Outdated Java is a bad idea

The majority of installations are outdated, leaving computers open to infection through drive-by downloads on compromised websites. I use Java and always keep it updated. At the same time it’s disabled with my web browsers, and only enabled when necessary for certain sites.

“approximately 94 percent of endpoints that run Oracle’s Java are vulnerable to at least one exploit, and we are ignoring updates at our own peril.”

Firefox user might like this if you use java → https://addons.mozilla.org/en-US/firefox/addon/quickjava/?src=search

I don’t personally use Java, however, for those who do, you can also enable click-to-play in firefox - other browsers too. In firefox:

  1. Open about:config
  2. Find plugins.click_to_play
  3. Set to true

If you do this, you will prevent all plugi-ins from auto playing, however, you can ‘whitelist’ sites you trust.

  1. On the page you wish to whitelist, right click and select Page Info
  2. Select permissions
  3. Select Activate Plugins
  4. Select Allow.

With this do you receive an alert on a each website or are all non - whitelisted sites simply blocked ?

I tried this and it works well. The only drawback is that with the plugins it’s all or nothing. For example if I go to a site and want Flash enabled and not Java and whitelist it this way then all plugins are enabled.

Unfortunately, it’s all or nothing at the moment, that will change (image fx v22). Also, don’t forget, if you have NoScript installed, it too will block plug-ins until allowed or whitelisted

By the by, I forgot to mention, click-to-play settings can also be managed from about:permissions.

[attachment deleted by admin]

Thank for the info Radaghast. I prefer Request Policy and Quick Java and can see no clear reason to use NoScript at the same time as that would be overkill. :slight_smile:

No worries, just thought an alternative may be of interest. I personally use RequestPolicy and NoScrip, as they do slightly different things, but maybe I’m just a glutton for punishment ;D