dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5078
share rss forum feed


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit
reply to FFH5

Re: [POLL] Do you use Java; disable it; or uninstall it ?

Yes well they haven't been so concerned in the past. But as you said "the heat is on" this time due to the media attention etc.

FYI »Is Oracle Java 7 Update 10 Going to Improve Security?

--
Don't feed trolls--it only makes them grow!


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

reply to FFH5
said by FFH5:

»www.reuters.com/article/2013/01/···20130112

...
Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. ...

Fascinating... eliminating both Java and Adobe Reader would of itself have effectively eliminated 78% of hacker break-ins last year, by Kaspersky's stats. There's something sobering about that...
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to StuartMW
said by StuartMW:

Yes well they haven't been so concerned in the past. But as you said "the heat is on" this time due to the media attention etc.

FYI »Is Oracle Java 7 Update 10 Going to Improve Security?

OTOH, if the pressure gets to high, they could simply discontinue support for Java, or sell the licensing rights to someone else. At one time, selling it might have been relatively easy (Microsoft might have bought it just to kill it), but now...
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
Well Microsoft developed .NET after Sun sued them for having their own JVM. Oh the ironing

Maybe someone would buy it. Adobe bought (Flash from) Macromedia. Not sure if that's working out so well for them
--
Don't feed trolls--it only makes them grow!


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 recommendation

reply to Blackbird
said by Blackbird:

said by FFH5:

»www.reuters.com/article/2013/01/···20130112

...
Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. ...

Fascinating... eliminating both Java and Adobe Reader would of itself have effectively eliminated 78% of hacker break-ins last year, by Kaspersky's stats. There's something sobering about that...

That is why I always disable the Adobe PDF plug-in in my browsers. My default PDF action is "save as a file". I also disable all scripting and external application launch capabilities in the Adobe PDF reader.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
said by NetFixer:

That is why I always disable the Adobe PDF plug-in in my browsers. My default PDF action is "save as a file".

Yup

»'Better than Adobe' Foxit PDF plugin hit by worse-than-Adobe
--
Don't feed trolls--it only makes them grow!


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
Reviews:
·Cox HSI
·Speakeasy

1 recommendation

reply to Dustyn
said by Dustyn:

Installed but both browsers require my permission to launch it.

This is what I do as well. There are times when I must use it, but I know that when I do, it's at my own risk.


90115534
Someone is sabotaging me.Finding out who
Premium
join:2001-06-03
Kenner, LA
reply to FFH5
I don't even have it on my computer.

Never liked it.

vister

join:2009-09-16
Montreal-Nord, QC
reply to jaykaykay
I just uninstalled


kingdome74
Let's Go Orange
Premium
join:2002-03-27
Syracuse, NY
kudos:5
Reviews:
·Verizon FiOS
said by vister:

I just uninstalled

Same, been spending most of the day taking it off my computers. It was never enabled but there's no sense taking any chances.
--
#7 and climbing again... 3-0 in Big East. Scott Shafer named Syracuse's head football coach. He was our defensive coordinator for the last 4 years and I look forward to even better things next year!


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to Anonymous
said by Anonymous:

I use Java and keep it updated all the time.

Doesn't matter, even the newest update is vulnerable.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to FFH5
Thanks for the thread and especially the poll. It's been interesting watching the ebb and flow of YES and NO response totals... kind of like watching the returns in a close election. The most surprising thing is that I'd never have suspected Java usage to be anywhere near up around 50%... I'd have guessed more down in the 10-15% range, based on my own observations.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by Blackbird:

Thanks for the thread and especially the poll. It's been interesting watching the ebb and flow of YES and NO response totals... kind of like watching the returns in a close election. The most surprising thing is that I'd never have suspected Java usage to be anywhere near up around 50%... I'd have guessed more down in the 10-15% range, based on my own observations.

I suspect that many of those who use it, do so for local or intranet applications. Locally stored and run Java applications are no more insecure than any other executable. And FWIW, I have a "not so smart" cell phone (which I am using to make this post), and all of the applications on it are Java based.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

Just Bob
Premium
join:2000-08-13
Spring Hill, FL
reply to FFH5
While I'd like to ditch java completely I use Firefox and NoScript. I'd appreciate comments on that.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by Just Bob:

While I'd like to ditch java completely I use Firefox and NoScript. I'd appreciate comments on that.

I can see several other posts in this thread mentioning the use of NoScript (although some spell it No Script, and some don't explicitly mentions Firefox, so perhaps that hampered your search). Exactly what kind of comments are you looking for?

Ultimately, you are going to have to decide for yourself if you really need/use Java enough to keep it on your PC(s).
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

Just Bob
Premium
join:2000-08-13
Spring Hill, FL
I understand the basics. NoScript goes beyond java.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 recommendation

said by Just Bob:

I understand the basics. NoScript goes beyond java.

