Java applications blocked by your security settings

Java icon_largeSeveral people have contacted us with regards having problems trying to run Java applications with Java Version 71 Update 51. This update contains an enhanced security model that makes the user system less vulnerable to external exploits.

This new version of Java does not allow users to run the applications that are not signed (unsigned), self signed (not signed by trusted authority) and the applications that might be missing permission attributes.

Obviously malware would look to exploit unsigned (these are blocked by default) and self signed applications (these are certificates that are not from a trusted authority). Malware will also look to see if the JAR file is missing a Permission Attribute i.e. which means that a hacker could re-deploy the application that is signed with an original certificate and run it at a different privilege level.

It’s up to developers to meet with the Java 7 Update51 specifications. In many instances we’ve found that not to be the case, including Nortel BCM software (that manages your telephone network from a Windows machine or Mac). When attempting to login to our BCM, we noted that “Java applications are blocked by your security settings” prompt appeared. It was to do with the BCM using a self-signed certificate. Using Windows 7, we needed to add the BCM URL to the Exception Site List as follows:

  • Go to the Java Control Panel (On Windows Click Start and then Configure Java)
  • Click on the Security tab
  • Click on the Edit Site List button
  • Click the Add in the Exception Site List window
  • Click in the empty field under Location field to enter the URL (can be an IP address as well)
  • Click OK to save the URL/IP address and then click Continue on the Security Warning Dialogue
  • Restore Security Prompts option allows you to restore the security prompts for any prompts that were hidden more than 30 days prior to installing the latest Java release

You can also do the same on a Mac, running 10.7.3 and above as follows:

  • click on the Apple icon on upper left of your screen
  • Go to System Preferences
  • Click on the Java icon to access the Java Control Panel
  • Click on the Security tab
  • Click on the Edit Site List button
  • Click the Add in the Exception Site List Windows
  • Click in the empty field under Location field to enter the URL (can be an IP address as well)
  • Click OK to save the URL/IP address and then click Continue on the Security Warning Dialogue
  • Restore Security Prompts option allows you to restore the security prompts for any prompts that were hidden more than 30 days prior to installing the latest Java release

TIP: I suggest you DO NOT adjust the Security levels in the Java Control Panel. it should be kept at default which is ‘High’ security level. Applications that are signed with a valid or expired certificate and include the Permissions Attribute (mentioned above) in the manifest for the main JAR file are allowed to run with security prompts. In addition, if the revocation status of the certificate cannot be checked for the given application, it will also be allowed to run. All other applications are blocked by default.

Safe surfing folks!
Julian

This entry was posted in browser, malware, windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *