dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3103
share rss forum feed


fuziwuzi
Not born yesterday
Premium
join:2005-07-01
Atlanta, GA
reply to TomBrooklyn

Re: Java: Ought It Be Removed?

I uninstalled Java on both my computers last fall. I haven't had a need for it since then.
--
Teabaggers: Destroying America is Priority #1


merlock
Premium
join:2003-04-05
Warner Robins, GA
reply to mouse
said by mouse:

Interestingly though, Secunia, a company that is providing online scans to check your system to see if you run all the latest patches on microsoft software and many other common programs (incl. Java) does require java to work.
So if you want to use their service, you will need to keep at least one browser with plug-in for java.

I don't have Java on my machines, and run PSI v2.0.0.4003 without any problems whatsoever.


urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable
reply to TomBrooklyn
said by TomBrooklyn:

Ought Java be removed from all computers that don't absolutely require it for some important business?

Yes, of course, it should be a rule for any IT professional to remove Java on any PC they're responsible for unless they know for certain a user requires it. Many PC manufacturers like HP pre-installed it a few years prior and disabled auto-updating so people have it without knowing why.

I criticize the ineptitude of any person employed in IT that's come across Java on a system and hasn't evaluated whether it should be removed or not. For demonstrations to IT people, a year ago I used to travel to a few web sites that I knew could infect your system through Java simply by loading the page, then showed them the exploit deployment package in the Java cache.

If you're not sure, remove it and you'll find out after the fact. At least this will force them to get a newer version that's more secure... for about a week.

The Department of Homeland Security insisted that people remove Java. Oracle responded by patching 42 security holes that were relevant then, but Java is actively exploited.

Numerous studies have shown the largest percentage of infections target java - why offer the writers of malicious software another attack vector, one that's more prone to infection than Windows itself?


Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
Shouldn't that also be for all software?


urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable
said by Mike:

Shouldn't that also be for all software?

Not exactly... I don't believe there's another exploitable platform that takes the crown from Java. At one point it had more exploits than Adobe Flash / Reader and Windows XP. As far as I'm concerned, it should be removed from anyone's system that doesn't need it, even residential systems.

Java allows virus writers to target a platform, not just an OS. There are some cross-platform attacks in the wild that equally affect Windows & Mac.


Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
kudos:1
I mean if you don't need it, don't use it.

Flash, Java, Acrobat, and whatever flavor of the month that is out of date.


urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable
Oh, yea, for sure... although I expect it would be hard to support anyone, even relatives, if they don't have Adobe Flash or Adobe Reader. Once a year you'll get that phone call, "i can't open this file someone sent me!"

Ages ago an admin friend of mine with a *nix background experimented with the idea of 'no adobe products' but it was impossible on systems that were allowed net access since even some of the most professional corporate-oriented web sites use Flash in some way and when users cry to management that they can't access their web sites... the sky is falling.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to TomBrooklyn
I'd start by disabling it on systems, then see if anything else fails to run. If you or nobody else notices the disablement after a decent time interval, then dump it entirely. The same could be said for any software, but especially for software that's contributed so many security vulnerabilities as Java with regard to web browsing, and which seems to weekly surface yet another security hole. If you find a system requires Java for something, then leave it in place but keep it constantly patched, and keep it shut off when browsing (using the Java control panel) unless it's found to be absolutely necessary to run it.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


Mashiki
Balking The Enemy's Plans

join:2002-02-04
Woodstock, ON
kudos:1
Reviews:
·TekSavvy Cable
·Rogers Hi-Speed
·Bright House
reply to Steve
said by Steve:

No, it's Java that's the problem.

The JVM has had chronic bugs allowing escape of the sandbox, and this is equivalent to Windows OS vulns allowing escalation of limited users to admin.

I know it's an old joke, but Java uses a sandbox? Really?! Yeah, the sandbox is so broken it's more like a sieve than anything else. And really the only way to fix it is to nuke the entire codebase and do a rewrite from the ground up. I hate writing anything in java.

det427
Premium
join:2004-01-31
Santa Rosa, CA
reply to mouse
This is a good substitute to Secunia:
»browsercheck.qualys.com/

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
reply to redwolfe_98
(Nevermind, point already addressed by someone else)


workablob

join:2004-06-09
Houston, TX
kudos:4
Reviews:
·Comcast
reply to TomBrooklyn
Yes, it is best to remove it if you don't require it.

