dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5050
share rss forum feed


FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

1 recommendation

[POLL] Do you use Java; disable it; or uninstall it ?

This seems to hit the tech security web sites on a regular basis: "Java 0-day exploit out; no fix seen soon; disable Java in all your browsers." Why again is it that Oracle can not keep Java somewhat secure and why does it take them forever to get a fix out?

»www.theinquirer.net/inquirer/new···is-found

Poll
Do you use Java on your computer?

Yes

No


Votes:211



--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.


ITICharlie1
Premium
join:2003-01-22
St. Louis MO

I don't have it installed. I have not yet run into anything I use that requires it.
--
Don't let my reality hinder your imagination!


jl747

join:2005-03-24
Mount Prospect, IL
reply to FFH

I disabled it for now.

I have it just in case I need it while using LibreOffice.



FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5
reply to FFH

Mozilla has decided to add an automatic block of the Java plug-in in Firefox that can be overridden by the user on an individual use basis or a web site white list.

»thenextweb.com/apps/2013/01/11/f···ocklist/

Mozilla on Friday announced it has added Java 7 Update 9, Java 7 Update 10, Java 6 Update 37, and Java 6 Update 38 to its Firefox add-on block list, following yesterday’s news of a new vulnerability. The critical security hole, which allows attackers to execute malicious software on a victim’s machine, is currently being exploited in the wild and is also available in common exploit kits. Firefox users are protected by either existing plugin blocking or Click To Play defenses.

The Click To Play feature ensures that the Java plugin will not load unless a user specifically clicks to enable the plugin. This protects users against drive-by exploitation, one of the most common exploit techniques used to compromise vulnerable users. Click To Play also allows users to enable the Java plugin on a per-site basis if they absolutely need the Java plugin for the site. This feature is available as of Firefox 17.


--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit
reply to FFH

I have Java installed but disabled in browsers. That said I have one (non-internet related) application that requires Java to run.
--
Don't feed trolls--it only makes them grow!



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

Do Not run Java



aussiedog

join:2007-01-10
Colorado Springs, CO
reply to StuartMW

+1



rfhar
The World Sport, Played In Every Country
Premium
join:2001-03-26
Buicktown,Mi
reply to FFH

I disabled Java months ago and have not found a site that required I need it since.



planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI

1 edit
reply to FFH

Uninstalled from 1 desktop (XP) and 2 laptops (XP & Win 7) . My Ipad --iOS 6 doesn't allow java or flash

Haven't noticed any need for java. Occasionally but few and far between, sites aren't viewable w/o flash.



FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

1 recommendation

reply to rfhar

said by rfhar:

I disabled Java months ago and have not found a site that required I need it since.

Try some of the TOOLS on dslreports.com. They need Java. Like the Tweak test.
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.


rfhar
The World Sport, Played In Every Country
Premium
join:2001-03-26
Buicktown,Mi
reply to FFH

I have not felt the need to do a tweak test on the last couple of operating systems and use the speed tests that are not Java.


OZO
Premium
join:2003-01-17
kudos:2
reply to FFH

No, I don't have it and/or use it. This approach has saved me lot of my time, which otherwise would be wasted on endless security updates, required for the Java package. If some site insists on using Java I simply go away from it and usually just find a good alternative...
--
Keep it simple, it'll become complex by itself...



FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5
reply to FFH

said by FFH:

Mozilla has decided to add an automatic block of the Java plug-in in Firefox that can be overridden by the user on an individual use basis or a web site white list.

Apple has now also blocked Java on the OS X platform:
»www.macrumors.com/2013/01/11/app···-threat/
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.


FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

Security company knocks Oracle big time for not fixing problem completely when notified initially in Aug, 2012. And now says ransomware exploits are all Oracle's fault.

»thenextweb.com/insider/2013/01/1···somware/

according to Security Explorations, the security firm responsible for identifying most of the latest Java vulnerabilities. Back in late August 2012, the company informed Oracle about the insecure implementation of the Reflection API, dubbed Issue 32, and Oracle released a patch for it in October 2012, but the fix wasn’t a complete one.

“The zero-day code would not work if Issue 32 was properly addressed,” Security Explorations CEO Adam Gowdiak told Softpedia.

We sent Oracle additional Proof of Concept code for Issue 32 that illustrated this exploitation vector in Sep 2012.”

Cool Exploit Kit (CEK), already included the latest Java exploit. Before we dive in to how CEK is already being used to push ransomware... CEK has been used to distribute ransomware before, but now it’s also using this latest Java vulnerability to do so. Trend Micro has detected the exploits in question as JAVA_EXPLOIT.RG and HTML_EXPLOIT.RG, as well as the ransomware payloads as Reveton (TROJ_REVETON.RG and TROJ_REVETON.RJ).

I use Firefox 18, which has Java blocked from running. If I absolutely need to run a Java app and completely trust the web site, I can open up an IE tab using an IE Tab addon to run it.

--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

reply to FFH

Installed but both browsers require my permission to launch it.


Bob4
Account deleted

join:2012-07-22
New Jersey
reply to FFH

I can't play Minecraft without Java!



plk
Premium
join:2002-04-20
united state
reply to FFH

Had it for speed tests but now its gone forever.



jadinolf
I Love You Fred
Premium
join:2005-07-09
Ojai, CA
kudos:8
reply to FFH

Pulling BIG SWITCH on Java.



Bach
Premium
join:2002-02-16
Flint, MI
reply to FFH

I had it installed on one PC to infrequently run a Java based chat-room app, but it's now uninstalled.



aussiedog

join:2007-01-10
Colorado Springs, CO
reply to FFH

said by FFH:

said by rfhar:

I disabled Java months ago and have not found a site that required I need it since.

Try some of the TOOLS on dslreports.com. They need Java. Like the Tweak test.

If you use Firefox or IE9, merely enable JAVA for an accurate speed test then disable it again. No Script gives the same control in Firefox but I have knocked JAVA out of constant contact with the browsers for now.
--
If I can only find my keys...


kingdome74
Let's Go Orange
Premium
join:2002-03-27
Syracuse, NY
kudos:5
reply to FFH

On all of my computers Java is disabled by default.



Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
reply to FFH

I wish I couldn't but I need it for juniper vpn because juniper software is just about as bad as oracle.



Oregonian
Premium
join:2000-12-21
West Linn, OR
reply to FFH

Installed but disabled in browsers.



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to FFH

Disabled.


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

reply to FFH

I use Java a lot. It is required for accurate speed tests. Flash tests are not accurate.

The application that should be disabled by meddlesome browsers is Flash not Java. Flash should be allowed only by toggle switch. Tell me why Mozillia and Apple are such hypocrites?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1

because they're in league with nvidia



exocet_cm
Free at last, free at last
Premium
join:2003-03-23
New Orleans, LA
kudos:3
reply to FFH

All of my HP and Dell switches and UPS management cards use and require java.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

I think that's so because that kind of software needs to run on many platforms. It's exactly the kind of application that Java was designed for (i.e. platform independence).
--
Don't feed trolls--it only makes them grow!



Anonymous
Premium
join:2004-06-01
IA
kudos:2

1 recommendation

reply to FFH

I use Java and keep it updated all the time.
--
I speak for myself, not my employer.



Grail Knight

Premium
join:2003-05-31
Valhalla
kudos:6
reply to FFH

Installed but have it available on a per site basis.
Really have not had a need for it in some time.
--
"Paranoia, the destroyer"