Oracle earlier this week released Java 7 Update 10 that adds new configuration options, which should serve to significantly beef up Web browser security. The key improvement here revolves around the ability to disallow Java applications from running in a Web browser, which can now be configured from a central location within the Java Control Panel.
Often considered to be the most security plagued plug-in, the Java runtime is heavily targeted by hackers in order to gain a foothold into computers via the Web browser. Indeed, it is for this reason that security experts typically encourage users to disable Java from running in the browser, or even to uninstall Java entirely where tenable.
Unfortunately, preventing Java from running within browsers had to be done browser by browser in the past, which is a time-consuming affair that is prone to errors. Moreover, it is also not unheard of for a new Java update to inadvertently re-enable Java applications in browsers.
The latest changes in Java 7 Update 10 mean that SMBs can quickly and easily disable the running of Java applications within browsers by deselecting the “enable Java content in the browser” checkbox — and have the new configuration applied across all installed browsers. In addition, a mechanism will also let users know when their Java installation is out of date, and prompts them to update.
Finally, the new Java Control Panel also offers the option of defining a security level, which will determine how the Java runtime will treat trusted and untrusted Java applets. The default is pegged at “medium,” which will allow untrusted applets without user confirmation — though not if the Java installation is determined to be “out of date.” Setting it to “high” will force user confirmation prior to running untrusted applets, while “very high” results in a prompt for every Java applet — whether signed or not.
In related news, Oracle has also announced that it will end Java 6 security support after February 2013, though Oracle Technology Network and business users will still be able to access support.