Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to redwolfe_98
Re: Warning: 0-Day vulnerability in Java 7 said by redwolfe_98:mele said that she needs "java" in order to be able run a particular "speed-test".. she doesn't want to compromise.. (there are lots of "speed-tests" that don't require "java" )..
personally, i try to lock down my computer, to make it secure, and part of doing that is not having "java" installed when i can live without it.. It is not because I am unwilling to "compromise". Flash speed tests are completely worthless. For one thing, they test capacity only...In other words...they test to see if your ISP has actually allocated the amount of speed that you pay for. But capacity has NOTHING to do with your actual speed or the quality of your speed. For instance, I am paying for 15mbps down. I got it about a month ago and it is a RIP OFF. I get EXACTLY the SAME speed, quality wise, on it that I was getting on Standard RR at 10 mbps down. Plus, on Standard RR, I got PowerBoost. Anyone with that on their line (and your ISP cannot remove it just for you) should never do a Flash speed test as it will be grossly inflated by PowerBoost ...less inflated by Java speed test and on the quality test I linked to earlier no inflation but that is the only test out there (except for Sam Knows for us FCC testers) that can do an accurate quality test on a line with PowerBoost. I don't get PowerBoost at all on 15mbps down. So, I could do a Flash capacity test (to avoid Java) but that would tell me my speed is 14.85 mbps. I do a quality test which REQUIRES JAVA and I see that my line quality is shit...the speed is extremely erratic and I see a lot of other problems ...nicely detailed for me with a lot of explanation and white papers I can read so I can be educated and force my ISP to fix things...until the next breakdown and those happen really frequently here.
Also, on the Quality test, to a fancy dedicated server in Los Angles, I get 7.25mbps down and, sometimes, a Quality of Service of 95% (other times as low as 2%). This test tells me what speed I have for NetFlix streaming, Hulu streaming, etc. This test tells me the truth. A Flash test to most locations in California would say (if I still had PowerBoost) that I have around 23mbps down. That is on 10mbps down. But if I did this Java Quality test, when I had 10mbps down, I would average 7.25mbps down and quality ranging from 95% to as low as 2%.
On 15mbps down, I still get 7.25mbps on the Quality Java test from the link I gave earlier. That means that paying $10 a month more for 15mbps down is not worth it. It is a ripoff. It APPEARS worth it if you do a crappy flash test which just tests to see the capacity of your line not the quality. Quality of your connection is the ONLY important thing as long as you have 3mbps down (or higher).
So, I choose to see the truth about my speed. Plus, I happen to own MySpeed (an older version and I want to upgrade to a newer version). I can start it and tell it to test to a particular server in the list, every 10 minutes, for as long as I want. I get great data to show my ISP and they have fixed my line several times based on the data. They use MySpeed test on their gateways so they know it is the best in the industry and they respect its results.
So, you think I should just forget the money I spent on MySpeed software because I am unwilling to "compromise"? It is a lot more than a minor compromise. I do wish that Oracle would take better care of Java but I can't force them to do that. I also suspect that if I could afford DOCSIS 3 speeds now offered by ISP that it might not matter about speed tests but I really had to think hard before adding just an additional $10 per month to my bill. No way I can afford now, or probably ever, the higher DOCSIS 3 speeds.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
|
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to nolz
said by nolz :Curious as to how Chrome is vulnerable if it doesn't even allow java to run unless manually given permission
Exactly.. Test page to see if you are vulnerable..but even if it lists your version ..java will not run in chrome unless you give it specific permission. » zulu.zscaler.com/research/java_version.htmlBy default java is a blocked plugin for Chrome. Google Chrome now blocks plug-ins that are not widely used. When this happens, you will see a message such as the following: "The Java plug-in needs your permission to run." You should only run the plug-in if you trust the website you are visiting (for example, your banking website might legitimately use a Java applet). To let the plug-in run on the site, follow these steps: To run the plug-in just this once, click Run this time in the message. The plug-in will run, but if you re-visit the site, you'll be asked for permission to run the plug-in again. To always allow the current site to run the plug-in, click Always run on this site. Subsequent visits to the site will run the plug-in without asking again. To always allow this type of plug-in to run, go to chrome://plugins, find the plug-in and select the Always allowed checkbox. » support.google.com/chrome/bin/an···d_plugin--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
 antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4 | reply to chachazz
Good thing I am still using v6. :P |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to Mele20
Here is a java one I use while in Pennsylvania..how does it work for you ?
