Get breaking news alerts via email

Click here to manage your alerts
FILE- This April 23, 2007 file photo shows the Java logo at Sun Microsystems' offices in Menlo Park, Calif. On Monday, Jan. 14, 2013, Oracle says it has released a fix for the flaw in its Java software that raised an alarm from the U.S. Department of Homeland Security last week. (AP Photo/Paul Sakuma, File)
Java flaw still worries some experts, despite fix
First Published Jan 15 2013 11:54 am • Last Updated Jan 15 2013 12:01 pm

Despite Oracle’s emergency fix to patch a serious vulnerability in its widely used Java software, several security experts on Monday advised computer users to minimize using the product, because of fears more flaws will be discovered.

"This is definitely a temporary fix," said Sorin Mustaca, a data security expert with Avira, a German-based company that sells anti-virus software. "If you do a fix under a lot of pressure and very, very fast, then only one thing will happen: more vulnerabilities. So, for me, this is just the rain before the storm. I think it will get worse, it will get much worse."

Join the Discussion
Post a Comment

Still, Mustaca recommended installing Oracle’s security patch, which is available here: http://java.com/en/download/index.jsp

But once that is done, he advised computer users to disable Java and only switch it on when absolutely necessary for some functions, such as those that handle stock trades and employee payrolls.

Although Java is used occasionally by millions of people worldwide, it is generally not vital for most computer or web-based functions, several experts noted. Mustaca said he uses two browsers, one with Java plugged in for limited purposes and another that he uses more frequently without Java activated.

"You’re better off disabling Java," said H. D. Moore, chief security officer with Rapid7, which helps businesses identify and deal with cyber vulnerabilities. "For the most part, you don’t need it."

He gave Oracle of Redwood City credit for issuing the fix on Sunday, after Thursday’s advisory from the federal Department of Homeland Security to disable Java because flaws found in the software could enable crooks to steal information and create other havoc for computer users. Oracle initially had said it would issue the fix on Tuesday.

"It’s nice to see," since the company in the past has had a reputation for reacting slowly to flaws, Moore said. But he also noted that Java has experienced a number of previous security vulnerabilities and "there is no reason to think this is the last one."

Copyright 2014 The Salt Lake Tribune. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Top Reader Comments Read All Comments Post a Comment
Click here to read all comments   Click here to post a comment

About Reader Comments

Reader comments on sltrib.com are the opinions of the writer, not The Salt Lake Tribune. We will delete comments containing obscenities, personal attacks and inappropriate or offensive remarks. Flagrant or repeat violators will be banned. If you see an objectionable comment, please alert us by clicking the arrow on the upper right side of the comment and selecting "Flag comment as inappropriate". If you've recently registered with Disqus or aren't seeing your comments immediately, you may need to verify your email address. To do so, visit disqus.com/account.
See more about comments here.
Staying Connected
Contests and Promotions
  • Search Obituaries
  • Place an Obituary

  • Search Cars
  • Search Homes
  • Search Jobs
  • Search Marketplace
  • Search Legal Notices

  • Other Services
  • Advertise With Us
  • Subscribe to the Newspaper
  • Access your e-Edition
  • Frequently Asked Questions
  • Contact a newsroom staff member
  • Access the Trib Archives
  • Privacy Policy
  • Missing your paper? Need to place your paper on vacation hold? For this and any other subscription related needs, click here or call 801.204.6100.