Looking at this -- http://arstechnica.com/security/2012/08/critical-java-exploit-spreads/ -- and wondering if anyone out there is crafting policies to disable Java in the various browsers of choice. We're thinking about it. Thought I'd see if anyone else is doing anything before we start getting serious about it.
Solved! Go to Solution.
gee @justinrummel that's quite the 12 year old you have found, or just really angry adult with no control over his cursing.
disabling java is impossible if you have an SSL vpn solution, that uses java for everything it does.
i never, not once found a machine infected with the previous java scare. if you browse to reputable sites you will likely be safe i would think. Those that don't and blow their stuff up, how bad can you feel for them?
@nessts said: "Those that don't and blow their stuff up, how bad can you feel for them?"
I don't think it's a matter of feeling bad for them. I think most of us are concerned about having to clean up after those folks (and preferring not to have to if we can avoid it). Occasionally part of an admin's job is protecting users from themselves.
@justinrummel Thanks for the link.
wipe install, thats probably faster than trying to make every browser in the world safe from exploits. is it the right answer, not sure, but if a corporate user is using his computer in a way that he should not have been and corrupts it, i will just reinstall instead of debugging it. they pay for speedy resolution and wipe install is pretty quick. user data is usually save on another partition too to aid in this.
Unfortunately 'Legitimate' websites are responsible for the majority of malware. It was only a few years ago that the SuperBowl website was used to infest visitors. I have never been accused of 'coddling' end users but I don't think we can put the blame/responsibility solely on their shoulders here....
I have started to collect inventory on Java version based on the methods discussed here: https://jamfnation.jamfsoftware.com/discussion.html?id=3985
I don't want to head down the 1.7 line (downloadable from Oracle) if I can help it. Hopefully Apple releases 1.6.0_35 soon.