Reminder: Keep Flash and Java Updated

Over the past year, Zypes has updated our client’s computers numerous times to fix critical security vulnerabilities in Flash and Java. These two programs are on almost every PC and are also the top two attack vectors for getting a machine infected or compromised. These attacks are often cross platform, meaning they can affect Windows and Mac operating systems equally. Apple has taken a proactive stance on protecting their users with a combination of auto-updating and blocking vulnerable versions from running. What makes it even worse is that anti-virus programs will usually not block these attacks, because they are not viruses. They take advantage of a flaw in the program that allows access into your system, and then can install viruses or malware without it being detected.

Windows systems are more vulnerable and must be kept up to date manually, although things are improving there as well. If you use Windows 8, Flash Player is now built into Internet Explorer and automatically kept up to date. Unfortunately, due to the large amount of attacks that take advantage of ActiveX technology (only in IE), security concious users should avoid Internet Explorer and only use it on sites that require it. Firefox and Chrome are good alternate browsers, but Chrome is recommended as it also embeds and updates its own version of Flash Player, while Firefox requires manual updates.

Java can be a bit tricky because many programs and environments require it to run properly. There is not much risk in simply having it on your computer, but problems arise when it is enabled in web browsers, which it is by default. You can disable this behavior by finding Java in the control panel and changing the settings, but most users will not do this. Even if Java is kept up to date, many computers have old obsolete versions installed as well, making the computer vulnerable to attack.

Previous versions of Java are not automatically uninstalled when installing a new version. For example, as of this writing, Java 8 update 25 is the current version. After pushing out this update, all of our clients still had Java 7 update 67 installed as well, which has to be uninstalled separately.

If you want to check the security status of your browser plugins, Mozilla (makers of Firefox) has a page that you can visit in any browser to let you know of any updates you need:

Zypes is keeping our clients computers up to date using our management software, but you will want to make sure your home computers are protected as well.

Contact us for a free network evaluation and see how we can be your IT solution.