Java! Uninstall It, Update it, or bend over and grab the ketchup!

By +Warwagon
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

Java! Uninstall It, Update it, or bend over and grab the ketchup!

For some of you, this is news!

If you have it, but don't know you explicitly really need it, please uninstall it immediately!!

Java is bad. Not by itself, but by the exploits it brings along with it. While you may have the most current version, the bad guys always seem to keep a zero day vulnerability close to their hearts!

The current version of Java (version 7) does in fact use DEP. Which should (in theory keep Vista and Windows 7 users safe, until proven it doesn't). For those of you using XP, you should come up with a really good reason why you still need java.

My mom who does stock trading. I tell her, "Please keep java updated. Only use Java with IE. The rest of the time, use Java Firefox and the Quickjava extension with Java DISABLED!"

While a lot of you love java, (I Love a cup of coffee as much as the next guy) Please take Java seriously, otherwise you may be looking down a malware infested barrel, called a rootkit infested machine!

For those of you who know and program in Java and are OK with the consequences of having it installed "More power to you!".

For the rest of the Neowin members, if you have Java, that's great, but please (for the love of god) keep it up to date, or disabled until you need it!

Walfgang Kandek, CEO of Qualys, said that the 200,000 who visited broswere security service BrowserCheck in July 2010 ? January 2011, 42% of them were running versions of plug-in Java that had not been updated and contains known vulnerabilities. Only 24% of them were older versions of Flash that include also vulnerabilities. Other applications risky because old versions are Adobe Reader (32%) and Apple QuickTime(25%).

During 2010, Oracle released several updates to address vulnerabilities Java . One last update addresses a group of 21 vulnerabilities, 8 of them considered critical. 19 of which can be exploited through a network not valid without the required login data. It is the second warning that draws attention to Java , after the December, released by Cisco, which announced that attacks through Java had surpassed the number on the Adobe Reader and Acrobat in 2010.

From that blog post:

?During the one year period starting in the third quarter of 2010 (3Q10) and ending in the second quarter of 2011 (2Q11), between one-third and one-half of all exploits observed in each quarter were Java exploits[1]. During this one year period, Microsoft antimalware technologies detected or blocked, on average, 6.9 million exploit attempts on Java related components per quarter, totaling almost 27.5 million exploit attempts during the year.?

The exploit attacks a vulnerability that exists in
Oracle Java SE JDK and JRE 7 and 6 Update 27
and earlier. If you are using
Java 6 Update 29
, or
Java 7 Update 1
, then you have
that is patched against this and 19 other security threats. If you are using a vulnerable version of Java, it?s time to update. Not sure whether you have Java or what version you may be running? Check out
, and then click the ?Do I have Java?? link below the big red ?Free Java Download? button. Apple
to fix this flaw and other Java bugs earlier this month.

Enthusiast

Zkal

Posted
Posted

What's so special about Java that it deserves its own thread? Doesn't this rule apply to any software; update it or risk getting infected.

This plus just disable Java in your browser. That's what I do since only thing I use Java for is Minecraft.

Proficient

Beyond Godlike

Posted
Posted

I work in information security where we have IDS's setup. We regularly see java getting owned and malware being installed even on current versions within corporate environments. On peoples home PC's..yikes...

Grand Master

Chicane-UK Veteran

Posted
  • Veteran
Posted

I fricking hate Java.. I think the fundamental concepts of the language, and it being cross platform etc are excellent but like so many things to do with Oracle, it's just been horrendously implemented.

It seems to need updating on a near weekly basis and even if you turn off automatic updating, it still bugs you about updating. Not to mention how unreliable it is and the penchant it has for locking up / breaking. Hateful. I just wish it would go away and die somewhere quietly, and take Oracle with it.

Grand Master

cork1958

Posted
Posted

Will NEVER install Suns version of this total POS software!!

The ONLY use I have really ever seen for this bloated, insecure junk is java speed tests. I simply don't run those.

The 3 most attacked (and crappiest) pieces of software ever written, IMO, are java, flash, Windows!!

Grand Master

SuperKid

Posted
Posted

I would remove it, but i can't I am a java programmer and I need it to make server applications with!! :p I would NEVER EVER use Java for desktop applications period, but for server applications its great :)

Collaborator

jimmyfal

Posted
Posted

People are always asking me how to stay secure with their computers. Then I spin into the "keep Windows up to date, keep adobe up to date, adobe everything, and keep java up to date.

After their eyes stop glazing over I then walk over to the "laptop", remove java from the control panel, stop the computer from going to sleep every 20 minutes, and set Windows updates to happen at 3pm every day not 3am. Then I update Adobe and hope that they get the Adobe download that asks if you want to keep it up to date automatically. Where can I make that happen anyway? I can't seem to find that download all the time. Sometimes Adobe will provide a check mark to keep it updated automatically and sometimes it won't.

Then I put on MSE because it pretty much takes care of itself and set it to also scan once a week during the day. THEN I tell them to try and leave the computer on at 3pm every now and then to insure all the updates happen. OR do the updates manually.

