Results 1 to 5 of 5
  1. #1
    kkid is offline Senior Member
    Join Date
    Jul 2012
    Rep Power

    Default "Everyone must remove java"

    I am sure many of you ahave heard the advice from many security firms saying to remove java from all system due to the serious exploits found within it which pose a security risk. They are encouraging java to essentially be scrapped.

    Does this make you worried considering the majority of you will have spent so much time learning the language are the fall in demand for java could impact you?

    Background reading for you all if you are not aware of the story:

    Can You Get Rid Of Java? | Trusteer
    Security experts on Java: Fixing zero-day exploit could take 'two years' | ZDNet
    David Emm: Java Exploits - Do You Need to Be Worried?
    Malwarebytes CyberAdvisory: Zero-Day Oracle Java Exploit Discovered | Malwarebytes,CyberAdvisory,Zero-Day,Oracle,Java Exploit ,Discovered,Jerome Segura,Malwarebytes CyberAdvisory: New Zero-Day Oracle Java Exploit Discovered. Article by Jerome Segura.

  2. #2
    PhHein's Avatar
    PhHein is offline Senior Member
    Join Date
    Apr 2009
    Rep Power

    Default Re: "Everyone must remove java"

    Nope, it doesn't worry me at all. The vast majority of problems are client/browser related. I only work on the server side's backend processes which are hardly effected.
    Math problems? Call 1-800-[(10x)(13i)^2]-[sin(xy)/2.362x]
    The Ubiquitous Newbie Tips

  3. #3
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Rep Power

    Default Re: "Everyone must remove java"

    It's all down to the applet side of things.
    That Trusteer article is alarmist nonsense designed to promote (surprise, surprise) their own product.
    The second one is written by someone who is a "London-based medical anthropologist Charlie Osborne is a journalist, graphic designer and former teacher." and it shows.
    "Oracle, distributor of Sun's Java software..." Um, no. It's Oracle's Java software. They're not the distributor.

    Surprisingly the HuffPo article is actually reasonable, and the Malwarebytes explains where the problem lies. Applets.

    So, no, Java isn't going anywhere.
    Please do not ask for code as refusal often offends.

    ** This space for rent **

  4. #4
    DarrylBurke's Avatar
    DarrylBurke is offline Forum Police
    Join Date
    Sep 2008
    Madgaon, Goa, India
    Rep Power

    Default Re: "Everyone must remove java"

    More about Applet security: When a Signed Java JAR file is not Proof of Trust

    If you're forever cleaning cobwebs, it's time to get rid of the spiders.

  5. #5
    SnakeDoc is offline Senior Member
    Join Date
    Apr 2012
    Rep Power

    Default Re: "Everyone must remove java"

    the people who say "remove java" fundamentally lack the understanding of what they are talking about.

    Java on the desktop and/or server has (as far as I know) no recent major security vulnerabilities. I repeat, None.

    The problems have been 100% in the browser exploiting old and poorly written Applets. Applets in 2013 are really old fashioned and should die anyways... as there are much better replacements now such as javascript, html5, etc that can provide rich content webapps with less or none of the security problems java in the browser faces.

    We must remember that Java Applets were designed before there was anything else that could provide a rich web experience. Since then, Java applets have been on the decline, as they should be. A full fledged programming language does not belong in a web browser where it can simply run by viewing the page it is embedded in. This is unsafe, and inherently has problems. The exploits as of late typically involve someone figuring out how to break out of the "sandbox" that java applets are supposed to be restricted to (such as no file i/o on the users local filesystem). This allows the seemingly "harmless" webpage to load an Applet and actually manipulate things on your computer (such as inject code, copy files, download files, execute files, erase things, etc...).

    I also think you would be hard pressed to find a modern programmer writing applets unless it is for a very specific purpose (such as some internal company app that will only ever run from a protected intranet).

    In the end, java in the browser (applets) is inherently insecure because it is a full fledged programming language that is attempted to be shackled down and contained in a sandbox to prevent it from doing something malicious. This is apposed to languages such as HTML5 and javascript that were designed to be web languages and therefore inherently don't have the "dangerous" parts of a programming language available to them to use. This means that for "web languages" such as HTML5 and javascript, there is no "sandbox" that can be broken out of, they just simply cannot do what java can by design. This makes them safer for embedding in webpages.

    Java on the server and on the desktop will have no problem for a long time. Java is one of the most dominant languages out there and will stay that way for a long time to come.

    EDIT: If you found my response helpful or insightful in any way, please consider Adding to My Reputation! (Button right below!) Thanks!
    Last edited by SnakeDoc; 03-12-2013 at 12:10 AM.

Similar Threads

  1. Replies: 0
    Last Post: 12-07-2012, 08:29 AM
  2. Replies: 1
    Last Post: 11-02-2012, 11:38 PM
  3. Replies: 3
    Last Post: 10-30-2012, 03:06 PM
  4. Replies: 5
    Last Post: 12-21-2011, 06:44 PM
  5. Replies: 1
    Last Post: 10-20-2008, 07:35 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts