I just learned the hard way about why it is no longer a good idea to install or use Java on your Wintel computer or especially Java extensions in browsers. Internet Explorer seems the most vulnerable to this form of malware. Apple caught on to this scam early enough to disable Java in later versions of Safari in OSX with the equivalent of ClicktoFlash, an extension which stops most malware popups before they start. The bad guys who exploit this Java security hole are the same ones who call you up on your telephone representing themselves as Microsoft and attempt to goad you into giving them access to your computer, which they will promptly corrupt and then ask you for a credit card number to sign up you and your computer up for a pricey multi-year tech support package. The crap they leave behind on your computer to connect with their server each time you reboot the computer is a nightmare. Don't fall for it. The warnings about this practice and how Java and Java browser extensions are available on the internet, but are not forceful enough. In Internet Explorer, access Tools:Internet Options:Manage Add-Ons. Remove any having anything to do with Java. In Control PanelPrograms and Features, remove any program that has the word Java anywhere in its description. I hope Windows 10 fixes this problem the same way Apple did. It's more than a tiny bit of pain to leave such a gaping hole in Java. Too bad, the scammers ruined something that used to be good. Don't bother complaining to Microsoft or the Fed. They don't seem to be in the least measure interested in taking down these scammers.
yeah I second the OP, Java updates have exposed my computer to so many bugs and also their constant pestering of automatic updates has gotten me very annoyed.
Somehow this Java extension to a browser, particularly Internet explorer, also makes it possible for the perpetrator's selected websites to obtain more advertising 'hits'. Just one more way the commercialization of the Internet is bad. In the good old days, it was none of advertiser's beeswax 1) where you went 2) what you bought or 3) who you contacted and 4) mainly, how many times you visited a store or a website. This model is flawed, and as a result, we have just lost what was a wonderful resource ( Java). And the perpetrators are laughing all the way to the bank.
Simply put... don't use IE. It is the primary vulnerability, not Java. Chrome is decent, Firefox (or it's 64 bit brother, Waterfox, if you run a 64 bit OS) is good as well... hell, pretty much anything that isn't IE is good... Java is fine, so long as you keep the security prompts on, pay attention to what pops up, and don't go to shady websites. Their "pesky automatic updates" are mostly security vulnerabilities getting plugged. I don't think ya'll understand how difficult it is to program something that allows as much utility and functional flexibility as Java does whilst still maintaining security. It's quite difficult, especially when you have to make it work on such a varied scope of hardware and software.
could it be "Java" is antiquated and they are looking for a way out? Well, what do you need Java for? Kittanaru, what is wrong with IE? I mostly use chrome but what is it?
Java and Flash are both pretty dated (and can/will be replaced by HTML5) - the problem is, a LOT of legacy websites (government websites, business websites, etc) still use it, so removing it will leave you unable to access some (or sometimes any) of those websites functions. As for IE - it isn't a problem with IE itself; rather, because IE comes pre-installed with Windows, it is the largest and most wide spread browser in existence, period. As such, it is the largest target for hackers/attackers to exploit, and thus gets a lot of attention. By simple statistics, more issues with IE can/are found because of this.
If you find that you don't need Java for anything, not having it does eliminate a vulnerability. But the bit torrent program I use requires it, so I keep it. I make sure to update it when prompted, and I almost never use IE. Ad Block Plus with Chrome or Firefox helps keep you safe. If you really want to be secure No Script is a big help, but it can also be a bit annoying to use.
As if the Java issue wasn't bad enough, over the last three weeks my Windows laptop has been the subject of repeated malware attacks from agents like "Tivoli" and "Tapika". Once installed, they change the search settings on several browsers making them useful only for searches that result in more malware installations! A friend told me to install MalwareBytes to eliminate the infestation, and thankfully, it worked, but the problem was a little deeper and more sinister than I first realized. In the next two attempted attacks blocked by MalwareBytes, a window strongly resembling an official Microsoft Update window presented itself (weird also because I have adjusted the settings so that it was NOT supposed to do automatic updates) and indicated some suspicious looking updates were needed. One of them was identified as an update to the driver of my HP Officejet Pro printer, but this should have come through the HP update utility, not Microsoft. Well, it was not allowed to install itself, thankfully, but later I found the culprit for this bizarre and disturbing misbehavior. Malware hackers have apparently perfected the technique of co-opting GOOGLE CHROME to install malware through an interface that strongly resembles the Microsoft Update window. If this doesn't sound sinister to you, it's only because this hasn't hit your computer yet. Read on. For the last several years, Google Chrome has been the go-to browser for better security than is possible with something like Internet Explorer. For that reason, most folks with windows computers will make Chrome their default browser. Don't believe for a minute that Microsoft Corporation hasn't taken note of this. They are preparing to roll out their own replacement for their buggy and security challenged browser, and they are taking a cue from Google to make it execute mostly in the cloud, with very little code for the browser actually stored on user's computer systems. This is why, even though I uninstalled Chrome and all other browsers in the middle of my malware infestation, when I put Chrome back, it persisted in attempting malware attacks up until the moment I switched default browser status back to Explorer. You see, while Microsoft is preparing to roll out their latest replacement for Explorer modeled after Google Chrome, and they just couldn't resist making Chrome users less secure by using security holes they found in it while developing their own browser based on a similar concept. And so it will be a cold day in purgatory when I use Microsoft's browser for browsing the internet or anything else. If Google or someone other than Microsoft can't provide me with a windows browser that does not download malware without support from something like MalwareBytes, the next OS my laptop will be using will be LINUX, not Windows 10.