Is it too much to ask the consumer to keep their computers updated to avoid getting viruses? That's the easiest question of all. YES. Warwagon knows...

Grand Master

leesmithg

Posted
Posted

I removed Java 7 and 6. I like playing dominoes and yahoo pool.

They don't work on it.

J2SE v1.5.0 is what yahoo tries to install and that works.

I wish we could have ms virtual machine which I enjoyed, but, NO.

Collaborator

Coolicer

Posted
Posted

I would remove it, but i can't I am a java programmer and I need it to make server applications with!! :p I would NEVER EVER use Java for desktop applications period, but for server applications its great :)

Wait, what? People are actually using JAVA applications on servers? Is it a heavy-load server or just a server that runs JAVA applications for some small tasks?

Veteran

Emon

Posted
Posted

Wait, what? People are actually using JAVA applications on servers? Is it a heavy-load server or just a server that runs JAVA applications for some small tasks?

http://en.wikipedia.org/wiki/Java_Platform,_Enterprise_Edition

Grand Master

Seizure1990

Posted
Posted

Java should be destroyed entirely. The only reason that it exists is that the .NET framework hasnt been opened to other OSs. If so, C# would **** all over it.

Uh, check out Mono. Woops, there goes your theory.

Java exists for a few very good reason, though you may not be aware of them.

Is it too much to ask the consumer to keep their computers updated to avoid getting viruses? That's the easiest question of all. YES. Warwagon knows...

I think ANYBODY who's worked in the repair industry knows - it's impossible :p

Wait, what? People are actually using JAVA applications on servers? Is it a heavy-load server or just a server that runs JAVA applications for some small tasks?

There are servers that actually run on Java, yes. Depending on the situation, it can make a lot of sense.

http://en.wikipedia....avaServer_Pages

http://en.wikipedia.org/wiki/Sun_Java_System_Web_Server

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By Neonix1 · Posted

      The memory and nvme can be swapped and upgraded with standard parts. But the GPU cannot, which is the weakest part of the box. It's a dead product at these prices.
    • Microsoft releases major feature updates for stock Windows 11 apps

      By matthiew · Posted

      Sounds like the debloated build you are running is missing some components that the Photos app and Snipping Tool rely on.
    • Microsoft is building an AI datacenter that "uses less water than a fast food restaurant"

      By Legend20 · Posted

      Apparently, Microsoft doesn't use water in their taps, washrooms or clean their facility. /sarc
    • Anyone Here With Turbo Pascal Experience?

      By +Nik Louch · Posted

      Wow, throwback.  VERY VERY briefly - but realised that it wasn't the language I needed for the tasks I was taking on.
    • Apple and Tesla trade secrets reportedly exposed following a Tata Electronics cyberattack

      By Hamid Ganji · Posted

      Apple and Tesla trade secrets reportedly exposed following a Tata Electronics cyberattack by Hamid Ganji Image via Depositphotos.com Tata Electronics has confirmed that it detected a cybersecurity incident in some of its systems. The Indian company is a manufacturing partner of both Apple and Tesla, and the incident may have exposed some trade secrets belonging to the two American companies. The World Leaks ransomware group is said to be behind the attack, and it has reportedly posted up to 200,000 files on the dark web, including component designs and specification documents related to Apple and Tesla products. Tata Electronics told Reuters that its response protocols were deployed immediately and that the “incident has had no impact on our operations across businesses, which remain unaffected.” The ransomware group reportedly sent a ransom demand to Tata Electronics, while Apple has launched an investigation into the incident. World Leaks claims it stole more than 200,000 files totaling over 630GB from Tata Electronics. Some database files on the ransomware group’s website are titled "com.apple.factorydata," which could refer to Apple’s iPhone production operations in India. Moreover, some documents reportedly contain material specifications and quality inspection standards for iPhone circuit board components. However, Apple is not the only affected company. A folder found in the World Leaks database is titled "NV36 Chargeport Controller - North America," which may refer to Tesla Model Y components. Additionally, other files in the database reportedly contain drawings related to Tesla’s Project Highland, the internal codename for the EV maker’s updated Model 3 sedan. To support the authenticity of the stolen files, World Leaks has published documents containing footers that read: "This document contains proprietary and confidential information of Apple Inc." and "information contained herein is deemed confidential, proprietary, and a trade secret of Tesla Inc." Cybersecurity researcher Rajshekhar Rajaharia told Reuters that the database also contains emails, event logs spanning several years, and passport copies of employees, including foreign nationals. Both Tesla and Apple have declined to comment on the scale of the incident.

  • Recent Achievements

    • One Month Later
      nates earned a badge
      One Month Later
    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post
    • Dedicated
      tuben earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      487
    2. 2
      +Edouard
      201
    3. 3
      PsYcHoKiLLa
      96
    4. 4
      Michael Scrip
      91
    5. 5
      neufuse
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!