Stump the Geeks

What to know before you disable Java on your computer

February 3, 2013 

Q. Our computer has the version of Java that we thought was safe (6 Update 30). We of course didn’t ask for Java, it was just loaded on our now 1-year-old HP desktop, so do you have any idea what it would affect if we disabled it? We also have an ancient HP laptop that doesn’t appear to even have Java on it. I long for the old days when it was so much simpler! Thanks for any advice you can give.

Janet S., Raleigh

A. I sympathize with your frustration, but the good news is that you’re right: If you’re running Java 6, you’re in the clear.

According to the Jan. 14 update from Homeland Security’s Computer Emergency Readiness Team, Java 7 through update 10 is the version at risk for the exploit mentioned in last week’s column.

CERT recommends updating to Update 11, but is still telling the public to consider disabling Java in their browsers because “new Java vulnerabilities are likely to be discovered.”

If you still want to disable Java 6 in your browser, you’re not likely to see any adverse effects unless sites you routinely visit run Java applets.

Q. A previous column mentioned a USB device on which all of your passwords are stored. It sounds like exactly what I want, but you did not mention a brand or source for the device. Can you enlighten me further?

John L.

A. For me, the brand of the USB device didn’t matter as much as its ability to stay on my keychain.

I ended up going with a sturdy Lexar TwistTurn JumpDrive with a smaller amount of storage (4GB), since I wasn’t planning on storing anything but plain text passwords.

But because I didn’t want to drop $100 on a secure drive like IronKey, the encryption piece of the puzzle – my insurance in case anyone got ahold of the drive – was a little more tricky.

I’m a Mac user at home and at work, so I ended up going with Apple’s own built-in disk encryption.

It’s secure and easy to set up (see Apple’s instructions at http://support.apple.com/kb/ht1578), but it won’t help me much if I want to log in to my accounts from a Windows machine.

TrueCrypt and FreeOTFE are two free open-source and relatively user-friendly options (although FreeOTFE is only Windows-compatible).

But because encryption can be complicated, I reached out to Justin Troutman, a security and privacy researcher in Asheville.

If you’ve got a version of Windows from Vista onward, he recommends a built-in program called BitLocker.

“It’s one of those offerings where it’s clear the designers understand cryptography,” Troutman said in an email. “Even though trade-offs had to be made such that the cryptography wouldn’t hugely impact performance, they made the kinds of decisions you’d only trust to a cryptographer.”

Another option is to forgo the physical and stash your sensitive information on SpiderOak, a secure cloud storage service I’ve discussed here before.

“Of course you’re trusting a third party here with your data; that’s the nature of the outsourced cloud,” Troutman said.

“However, with SpiderOak, their apparent know-how makes that risk acceptable – at least for me.”

Send technology questions to stumpthegeeks@newsobserver.com. Please include your name, city and daytime phone number. Sorry, we can’t answer every question.

News & Observer is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service