Jump to content
Sign in to follow this  
Roedy Green

Trashinf Java

Recommended Posts

JDK 1.7.0_13 has been out for a few days, and you are still talking about 1.7.0_11 as if it were hot off the press news. You are trashing Java unfairly. Java has had 3 security breaches in 15 years, and then only in the rarely used Applet feature. Other languages have no security sandbox whatsoever. Java had a leak it its. Microsoft sends me 2 security fixes a DAY! Please get some perspective. I get the feeling you have no first hand knowledge of Java. You are just passing on politically motivated trash talk.

Share this post


Link to post
Share on other sites

:wp:

 

There is nothing political about it at all. The average, typical PC user would never even notice if Java was not even installed on their computer.

 

There is a false sense of security that the patches are resolving the issues. There is more current information about the ongoing problems with Java here:

 

http://techtalk.pcpitstop.com/2013/01/29/holes-still-exist-in-oracles-java-software/

 

http://techtalk.pcpitstop.com/2013/01/25/why-everyone-should-be-concerned-about-java/

 

 

Uninstalling Java is not a new concept exclusive to PC Pitstop. The topic has been visited before by other well known computer experts:

 

http://ask-leo.com/should_i_disable_java_and_if_so_how.html

 

http://www.infoworld.com/t/java-programming/its-time-run-java-out-of-town-190525?source=fssr

 

http://www.howtogeek.com/122934/java-is-insecure-and-awful-its-time-to-disable-it-and-heres-how/

Share this post


Link to post
Share on other sites

I think saying most people would not even know if java was not on their computer is incorrect. In fact I am willing to bet that if you wrote an article telling people to remove it immediately that hundreds of people would chime in that the article is wrong. Oh yeah, that already happened. http://techtalk.pcpitstop.com/2013/01/16/uninstall-java-now/

 

That said, I have to wonder why there is no race to un-install every thing that ever had an exploit before by all these people writing articles.

 

Lets start with activex. Yes activex over the years has been one of the biggest security risks ever on a windows computer. Did anyone ever hop up and down and write numerous articles about why it should be removed or stop using the web browser that it ran in? Of course not. In fact the opposite happens at the main site and you are told to do the absolute worst thing you can do on the Internet.............fire up a web browser with administrator privileges.

 

Internet explorer, perhaps the most insecure browser, with more un-patched exploits in the wild than any other web browser in history. Uninstall it? No way, run it as administrator so that a dangerous plug-in aka activex can run with admin powers.

 

Windows itself............. Of course there are people who recommend formatting drives and installing alternative operating systems, but not many. However, do the pen pundits ever scream dump it it is far too insecure? No of course not, because that would give them very little to do and very little write about, and then they couldn't sell scan, clean, douche, scrub, wash rinse repeat software.

 

My point is this, the hypocrisy of the people saying dump java is almost comical, at least to me it is.

 

I think perhaps time would be much better spent focusing on teaching people how to use computers on the Internet in a responsible and rational way, instead of just jumping on the latest fear mongering campaign about the latest exploit.

 

I personally use java every day, and will continue to do so.

 

The fact that most of the people writing the articles jumped so fast to say un-install it shows that they don't really even understand it. The more rational, responsible thing to do would be at most tell people to disable it in their browsers "temporarily". In fact there are even pages at the main site that "require" it. ;)

Edited by Bruce

Share this post


Link to post
Share on other sites

Hi Bruce,

 

The reason that I said to uninstall Java is that the Department of Homeland Security had just come out with a warning to disable it. In addition to that, I have been working on a lot of things in the security area lately. My finding coincides with the DHS that the #1 security threat to users today is JAVA.

 

After I wrote my article, I came to realize that a lot of people are confusing Java and Javascript. Javascript is ubiquitous and it is on essentially every single page on every web site. But Java is a dying technology with severe security holes and those holes are being exploited now. Things like the DOJ virus and the FBI virus are exploiting Java.

 

I don't want to discount your other comments. Active X has its issues and so does Windows but the bad guys are not exploiting that right now. That's why I and the DHS but said to get rid of it.

 

I have uninstalled Java on all my computers with absolutely no ill effects. None.

Share this post


Link to post
Share on other sites

Thousands and thousands of exploits exist for windows. Including this java issue, yet no one says dump windows.

 

I have dumped windows on all my computers and have had no issues, in fact they have never run better, and I don't have to use a plethora of third party apps to plug holes.

Share this post


Link to post
Share on other sites

Windows has thousands of exploits but the bad guys are targeting a hole in Java not in Windows. As I said before, Java is antiquated and few people are using it. Where as Windows is still the most popular operating system on earth.

Share this post


Link to post
Share on other sites

I fail to see why Twitter would recommend such a thing. It has nothing to do with them being so lame in their security practices that their systems give up a quarter of a million users information.

 

I mean we are talking about a company that based their business name on "twit" :rofl3:

Share this post


Link to post
Share on other sites

http://nakedsecurity.sophos.com/2013/02/25/zero-day-vulnerabilities-java/

 

A security research team that has alerted Oracle to a series of security flaws in Java in the past, says that it has uncovered new zero-day vulnerabilities in the software.

According to Polish firm update posted by Security Explorations, it has sent proof-of-concept code to Oracle's security team - so they can investigate the issue.

The concern is that the flaws could be exploited to completely bypass Java's security sandbox and infect computers in a similar fashion to the attacks which recently troubled the likes of Facebook, Apple and Microsoft.

In those cases, cybercriminals hacked legitimate websites and planted code which exploited Java vulnerabilities when developers visited using web browsers that had a vulnerable version of the Java plugin.

Posted Image

Softpedia reports Security Explorations CEO Adam Gowdiak as saying:

"Both new issues are specific to Java SE 7 only. They allow to abuse the Reflection API in a particularly interesting way... Without going into further details, everything indicates that the ball is in Oracle's court. Again."

So, many computer users find themselves in what is becoming a disturbingly familiar situation - looking to see when Oracle will confirm that the flaws exist, and then waiting for the inevitable security update for Java.

Here's the best piece of advice we can give you right now:

If you don't need Java enabled in your browser, here's how to turn it off now

Many people who have Java enabled in their browser simply do not need it (By the way, don't mix up Java with JavaScript - they're different things), so the best solution for many folks is to rip Java out of their browser entirely.

If you don't need Java, why put yourself at risk?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...