Recently there have been many warnings in the news about vulnerabilities in Java. Although no protection system is foolproof, OIT does provide several layers of security to help prevent computers on our campus from being exploited.
Java, Adobe Reader and Adobe Flash all have web browser plug-ins (add-ins) which are optional components designed to help a web browser (Internet Explorer, Firefox, Chrome, Safari) do certain things. For example Flash lets you view Youtube and other videos. Java lets you run some applications from within your web browser rather than having to download and run a separate program.
It is possible to disable or remove all of these plug-ins. Java in particular can be disabled in your web browsers by following their instructions: http://www.java.com/en/download/help/disable_browser.xml
The drawback would be that some functions you expect to be available in your web browser may stop working. Many security experts including CERT (the US Computer Emergency Readiness Team) recommend at least temporarily turning off vulnerable plug-ins when there is a known vulnerability discovered. You may want to do this on a home computer if you are unsure of the status of its security. Again, although no protection is foolproof, computers from OIT do have additional protection built in.
The college’s multi-layered protection starts at our internet connection. A FireEye appliance scrutinizes web traffic for viruses and other malicious programs which can exploit a web plug-in vulnerability. If something bad does get through then the second layer of protection should kick in. The Sophos anti-virus running on your computer is also designed to prevent malicious code from running. Our third layer is our patch server, Kace KBOX. When updates to Flash, Reader and Java become available we can push these out to college computers in order to repair the vulnerable software.
So how can this system break down? First, if you have a college laptop and take it home you are no longer being protected by our network appliance. Second, when a plug-in vulnerability is discovered, malicious code designed to exploit it may hit the internet before a patch is available. Third, the malicious code or virus could be a brand new program which anti-virus software does not recognize as being dangerous.
Unfortunately these plug-ins tend to be insecure and need to be updated constantly. When you see a Java or Adobe update message you should choose to allow it to run.
Often when Java or Adobe push updates they will try and combine it with some optional software (like the Ask.com web toolbar or the McAfee security scanner). Although these may be mostly innocuous we strongly recommend you decline those options. Just uncheck the option box, then click next.
Rather than wait for users to allow this software to install, OIT may push out updates using our Kace KBOX.