Unfortunately my job requires me to have Java but I run as a limited use with UAC on full blast.

Then, I use DeepFreeze and McAfee Antivirus Enterprise.

Dave
--
I may have been born yesterday. But it wasn't at night.


EDIT - Misspelled a word. I know. I am just as skoched as you.


GlennAllen
Sunny with highs in the 80s
Premium
join:2002-11-17
Richmond, VA
Reviews:
·Comcast
·Verizon FiOS

1 recommendation

said by workablob:

EDIT - Misspelled a word. I know. I am just as skoched as you.

Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by itslef but the wrod as a wlohe.


ninjadude

join:2002-01-06
Aurora, IL
reply to TomBrooklyn
did you also uninstall Windows? There are always "security vulnerabiltiies", there always will be. Keep your software updated. And stop listening to "chatter on the internet".


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
Reviews:
·Cox HSI
·Speakeasy

2 recommendations

reply to Mele20
said by Mele20:

As I have said many times, I will NOT remove Java. Why? Because for some weird reason I like to run RELIABLE speed tests...ones that give me excellent information and analysis.

+1. Why remove it when you can just turn it off and be able to use it when needed...such as those speed tests that are really accurate. Just have the darned thing off, turn on when needed, keep up to date, and Java won't hurt anyone.
--
JKK

Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!

»www.pbase.com/jaykaykay


TechnoGeek

join:2013-01-07

1 edit
reply to TomBrooklyn
I Java on my computer, but I:

a) have it switched off in the browser: which is where 99% of the problem would come from. I can re-enable it on an applet by applet basis.

b) Am running linux: even if you compromise my user account, you still need root access to do anything really damaging. And that requires a security prompt, which is going to raise a red flag.

In the browser, I have NoScript installed anyway, and configured it to block any active content (Java, JavaScript, Flash, etc) unless I allow it on a site by site basis.

If you are concerned about downloadable programs being a security risk, any program (Java or not) can cause you problems if you are not careful what you download and what OS you run. Java on the desktop is really not an issue, as it can do whatever your user account can do (just like a C++ program, or a Python program, etc).


mackey
Premium
join:2007-08-20
kudos:12
reply to ninjadude
said by ninjadude:

did you also uninstall Windows? There are always "security vulnerabiltiies", there always will be. Keep your software updated. And stop listening to "chatter on the internet".

Windows (or another operating system) is required to do anything with your computer. Java is not.

Java should be uninstalled unless it's needed. I can't believe the number of people in this thread saying "keep it installed even if you don't need it!!!!!"

Basic security 101. If you don't need it, uninstall it or shut it off.

/M


mackey
Premium
join:2007-08-20
kudos:12
reply to Mike
said by Mike:

Shouldn't that also be for all software?

Most other software only runs when the user launches the program.

With Java, viewing web pages causes your browser to "helpfully" run whatever code is on the web site, and the Java limitations to keep your computer safe have been broken time and time again (pretty much on a weekly basis).

/M

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

2 recommendations

Huh? Java does NOT run unless I allow it to run. Besides, there are not many websites that need Java. The only ones I know of are speed test sites like Visualware's "MySpeed", the various Web100 sites and the Java speed tests here (Flash speed tests are trash). There are probably some game sites (I play games on my computer but not online ones) that need it but willy-nilly most every site runs Java applets somehow silently in the background ...uh huh...not on my computers.

jaykaykay See Profile has it right. Keep it disabled except when needed and make sure the slider is at very high security and even then look carefully at the Java security request popup before granting Java the right to run its applet on that particular web page. (It goes without saying that the same should be done with Flash Player - even IE 10's builtin Flash can be disabled easily and enabled easily when really needed which is seldom as youtube will automatically play videos in HTML5 if Flash is disabled and no need to join the beta for HTML5). Plus, everyone should use some kind of extension on any browser (or use the Proxomitron) that puts a toggle switch on Flash and Java.

It sounds like you don't have good security on your computer thus you think Java and Flash should not be installed at all.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 recommendation

reply to mackey
said by mackey:

Windows (or another operating system) is required to do anything with your computer. Java is not.

