Java still has a crucial role to play—despite security risks

Discussion in 'other security issues & news' started by lotuseclat79, Oct 23, 2012.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Last edited by a moderator: Oct 23, 2012
  2. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    I've uninstalled Java entirely, but I already understood the language was not necessarily the problem. I don't do online banking yet and I no longer use the extremely tiny amount of websites that require the java plugin, so said plugin can kiss it for all I care :D
     
  3. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Most interactive stock charts use it, so in my case I need it. I do however nowadays disable java (the Oracle version) in the browsers if not needed.
     
  4. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Java still has a crucial role to play...

    Unfortunately...:mad:
     
  5. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Well, people still think, that they need it, eventhough HTML5/flash/silverlight took its place just fine, and it comes preinstalled on new computers from "IT experts" as well.
     
  6. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Not that crucial to me,Ive uninstalled java without any issues so far.:D
     
  7. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    Never liked it, never used it, don't need it at all, haven't encountered anything so far that requires it.
    Even if I find something that needs java I wouldn't install it :)
     
  8. The GLoW

    The GLoW Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    22
    Location:
    USA
    Like so many others, I assumed Java was necessary. I cautiously uninstalled it from one system, and then another system, until no system was running it anymore. Haven't missed it yet!
     
  9. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    I need Java for one specific application. But I use SBIE, which should contain it.
     
  10. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    I stopped installing Java more than a year ago. LibreOffice Portable was the only software I had that needed Java for some non-essential functions without use for me. Now I don't even need LibreOffice Portable too, but I keep an updated copy just to accompany its development. As for websites requiring Java, they can all FOAD.
     
  11. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    I use several Java programs that need it. I'm not all that worried about it.
     
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    If you have to use it, keep in mind that Java does not check certificates neither through OCSP or CRL's, but you can enable both in Java control panel.
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Do you really need Java Just my .02
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I used to install it automatically with every new install of Win, but now I don't anymore, and I haven't needed it for a long time.
     
  15. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: Java still has a crucial role to play—despite security risks

    Java comes with my browsers, and I need it for one site.

    I've never understood why Java is more of a security risk than other such applications.

    As the article points out, the problem resides with the browser plugin, and is easily dealt with:

    However, articles about exploits can be misleading without careful scrutiny.

    Recently, a isc.sans.edu diary included this:

    Patched your Java yet?
    Published: 2012-11-01
    http://isc.sans.edu/diary/Patched your Java yet /14428
    A couple of years ago when such poisoned advertisements were all the rage, it was assumed by many that the banner ad carried the exploit and its payload.

    An Avast blog had a nice article about this type of poisoning, and I posted a comment asking about this, and the author answered:

    Ads poisoning - JS: Prontexi
    February 2010
    http://blog.avast.com/2010/02/18/ads-poisoning---jsprontexi/#more-871
    So, that clarified things: these are redirection exploits. (back then, PDF was the favored exploit!)

    A year later:

    Red Alert on legendarydevils.com
    http://stopmalvertising.com/tag/exploit-kit.html
    Back to the sans.edu Diary: One of the comments explains the attack method:

    All of this means that if the user takes the advice of the original article, even if Java is enabled for that newspaper site (for whatever reason), once redirected via a poisoned banner ad to a malware site, a Java exploit fails to run because Java is not enabled for that site.

    In such a case, the browser window just sits there and does nothing:

    javaNoRun.jpg

    Thus, if one needs Java for whatever reason, there are ways to be protected from exploits.


    ----
    rich
     
  16. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Yes I do. I do not need it to browse. I have java programs that need java to run.
     
  17. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Same, here.
    Just Another Vulnerability Added (JAVA) is a...Necessary Evil...:mad:
     
  18. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    I don't look at Java as being evil. Everything has it vulnerabilities. HeHe, I still run Windows because I need it for a couple of programs. :D
     
  19. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    If it's necessary to run your apps, it's a necessary evil.
     
  20. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    To you perhaps. To me it's not evil, just necessary. I just added yet another java program to my java programs list.
     
  21. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    And likewise. Java has not seen this Win 7 PC yet and never will.
     
Loading...
Thread Status:
Not open for further replies.