So here’s an interesting dilemma… the Department of Homeland Security is advising users to disable or uninstall Java – this would be fantastic, but in a business we can’t do this. Many of our vendors require Java for doing the course of business and if you know anything about businesses, they don’t like to update their standards. We still have some users who cannot use Internet Explorer 9 (or any alternative browser that the IT Department endorses as “safe for use”) because these sites simply won’t work.
But here’s where the dilemma gets really interesting. DHS says there’s an exploit, Alien Vault confirms the exploit, but from a security stand-point, I am un able to properly secure the network and the computers. So, here’s an open note to the many companies that require Java: please update to modern standards – are you going to do damage control when our network turns into a botnet? No, of course not. Please update your methods!