The majority of installations are outdated, leaving computers open to infection through drive-by downloads on compromised websites. I use Java and always keep it updated. At the same time it’s disabled with my web browsers, and only enabled when necessary for certain sites.
“approximately 94 percent of endpoints that run Oracle’s Java are vulnerable to at least one exploit, and we are ignoring updates at our own peril.”
With this do you receive an alert on a each website or are all non - whitelisted sites simply blocked ?
I tried this and it works well. The only drawback is that with the plugins it’s all or nothing. For example if I go to a site and want Flash enabled and not Java and whitelist it this way then all plugins are enabled.
Unfortunately, it’s all or nothing at the moment, that will change (image fx v22). Also, don’t forget, if you have NoScript installed, it too will block plug-ins until allowed or whitelisted
By the by, I forgot to mention, click-to-play settings can also be managed from about:permissions.
Thank for the info Radaghast. I prefer Request Policy and Quick Java and can see no clear reason to use NoScript at the same time as that would be overkill.
No worries, just thought an alternative may be of interest. I personally use RequestPolicy and NoScrip, as they do slightly different things, but maybe I’m just a glutton for punishment ;D
