Does WSA block Java exploits?

With all the weeping, wailing, and nashing of teeth going on about Java and its' exploits, does WSA catch and block any/all of them or is this not a fair question?

 

It blocks what they grab and try to run, not the exploits themselves.

 

Wow, that was a QUICK response Techfox; thanks! I've been wondering if other AVs are effective against Java exploits as well....

 

Other AVs will generally try to catch the exploits themselves and will of course block the results of the download if they know about it. The downside to trying to block the exploit itself is that it needs to monitor a lot more things, impacts system performance on network handling, and doesn't work on SSL-loaded java exploits.

If you think of WSA as a super-knight in the castle with a moat and castle walls just in case, blocking java exploits directly is like having an extra gate on one road going toward the castle. Sure, the gate can catch a bandit before it gets to the moat or the walls or the knight, but all the legitimate traffic needs to be inspected by the guard at that gate too. That means needing to pay a guard (CPU resources) and slow down the road (network).

 

I feel if you really don't need Java IMO disable or remove it, it's only available on one of my PC's - Most people don't need or use it. There are far to many exploits recently with Java & a recent one that is being actively erm 'exploited'? -

 

I fully agree with all of you that Java is a pain. Problem is that it's widely spread across systems, devices etc. (they have 3 billions of installations) and many companies have built their solutions on Java applets and environment. Having said this, it's sometimes hard to completely give up on Java and in such a case you don't have other chance than to try to minimize risks as much as possible. What really drives me crazy is that many bank houses worldwide are operating their on-line banking systems based on Java what is a **** indeed. My bank not excepting. So even though Java is buggy, vulnerable etc. it probably will stay as long as third party applications will be dependant on Java.

Just my two cents.