According to the excellent website Krebs on Security, a new Java exploit is set to go completely mushroom cloud on computers worldwide with outdated Java installations within the next few days.
The BlackHole Exploit Kit is used by cybercriminals for purposes various and nefarious, and is currently the most common web threat around. However, we won’t go into too much detail here about the malware itself. Instead, let’s talk about how to keep your Windows-based computer safe.
The first thing you need to do is find out if you have Java installed on your computer at all, and which version you’ve got. The easiest way to accomplish this task is to visit java.com and click the “Do I hava Java?” link. This takes you to a page with a big “Verify Java version” button:
Click the button and the site will tell you if you’ve got the recommended version of Java installed, which currently (as of July 6, 2012) is either Version 6 update 33, or Version 7 update 5. If it tells you to update, follow the on-screen instructions.
(If your computer is set up like mine, your web browser will ask you for permission to run the Java content on this page. At this point, you’ll know you’ve got it installed, but you still need to verify which version you’ve got. Click the “Run this time” button when prompted, and it will let you know if you have the recommended version.)
What if the site says you don’t have Java installed? Should you install it?
Naturally, the java.com website will suggest you do, but if you’ve been using your computer without it so far, I’d recommend not installing it at all. Java is currently the most popular channel through which exploits like the BlackHole pack are used, and new security holes are discovered all the time. If you’ve come this far without Java, there’s really no good reason to install it.
If you’ve got Java installed and want to keep it (there are still some websites that rely on it), make sure you’ve got the software set to check for updates at least once a week, but I recommend taking it a step further and checking daily. Here’s how.
1. Click the “Start” button, then select “Control Panel.”
2. Find the “Java” icon in the Control Panel window and double-click it.
3. Click the “Update” tab, then the “Advanced” version.
4. Select “Daily” and check what time of day it will check. I left mine on 11:00 PM. Click “OK.”
5. Click “Apply” and “OK.” You’re done!
Note: if the updater detects that a new version of Java is available, most of the time you’ll have to manually install the update. Your computer will prompt you when it’s time.