Login to Account Create an Account
Posted 29 August 2012 - 01:37 PM
Our programmers have a number of java apps. When they originally developed them, they put the jar files and an old version of JRE directly on the network so that all we had to do was grant them access to the network location and make a shortcut. This worked fine for a while, but when the use of the apps expanded to include our remote office users, the network performance was such that it literally did take minutes for the apps to start.
So we started installing java locally for the users and re-did the shortcut so that it used the local copy of java, but the jar file was still on the network. This improved performance for everyone drastically.
But as you probably know, the increasing number of java exploits out there and especially this most recent exploit has started to cause some issues. We did have a handful of Blachole infections last month.
That's when I discovered that IE8 on Windows7 absolutely refuses to NOT run java applets. Disable them in the add-ons section of IE? Runs them anyway. Turn off the plug-in in the Java control panel? Runs the applets anyway.
Fortunately, I did find the registry keys necessary to prevent Java Applets from running, but even though that does appear to work, IE still chimes in with the information bar and lets the user know that the website wants to run Java and lets the user override the block. I have yet to find a way to prevent that java applet info bar from appearing. disabling java applets in the security settings section of IE appears to not make a difference. Now I don't want to turn off the information bar completely, I just don't want it to offer to override the blocking of java applets.
It appears that you can't install Java without the plugin, there apparently used to be some switches to disable the plugin during installation but they appear to be deprecated.
It appears that what we're going to do is to remove Java, but still copy the JRE files over manually (well, through a script) so that the Java apps can use the files locally and the plugin won't be installed, period.
I'm just curious how others have handled situations like this with Java and the browser plugin.
Posted 30 August 2012 - 02:26 PM
Did you tried unchecking the boxes of the java runtime environnment in java component in the control panel as explained there ?
Yeah, it works and blocks the applet from loading (well sorta, but more on that in a bit), but IE still prompts that the website needs java and offers to override the block.
IMO, the problem isn't necessarily java, but IE seems to love overriding blocks you put in place. I haven't seen an option to get it to stop prompting to override, I've seen an option to block the entire info bar, but I don't really want to do that. And yeah there is a security option to not run java applets but it seems to be disregarding that too as I set it to disable, but it prompts anyway.
One thing I noticed about the page you linked was that they had that embedded applet to check your version. when I go to the page with the plugins supposedly blocked, it still knows that I have an out of date version which tells me that it didn't completely block the applet from loading.
but when I go here to test if the applet loads, the applet is NOT able to determine my java version. It's this sense of unreliability is what's prompting us to completely remove java to get rid of the browser plugin and just push out the java files as part of the java app deployment
Posted 30 August 2012 - 04:03 PM
To only disable java, you can follow this tutorial.
Then the test page won't see that you have java installed.
The page i linked only contain an image of the test page you linked so it won't change what ever the java version you're using or even if it isn't installed.
But if you want to disable java in IE usage by your users, you'll need to modify ntfs rights on both the file "C:\Program Files\Java\jre6\bin\client\jvm.dll" (setting deny read to users should be enough and this way you won't need to rename/remove it) and you'll also need to set the reg entry to be read-only by users (and set to 0 as explained in the tutorial).
Edited by allen2, 30 August 2012 - 04:04 PM.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users