»ptd.net/tiki-index.php?page=PTD_Speedtest |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to antdude
said by antdude:Good thing I am still using v6. :P
No it is not..all those versions are also vulnerable to other crap that is out there big time...just a different CVE from the past.  |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Name Game
typing with one hand...lot's of pain, stiffness suddenly in one hand around the thumb...typing aggravates greatly. icing now...
that test is abbreviated version of MySpeed. gave me 2.34mbps down. too far away...150ms round trip...too high for good speed.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
| reply to chachazz
After uninstalling Java 7 Update 6 I still have an IE add-on from Oracle called Deployment Toolkit. What is it and why wasn't it uninstalled when I uninstalled Java? I don't have JavaFX either. |
|
 rcdaileyDragoonflyPremium
join:2005-03-29
Rialto, CA
 ·RoadRunner Cable
1 edit | reply to redwolfe_98
I have found that if Java is disabled by way of the Java console, then it does not work in Chrome. Chrome comes with its own version of Flash, but not Java, so far as I can see. If it did, then why would it not work when Java is disabled in the Java console? There are plugins for Java in Chrome, so it is possible to disable Java in Chrome without disabling Java completely or uninstalling Java. I did not want to uninstall Java so that is why I disabled it via the console as well as disabling the plugins.
--
It is easier for a camel to put on a bikini than an old man to thread a needle. |
|
| reply to chachazz
Seems Mozilla has added a warning on this page:
»www.mozilla.org/en-US/plugincheck/
"Missing JAVA?
For your safety, Firefox has disabled your outdated version of Java. Please upgrade to the latest version."
So hopefully this helps those who are uniformed avoid damage. I just uninstalled Java, better safe then sorry. |
|
 DrDrewSo that others may surf.
join:2009-01-28
SoCal
kudos:8 | reply to Mele20
Mele20 have you ever tweaked (adjusted RWIN and other TCP settings) on your XP computer for new speeds you've been provisioned with over the years?
Check here:
»/tweaks |
|
| reply to rcdailey
said by rcdailey:I have found that if Java is disabled by way of the Java console, then it does not work in Chrome. Chrome comes with its own version of Flash, but not Java, so far as I can see. If it did, then why would it not work when Java is disabled in the Java console? There are plugins for Java in Chrome, so it is possible to disable Java in Chrome without disabling Java completely or uninstalling Java. I did not want to uninstall Java so that is why I disabled it via the console as well as disabling the plugins.
OK, rcdailey.. i saw another article, somewhere, recently, where it was talking about disabling "java" because of another vulnerability that it had and the article said to use the "java" settings that can be accessed from windows "control panel" to disable it, and also to disable it in the chrome-browser's settings-options, so that was where i got the idea that chrome had its own version of "java" which could only be disabled from within chrome's settings-options.. i don't use "chrome" so i am not familiar with it..
i wish i could remember where i saw that article that talked about disabling "java", but i can't remember where i saw it.. |
|
3 edits | reply to DrDrew
said by DrDrew:Mele20 have you ever tweaked the RWIN and other TCP settings on your XP computer i was wondering the same thing.. i imagine that mele already considered tweaking the TCP/IP settings on her computer..
i tried using some utility, years ago, to tweak the TCP/IP settings on my computer and it make a pretty big difference.. i went from download-speeds of about 2.7 MBPS to about 8 MBPS.. (it was advertized as having a 3 MBPS download-speed).. that was years ago.. with my current connection, i would say i get 20 MBPS.. somtimes the speed-tests show that i am getting 30 MBPS, if i do the tests late at nite..
i use "roadrunner" and their system will throttle-back my connection speed when i am doing speed-tests.. it is advertised as having an 8 MBPS download-speed..
i was going to attach a reg-file that i use to tweak the TCP/IP settings on my computer but it might not be appropriate for other computers so i didn't attach it.. |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to Mele20
said by Mele20:typing with one hand...lot's of pain, stiffness suddenly in one hand around the thumb...typing aggravates greatly. icing now...
that test is abbreviated version of MySpeed. gave me 2.34mbps down. too far away...150ms round trip...too high for good speed.
