Java still has a crucial role to play—despite security risks

Java still has a crucial role to play—despite security risks

Note: This article puts the blame where it belongs, i.e. on the browser Java plugins!

-- Tom

 

I've uninstalled Java entirely, but I already understood the language was not necessarily the problem. I don't do online banking yet and I no longer use the extremely tiny amount of websites that require the java plugin, so said plugin can kiss it for all I care

 

Most interactive stock charts use it, so in my case I need it. I do however nowadays disable java (the Oracle version) in the browsers if not needed.

 

Java still has a crucial role to play...

Unfortunately...

 

Well, people still think, that they need it, eventhough HTML5/flash/silverlight took its place just fine, and it comes preinstalled on new computers from "IT experts" as well.

 

Not that crucial to me,Ive uninstalled java without any issues so far.

 

Never liked it, never used it, don't need it at all, haven't encountered anything so far that requires it.
Even if I find something that needs java I wouldn't install it

 

Like so many others, I assumed Java was necessary. I cautiously uninstalled it from one system, and then another system, until no system was running it anymore. Haven't missed it yet!

 

I need Java for one specific application. But I use SBIE, which should contain it.

 

I stopped installing Java more than a year ago. LibreOffice Portable was the only software I had that needed Java for some non-essential functions without use for me. Now I don't even need LibreOffice Portable too, but I keep an updated copy just to accompany its development. As for websites requiring Java, they can all FOAD.

 

I use several Java programs that need it. I'm not all that worried about it.

 

If you have to use it, keep in mind that Java does not check certificates neither through OCSP or CRL's, but you can enable both in Java control panel.

 

Do you really need Java Just my .02

 

I used to install it automatically with every new install of Win, but now I don't anymore, and I haven't needed it for a long time.

 

Re: Java still has a crucial role to play—despite security risks

Java comes with my browsers, and I need it for one site.

I've never understood why Java is more of a security risk than other such applications.

As the article points out, the problem resides with the browser plugin, and is easily dealt with:

However, articles about exploits can be misleading without careful scrutiny.

Recently, a isc.sans.edu diary included this:

Patched your Java yet?
Published: 2012-11-01
http://isc.sans.edu/diary/Patched your Java yet /14428

A couple of years ago when such poisoned advertisements were all the rage, it was assumed by many that the banner ad carried the exploit and its payload.

An Avast blog had a nice article about this type of poisoning, and I posted a comment asking about this, and the author answered:

Ads poisoning - JS: Prontexi
February 2010
http://blog.avast.com/2010/02/18/ads-poisoning---jsprontexi/#more-871

So, that clarified things: these are redirection exploits. (back then, PDF was the favored exploit!)

A year later:

Red Alert on legendarydevils.com
http://stopmalvertising.com/tag/exploit-kit.html

Back to the sans.edu Diary: One of the comments explains the attack method:

All of this means that if the user takes the advice of the original article, even if Java is enabled for that newspaper site (for whatever reason), once redirected via a poisoned banner ad to a malware site, a Java exploit fails to run because Java is not enabled for that site.

In such a case, the browser window just sits there and does nothing:



Thus, if one needs Java for whatever reason, there are ways to be protected from exploits.


----
rich

 

Yes I do. I do not need it to browse. I have java programs that need java to run.

 

Same, here.
Just Another Vulnerability Added (JAVA) is a...Necessary Evil...

 

I don't look at Java as being evil. Everything has it vulnerabilities. HeHe, I still run Windows because I need it for a couple of programs.

 

If it's necessary to run your apps, it's a necessary evil.

 

To you perhaps. To me it's not evil, just necessary. I just added yet another java program to my java programs list.

 

And likewise. Java has not seen this Win 7 PC yet and never will.