Give up your Java habit
Flash may be getting all the headlines, but Java – also used to power interactive and animated content – is even more dangerous. This is partly because “updating” Java ( www.snipca.com/17831) doesn’t remove old versions from your computer, so your hard drive could contain a disastrous collection of old versions and components that hackers are happily exploiting.
What’s more, Java content (such as games and simulators) tends to absorb your attention for longer than Flash content (mostly brief video clips). That means hackers have more time to attack you. If Flash is like leaving your front door open for half an hour, Java is like leaving it open all day. Given enough time, hackers can easily find a flaw and use it to install malware or, worse, a rootkit that runs constantly and invisibly.
There is a silver lining to all this. Java’s notoriety means it’s fallen out of favour with software makers and users, so the number of attacks has fallen too. In 2013, Java flaws were responsible for a staggering 91 per cent of all computer attacks ( www.snipca.com/17810); that number halved last year – but that’s still rather high.
In the main, Java owes its continued existence to one of the world’s best-loved computer games, Minecraft. Minecraft’s dependence on Java made players vulnerable to zero-day attacks, rootkits and other exploits beloved of Java’s predators.
In March 2015, the game’s developers finally came to their senses and created a standalone version of Java, embedded in a Minecraft launcher that you can download for free ( https://minecraft.net/ download). It’s hermetically sealed from your operating system, sandbox- style, to keep you safe from harm. Minecraft no longer requires the standard version of Java, so there’s now no excuse for having it on your machine.
First, disable it in your browser. Find detailed instructions for Chrome, Firefox, Internet Explorer (IE) and Opera here: www.snipca.com/17813. Then uninstall Java from your PC. You can do this using Windows’ built-in uninstaller, but that won’t get rid of leftover junk files – some of which may be the very files hackers have been exploiting or even installed in the first place. What’s more, there may be numerous versions of Java on your PC, and they all need removing, so a batch-uninstaller such as Iobit Uninstaller is more appropriate (see the box opposite for our favourite uninstalling tools). Email program Thunderbird used to be almost as popular as its sister browser Firefox, also made by Mozilla. But while Firefox is holding its own (just) against stiff competition, poor old Thunderbird has been shot down and is full of holes.
Look at Mozilla’s list of security advisories for Thunderbird ( www.snipca. com/17815), and check back regularly if you’re a Thunderbird user. It makes for an alarming read. ‘Arbitrary file overwriting’, ‘Miscellaneous memory
safety hazards’, ‘Privilege escalation through Web Notification’ (a flaw that gives any passing hacker more privileges than you) – and all this in only the past few months. Worryingly, some flaws keep reappearing despite regular fixes. Really, is it worth it? We don’t think so. If you use Thunderbird, export any data you want to keep and switch to a new email service.
It’s a sad story. A few years ago, Thunderbird was considered a safer alternative to Microsoft’s Outlook Express, which had more patches than a Victorian quilt. Thunderbird was also faster, more innovative and – quite frankly – cooler. But while Outlook has evolved into a cross-platform tool whose free online version successfully borrows the best elements of Gmail, including seamless integration with online tools such as Office Online and Google Drive, Thunderbird is stuck in the past.
Some antivirus (AV) tools, including the excellent Norton Security ( www. snipca.com/17817) have even identified Thunderbird as a Trojan ( www.snipca. com/17826). This is a false-positive – Thunderbird itself is not malicious. However, it’s so full of vulnerabilities that perhaps these over-zealous AVS are wise to block it.