What's Happening

Security Alert! Information on Java

Java

The Department of Homeland Security recently issued a warning about the software plugin Java. Attackers are using Java tools to take control of computer systems.

Java is a programming “add-on” that allows your local computer to do things so that the system you are using/visiting doesn’t have to do those things for you. This makes some web experiences run faster and look “smoother” than if all that traffic had to go back and forth between your computer and the web site. Unfortunately, Java has a long history of vulnerabilities and flaws.

Homeland Security recommended removing the installed Java tools completely, but this is often not possible or practical. For example, here at Denison, folks that access our Banner and Blackboard must have Java installed and enabled to use the system. Denison’s Information Security Office provides the following recommendations based on the type of computer you are using…

University-owned computers: If you have a university owned computer, we do not recommend that you update Java yourself. There are known compatibility issues with Java and the products that use it, including Banner and Blackboard. The ITS staff will automatically provide updates, including security updates, to both Windows and Mac computers as they are tested and verified. If you upgrade manually, you may encounter problems with software applications.

Personally-owned computers (students, faculty, staff): There are steps you can take to reduce the risk associated with Java. These range from removing Java entirely to enabling it in only one browser that you use only for sites/services that require Java.

For details, please see “What is this Java thing anyway?” [pdf].

Posted Date: 
March 10, 2013