         
And Java is one of the things that NoScript can optionally block.
         


--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


Khaine

join:2003-03-03
Australia
reply to FFH5
I still have java installed because I need it for GlimmerBlocker. However, I don't enable the java webstart stuff and disable java within Safari and Firefox


Anonymous
Premium
join:2004-06-01
IA
kudos:2

1 recommendation

reply to La Luna
said by La Luna:

said by Anonymous:

I use Java and keep it updated all the time.

Doesn't matter, even the newest update is vulnerable.

Oh I know but i also don't click on random links and I use Chrome so it needs permission before it runs.
--
I speak for myself, not my employer.


Pentangle
With our thoughts we make the world.
Premium
join:2006-06-01
Vancouver BC
kudos:2
reply to FFH5
Uninstalled months ago on the desktop and laptops. Gone baby, gone.


FFH5
Premium
join:2002-03-03
Tavistock NJ
kudos:5

2 recommendations

reply to Khaine
said by Khaine:

I still have java installed because I need it for GlimmerBlocker. However, I don't enable the java webstart stuff and disable java within Safari and Firefox

The latest Java releases have the ability to stop drive-by java apps runs at bad web sites if implemented in your browser. Firefox has implemented the 2 step verification process in FF 18.


Java Security stops driveby install


Firefox implement new Java option


2nd step verify of Java OK in FF


So it is possible to keep Java installed and not suffer drive-by installs of the Java exploit.
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

reply to FFH5
»JAVA 7u11 now available for download
--
Don't feed trolls--it only makes them grow!


FFH5
Premium
join:2002-03-03
Tavistock NJ
kudos:5

1 edit
Installed without problems on a Win 8 and a Win 7 system. But I am still keeping the prompt and 2 step verification security options I listed in post above.
»Re: [POLL] Do you use Java; disable it; or uninstall it ?
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.

TechnoGeek

join:2013-01-07
reply to aussiedog
I left Java on, but with NoScript in Firefox I should be okay. Hopefully Oracle patches this quick.


FFH5
Premium
join:2002-03-03
Tavistock NJ
kudos:5
said by TechnoGeek:

I left Java on, but with NoScript in Firefox I should be okay. Hopefully Oracle patches this quick.

As another poster said above. It has now been patched.
»Re: [POLL] Do you use Java; disable it; or uninstall it ?
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.

TechnoGeek

join:2013-01-07
reply to FFH5
D'oh, nice. That's what I get for not reading the thread.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to FFH5
The prompt from Java comes not from Fx, or any browser, but from YOU setting the security slider for Java in the control panel to "high" or "very high". You will get the prompt on ALL browsers with the Java security slider set at "high" or "very high".

You can permanently approve sites you trust or elect to see the prompt every time at all sites.

I experimented with the slider as soon as Oracle released a Java version that has it. I will keep it on "high" with no trusted sites exempted. That means though that every time I want to do a speed test I will see the the prompt as I do Web100 tests and those have no signed Java code (but the publicly available ones are all located at scientific institutions or universiities so hopefully attention is paid to keep the servers clean security wise.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

said by Mele20:

I experimented with the slider as soon as Oracle released a Java version that has it. I will keep it on "high" with no trusted sites exempted.

FYI the slider in Java 7U11 seems to default to "high".
--
Don't feed trolls--it only makes them grow!

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
That's interesting! Good for Oracle!

i was amused just now when I went to "java.com" website and clicked to test if my Java was working (7U10) and nothing happened. Finally, after more than the 20 seconds the test should take if Java is working properly, I got a Java prompt! I don't know about version 7U11 but on 7U10 getting that prompt with the slider at "high" (and "medium" being default) that means Oracle doesn't sign their code! At least, I think that High means prompt on all sites with unsigned Java code and "Very High" means prompt on all applets ....signed code or not.

I was also glad to see that Oracle disregarded their long standing policy of not offering the latest Java update at "java.com" until it had been out for one week but are offering it immediately there. Still though...I don't want to upgrade and have Java not work on Fx...yet Oracle is not going to fix the bug until next version...3 months away? The workarounds are rather cumbersome.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

MorpheusUK

join:2003-09-09
reply to FFH5
Yes, but I make a living as a Java developer (like most Java stuff these days that's bespoke business rather than consumer applications and server side web stuff) and have Eclipse IDE installed at home for the occassional stuff I do here. I also have Vuze installed and libreOffice which require/use Java.

I have the plugin in my browser but generally run noclick so it spends most of its time blocked except for special cases like my NAS drives software.
--
Just because you're paranoid, it doesn't mean they are not after you