CHINA TOPIX

12/22/2024 06:45:32 pm

Make CT Your Homepage

Internet Explorer to Block Java Starting Next Week

Internet Explorer logo

(Photo : Wikimedia Commons)

Microsoft said that Internet Explorer will begin notifying users of potentially insecure plug-ins launched by pages on the Internet.

The modification to Explorer reflects similar features located in Microsoft's rival browsers Mozilla Firefox and Google Chrome. Both browsers already bar obsolete and potentially dangerous plug-ins, according to ZDNet.

Like Us on Facebook

The software giant will maintain its list of forbidden ActiveX controls and release updates as the newer versions are launched or when new susceptibilities are discovered.

When the feature that blocks unsafe plug-ins launch later in the month, the only constituent of the company's blacklist is Oracle's Java ActiveX control.

The alerts will not be triggered by one or two versions of the plug-in, either. Microsoft has identified every edition of the plug-in as a potential risk with the exception of the latest patch levels of the Java SE program, until the version that was released in early 2002.

Though it may look like an overkill, it's still quite reasonable, according to The Register.  Firefox 24 and all versions beyond, on the other hand, chose to have all editions of the Java plug-in default to "click to run." Even the latest Java versions were not spared.

The blockages seem to make sense if the findings of Cisco's latest security audit report are considered.

The report revealed that in 2013, 91 percent of all web-based exploits took advantage of Java plug-in weaknesses. Microsoft conducted its own research and found the approximate percentage of exploits was between 84.6 percent and 98.5 percent.

The blocking feature not only stops outdated ActiveX controls from starting autonomously but also gives the user an option to update the potentially dangerous control to its latest version.

Some extra features such as disabling the user's capability to overturn the blocking, extra logging of data, whitelisting domains, or completely disabling the feature are accessible on systems managed through group policy settings.

Real Time Analytics