Multiple studies and analysis reveal Java as being the least secure plugin but the revelation hasn’t dampened the spirits of the workers at Oracle. The company has rolled out Java 7 update 10 (Java 7u10), the latest in the Java 7 series to improve security in its often attacked plugin. The update includes new security features and controlling capabilities in addition to a bug fixes.
Java 7 Update 10 Features and Controls
Among the new security features, major one is the ability to restrict any Java application from running in a browser. You can simply disable the Java web plugin by un-checking a single tick-box next to the option that says ‘Enable Java content in the browser’ from the Java Control Panel. Doing so helps in overcoming/eliminating most of the risks associated with having Java installed. In short, Oracle has made the Java more configurable!
There is also an alerting mechanism being included to notify users when their Java installation is getting old i.e. running out of date. If the JRE (Java Runtime Environment) is viewed as expired or insecure, additional security warnings will be displayed.to force a user to block a running the app, continue running the app, or to go to java.com to download the latest release.
Besides these, the new update brings forth the concept of security levels. There are multiple options for security setting in the Java Control Panel and the default setting level is set as ‘Medium’. It allows non-trusted apps to run without your confirmation but if you want, you can control whether to Run without prompt, Prompt user or Don’t run the app at all. The basic idea is to provide even more control and limit the potential attack surface for Java vulnerabilities.
All JAVA users are recommended to update and choose the most appropriate settings for their environment. Oracle has planned to force update to Java 7 Update 10 through an auto-update process that starts this month onward.