Bummer cause I tried your java speed test and I get the same as the one here in PA.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
 planet
join:2001-11-05
Oz
kudos:1
1 edit | Round Two with this exploit:
Taken from here:
»krebsonsecurity.com/
"Researchers: Java Zero-Day Leveraged Two Flaws:
New analysis of a zero-day Java exploit that surfaced last week indicates that it takes advantage of not one but two previously unknown vulnerabilities in the widely-used software. The latest figures suggest that these vulnerabilities have exposed more than a billion users to attack."
I've now removed Java from all of my PCs. I've had it off my desktop and laptop for awhile. I'd left it on my daughter's laptop but when I uninstalled it recently, I didn't update...my daughter is using an ipad moreso nowadays anyway. |
|
rcdaileyDragoonflyPremium
join:2005-03-29
Rialto, CA Reviews:
·RoadRunner Cable
| reply to redwolfe_98
Yeah, and it happens that I had looked quickly at IE8 and disabled the two loaded Java plugins, but initially missed the other two. I had to disable them as well, at least if I did not disable Java in the control panel. I also mistakenly referred to the Java console, but it is the Java panel in Windows settings where Java can be disabled. It's probably smarter, if you or I really don't intend to use Java, to simply uninstall it completely. That way it really would not be possible for it to be compromised. However, maybe Oracle will fix the vulnerability and I do like to use the Java speed test here.
--
It is easier for a camel to put on a bikini than an old man to thread a needle. |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
 ·Bell Sympatico
| reply to antdude
Things are getting nasty !
Java zero-day exploit goes mainstream, 100+ sites serve malware quote:
Attackers using two recently-uncovered Java unpatched vulnerabilities, or "zero-days," have quickly expanded their reach by going mainstream, security experts said today.
And on Tuesday, Mozilla, maker of Firefox, joined the chorus of advice that users should disable the current version of Oracle's Java. The company is also ready to automatically block the plug-in from running in its browser, although it has not yet pulled the trigger.
The exploit's breakout followed the addition of attack code to the notorious Blackhole exploit toolkit.
Oracle knew about zero-day Java vulnerabilities for months, researcher says
quote:
Oracle was notified in April about the zero-day vulnerabilities being exploited now by attackers, researcher says.
 |
|
KoRnGtL15Premium
join:2007-01-04
Grants Pass, OR
1 edit | reply to chachazz
Firefox is my main browser. What is it that I should be disabling and Mozilla most likely will be doing? Is it the 2 Java plugins? Using latest version of java. I don't use IE but obviously it is installed as well for that. That should be disabled as well? At this rate. Maybe it is best to just uninstall Java completely until this is fixed?
***EDIT***
Java(TM) Platform is the one to disable according to link. |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| Just did. |
|
| siljaline, your screenshot shows that you disabled "javascript", not "java".. they are two different things..
here is one webpage with some information about disabling "java":
»www.kb.cert.org/vuls/id/636312
here is another one:
»krebsonsecurity.com/how-to-unplu···browser/ |
|
rcdaileyDragoonflyPremium
join:2005-03-29
Rialto, CA Reviews:
·RoadRunner Cable
| reply to KoRnGtL15
said by KoRnGtL15:Firefox is my main browser. What is it that I should be disabling and Mozilla most likely will be doing? Is it the 2 Java plugins? Using latest version of java. I don't use IE but obviously it is installed as well for that. That should be disabled as well? At this rate. Maybe it is best to just uninstall Java completely until this is fixed?
***EDIT***
Java(TM) Platform is the one to disable according to link.
Right, but look for the two plug-ins within Firefox, because if you disable those, then Java won't run in Firefox. For IE, you need to list all add-ons in the manage add-ons list and look for Oracle and disable everything shown. Google Chrome has settings, advanced settings, privacy, plug-ins, where you can disable selected plug-ins. Look for Java there.
Of course, you can go to the java panel in Windows itself and disable the JRE there, which makes it unusable for any of the browsers, try as they may to load applets.
--
It is easier for a camel to put on a bikini than an old man to thread a needle. |
|
