Java security threat

January 18, 2013

To: UCOP Community

From: Shirley Bittlingmeier, Client Services Officer, Information Technology Services

As you may have heard in the news, a vulnerability has been identified in the Oracle Java software for web browsers. The “Java Zero-Day” bug allows viruses and other malware to be pushed to your computer from malicious websites. Once that happens, your computer could be hacked and data stolen.

Oracle is issuing Java updates but has not solved the problem completely. The best protection at the moment is to use an anti-virus program. All UCOP computers should be using the Trend Micro anti-virus program. However, ITS is identifying computers on which it may have been disabled and will target them for installation. Also, if you travel with your laptop, you should periodically connect it to the UCOP VPN service to receive the weekly Trend Micro updates.

You can check to see if you are running Trend Micro. Look in the lower right hand corner of your screen for the icon circled below. If you don’t see the icon, call the IT Service Desk (510-987-0457) for assistance.

On Windows machines
Windows Java Security Icon

On Macs
Mac Java Security Icon

Java has a long history of security problems and it will be difficult to find a solution that makes it completely safe. You may have heard advice to disable Java. However, this is an impractical approach given the many websites and applications that require Java. In addition to running anti-virus software, you should be on the alert for possible phishing attempts to lure you to malicious websites, and do not click on suspicious links. ITS will continue to analyze approaches to the Java security problem and will provide you with more information as soon as possible.

If you have questions or concerns, please contact the IT Service Desk at 987-0457 or ServiceDesk@ucop.edu.