Skip to end of metadata
Go to start of metadata

Alerts

No Alerts at this time.

E-mail: security@lbl.gov

Web Browser Plugin Security

Web browser plugins are small pieces of software that extend the functionality of Web browsers, allowing rich content to be viewed online. Some plugins display harmless advertising or videos in Web pages, but when out-of-date, they can also carry viruses.

Berkeley Lab continues to experience virus infections due to vulnerable Web browser plugins, such as Adobe Flash Player (Flash) and Oracle's Java Runtime Environment (JRE).  We can avoid many of these infections is all computers have up-to-date plugins.

To keep Flash and Java browser plugins current on Windows and Mac use this page to:

  • Install IBM Tivoli Endpoint Management (BigFix). (Note: If you have a Windows computer in Active Directory, it's probably installed already.)
  • Check your web browser plugins using the Qualys tool at http://go.lbl.gov/browsercheck.

How to Install IBM Tivoli Endpoint Management (BigFix)

The IT Division offers IBM Tivoli Endpoint Management (BigFix) as a patch management service. BigFix runs automatically in the background, keeping your Flash and Java plugins up-to-date. We recommend that all Windows and Mac systems install IBM Tivoli Endpoint Managemen (BigFix).

Step 1. Download and install the software

To install IBM Tivoli Endpoint Management (BigFix), first download it from the Laboratory’s Software Distribution site. Login with your LDAP credentials, select "IT Supported Downloads", and scroll down to the section labeled Security Software, and click on "IBM BigFix Endpoint Management".  Once the installation package is downloaded, follow standard installation procedures (e.g. double-click to open package and start install, follow steps in installation window). You don't need to do anything further - the software will run quietly in the background.

Home Computer Use: Do not install IBM Tivoli Endpoint Management (BigFix) on home computers. Communication is blocked to the BigFix server from outside the Lab, so you will not be able to get updates from off-site.

Step 2. Verify that the software was installed

a. Windows verification

To verify that BigFix is installed on Windows, look for "Tivoli Endpoint Management Client" in you installed programs list. XP: View installed programs in "Control Panel" then "Add or Remove Programs"; Windows 7: Go to "Control Panel" then "Programs and Features". If your computer is in Active Directory, you probably already have BigFix. The screenshot below shows what a successful install looks like.

b. Apple, Mac verification

To verify that BigFix is installed on Mac, look under your hard drive folder for /Library/BESAgent/BESAgent. If that file exists, BigFix is installed. The screenshot below shows what a successful install looks like.

Preventing infections: Isolation

Effective January 24 2012, we will isolate computers with vulnerable plugins from the network.

If your computer is isolated, you will see a notification page when you open your web browser. This page will explain why you are isolated and the steps you can take to fix the vulnerability and get the isolation removed. For the protection of the Lab, you are not able to browse the Web when isolated.

Feedback and Help

If you have further questions, please contact the IT HelpDesk by calling x4357 (HELP), online via Web form (http://help.lbl.gov/), or sending e-mail to (help@lbl.gov.)

Send feedback on isolation procedures to security@lbl.gov.