DHS says “Disable Java”, Company vendors still require it

There's a good chance this content may be outdated!

This post is 4 years old—a long time on the internet. Any content within is provided as-is and is not guaranteed to work on modern systems - your mileage may vary.

2010-10-15-dhsSo here’s an interesting dilemma… the Department of Homeland Security is advising users to disable or uninstall Java – this would be fantastic, but in a business we can’t do this. Many of our vendors require Java for doing the course of business and if you know anything about businesses, they don’t like to update their standards. We still have some users who cannot use Internet Explorer 9 (or any alternative browser that the IT Department endorses as “safe for use”) because these sites simply won’t work.

But here’s where the dilemma gets really interesting. DHS says there’s an exploit, Alien Vault confirms the exploit, but from a security stand-point, I am un able to properly secure the network and the computers. So, here’s an open note to the many companies that require Java: please update to modern standards – are you going to do damage control when our network turns into a botnet? No, of course not. Please update your methods!

Leave a Reply

Your email address will not be published. Required fields are marked *