Do I need Java or not? How do I know?

Determining what you have on your computer is a first step to greater security. Java is a case in point.

01/22/2013


Dear Control Engineering: You’ve been talking about security vulnerabilities with Java, so I checked my system. I have an older version which is apparently full of holes. How do I know if I have any applications that depend on Java before I get rid of it?

That’s certainly a practical question, and one with a potentially complex answer.

The simple approach is to disable or uninstall Java and just see what happens. The number of applications that depend on Java has gone down, so that isn’t a far-fetched suggestion. If nothing changes, you’re done.

But, if you have an application that needs it, how will you know? When you run that application, it may send you an error message saying it needs that utility. Hopefully it has that degree of sophistication. On the other hand, it may not or the error message won’t be so clear. You might need to have a chat with the software vendor to sort it out. If you need to re-install Java, at least install the latest version provided it will work with your application.

If that approach is too scary, you can look at the list of all programs on your computer. If you’re methodical, go down the list and check item by item. You may have to contact the original vendor.

This brings up the most critical aspect of the discussion. One of the points that cyber security practitioners stress again and again is the importance of knowing what software is running or resident on your computer or larger control system. This recent Java controversy is only one example of a vulnerability buried in some kind of software platform. There have been countless others and there will be more. When a vulnerability is exposed, do you know if it affects you? Is there an old program still there that nobody uses and you've forgotten about it? You will know these things if you know what is installed on your machines down to the latest version number. If you don’t, you might not realize what holes are in your system until it’s too late.

Peter Welander, pwelander(at)cfemedia.com

Also read: Cyber Security Vulnerability Assessment



No comments
Consulting-Specifying Engineer's Product of the Year (POY) contest is the premier award for new products in the HVAC, fire, electrical, and...
Consulting-Specifying Engineer magazine is dedicated to encouraging and recognizing the most talented young individuals...
The MEP Giants program lists the top mechanical, electrical, plumbing, and fire protection engineering firms in the United States.
Water use efficiency: Diminishing water quality, escalating costs; Lowering building energy use; Power for fire pumps
Building envelope and integration; Manufacturing industrial Q&A; NFPA 99; Testing fire systems
Labs and research facilities: Q&A with the experts; Water heating systems; Smart building integration; 40 Under 40 winners
Maintaining low data center PUE; Using eco mode in UPS systems; Commissioning electrical and power systems; Exploring dc power distribution alternatives
Protecting standby generators for mission critical facilities; Selecting energy-efficient transformers; Integrating power monitoring systems; Mitigating harmonics in electrical systems
Commissioning electrical systems in mission critical facilities; Anticipating the Smart Grid; Mitigating arc flash hazards in medium-voltage switchgear; Comparing generator sizing software
As brand protection manager for Eaton’s Electrical Sector, Tom Grace oversees counterfeit awareness...
Amara Rozgus is chief editor and content manager of Consulting-Specifier Engineer magazine.
IEEE power industry experts bring their combined experience in the electrical power industry...
Michael Heinsdorf, P.E., LEED AP, CDT is an Engineering Specification Writer at ARCOM MasterSpec.