Java should be uninstalled unless it's needed. I can't believe the number of people in this thread saying "keep it installed even if you don't need it!!!!!"

Basic security 101. If you don't need it, uninstall it or shut it off.

/M

What???

Everyone agrees it should be uninstalled OR disabled. I don't see anyone saying just "keep it installed even if you don't need it!!!!" and leave it enabled, except for a couple of people who actually use it.
--
The Alien in the White House

20,934 DEADLY TERROR ATTACKS SINCE 9/11


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to goalieskates
The thing I don't understand is that Facebook.com always prompts to run Java... why? I disabled that a long time ago but noticed it happens on other computers that have Java installed. I never allow it to run.


mackey
Premium
join:2007-08-20
kudos:12

1 edit
reply to Mele20
said by Mele20:

Huh? Java does NOT run unless I allow it to run.

Which is most definitely NOT the default way of running it, and mentioning that changes the basis for your argument completely. Yes it's possible, and really the only way to come close to making it not a please-compromise-me hole, but the vast majority of users have no clue how to do that.

said by Mele20:

It sounds like you don't have good security on your computer thus you think Java and Flash should not be installed at all.

Not true. Not wanting to deal with the possibility of accidentally clicking the wrong 'enable' button, not wanting to see the 'out of date' popup every few days, not wanting to download and install a new version every few days, and not wanting yet-another-updater constantly running in the background does NOT mean my computers' security is bad. Even compared to having it disabled, not having it installed to begin with removes the human error risk. Also, I have no faith someone who is not good with computers could reliably tell the difference between a good site/plug-in request and a bad one.

/M


Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth

1 recommendation

reply to jaykaykay
u meant damned thingie


Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth
reply to TomBrooklyn
itz memorial day 4keeeeerist sake.............do u have a life?
if u do not let me help u........u obviously have a cerebellum!
?

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to mackey
Check this forum on Microsoft Tuesday. Java and Flash usually have updates on the same day now. There are usually separate threads here announcing Java and Flash updates and links to getting the updates are given. You can bookmark the better update links (direct downloads with no possibility of "accidentally" installing unwanted added crap like toolbars) and simply use those on Microsoft Tuesday if you don't want to come here to read the Java and Flash update threads. It's not every few days but once a month, and occasionally more often but it so it is usually Flash with more than once a month updates and that is not every month anyway. Installing new versions of these two is not the hassle it used to be where you had to first uninstall the version you had and if Java it didn't uninstall correctly....that shit is pretty much a thing of the past now.

I do agree that the "my computer is a toaster" crowd will have problems with this updating once a month. You did not indicate though that you were aiming your remarks exclusively at that group.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable
reply to Mele20
said by Mele20:

Huh? Java does NOT run unless I allow it to run.

You're a unique and rare exception to the rule, a person who's gone out of his way to find a way to run Java as needed. Our comments are directed at 99.99% of the people that have Java on their systems.

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

1 recommendation

reply to Dustyn
said by Dustyn:

The thing I don't understand is that Facebook.com always prompts to run Java... why? I disabled that a long time ago but noticed it happens on other computers that have Java installed. I never allow it to run.

dustyn, when i go to facebook.com, i am never prompted to install java.. you said you are prompted to allow java to run, but, in my case, since i don't have java installed, i would be prompted to install a "missing plugin" ie java.. i never see that when i go to facebook.com..

SilentMan

join:2002-07-15
New York, NY

1 recommendation

reply to Dustyn
said by Dustyn:

The thing I don't understand is that Facebook.com always prompts to run Java... why? I disabled that a long time ago but noticed it happens on other computers that have Java installed. I never allow it to run.

Could be that you have subscribed to an application, shackled to Facebook, that requires Java.


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
Reviews:
·Cox HSI
·Speakeasy

2 recommendations

reply to Dustyn
said by Dustyn:

The thing I don't understand is that Facebook.com always prompts to run Java... why? I disabled that a long time ago but noticed it happens on other computers that have Java installed. I never allow it to run.

I solved that problem too. I don't use Facebook!


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to redwolfe_98
I can't say what it could be?
It's only on the "HOME" tab which lists all my friends news feeds.
Java wants to run as it triggers an IE prompt requesting to run it. On my actual profile landing page, there is no Java prompt. Again it's only with Internet Explorer.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP