computers via the Web browser. Indeed, it is for this reason that security experts typically encourage users to disable Java from running in the browser, or even to uninstall Java entirely where tenable.

Unfortunately, preventing Java from running within browsers had to be done browser by browser in the past, which is a time-consuming affair that is prone to errors. Moreover, it is also not unheard of for a new Java update to inadvertently re-enable Java applications in browsers.

The latest changes in Java 7 Update 10 mean that SMBs can quickly and easily disable the running of Java applications within browsers by deselecting the “enable Java content in the browser” checkbox — and have the new configuration applied across all installed browsers. In addition, a mechanism will also let users know when their Java installation is out of date, and prompts them to update.

Finally, the new Java Control Panel also offers the option of defining a security level, which will determine how the Java runtime will treat trusted and untrusted Java applets. The default is pegged at “medium,” which will allow untrusted applets without user confirmation — though not if the Java installation is determined to be “out of date.” Setting it to “high” will force user confirmation prior to running untrusted applets, while “very high” results in a prompt for every Java applet — whether signed or not.

In related news, Oracle has also announced that it will end Java 6 security support after February 2013, though Oracle Technology Network and business users will still be able to access support.

Add Comment      Leave a comment on this blog post
Dec 21, 2012 9:26 PM rekha rekha  says:
Evosys has implemented mobile based Oracle EBS solution, acton, at Nawras, Oman. The project kicked off on 20th May 2012 and went live on 22nd Sept 2012. About Evosys: Evosys is a premium Oracle Partner providing consulting services for implementation and maintenance of Oracle Applications. We are a market-focused, process-centric organization that develops and delivers innovative solutions to our customers, consistently outshining other market players. We are fully committed to deliver quality services and are proud of our outstanding success in delivering 100% successful projects for all our 50+ global customers over a period of 6 years. We are known for combining speed of implementation with the quality of delivery. We believe in industry specialization and have strong references in implementation of end to end ERP solutions for verticals like Healthcare, Public Sector, Education, Construction, Shipping, Logistics, Manufacturing and Distribution. For any Oracle Service, Business Partnerships, Sales Referrals, Collaborations & Tie ups, Please contact & we shall contact you immediately. Contact Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.