Java! Uninstall It, Update it, or bend over and grab the ketchup!

[majortom1981]

If you ain't using 1.7.02 for reasons other than not working with your stuff, please punch yourself.

did they ever fix the error with the IE extension that 1.7 installs?

[ArialBlue]

did they ever fix the error with the IE extension that 1.7 installs?

*shrug*

[+Warwagon MVC]

what about the ketchup?

I used ketchup because it's the color of blood. I'll let your mind wander from there.

[Xerax]

The 3 most attacked (and crappiest) pieces of software ever written, IMO, are java, flash, Windows!!

/facepalm. Really?

[+Warwagon MVC]

What I think he means is if you take Linux, MacOS and Windows. Windows is most likely targeted while browsing around the internet without updates.

As is Flash and Java, especially Java!

[hotdog666al]

Lmao @ the idiots saying Java is fine.

If you consciously keep it up to date, and disable the plugin in your browser, it's fine. If you surf with an out-dated version you're dead meat.

I wish I could update mine more frequently, but I have to fiddle with my EMET settings and reboot every time I want to run the updater.

[Daedroth]

Disabling Java in work would eliminate two of the ways we can configure and maintain our HP ProCurve switched network. One is the Java-based web interface each switch has. Granted, configuration and maintenance can be done via telnet/command line, it doesn't hurt to have more than one communication method.

The second, which would hinder us greatly is the HP ProCurve Manager, which is also built on Java. This allows us to maintain all our core and client switches, as well as our wireless controllers and access points.

Without Java, much of our network would be much harder to maintain.

[+Warwagon MVC]

Lmao @ the idiots saying Java is fine.

If you consciously keep it up to date, and disable the plugin in your browser, it's fine. If you surf with an out-dated version you're dead meat.

That was a perfect way to put it!

[Brandon H Supervisor]

I hate Java, and if Minecraft didn't run off of it I probably wouldn't even have it installed

[+Majesticmerc MVC]

People don't need to uninstall Java, they just need to disable the browser plugins. Java as a cross platform framework is fine, it's just the browser plugin increases a browsers exploit potential enormously. Java as a runtime has it's uses, and uninstalling it entirely because of it's browser plugin is like dropping a nuke on an ant hill IMO.

[Raa]

Here we go again, Warwagon's on the Warpath again!

I agree Java's quite the hog, but sadly, it's required for a lot of stuff I/we use today, so it's largely unavoidable. And no, alternative products don't exist to switch to.

[Azies]

Tell Notch to code Minecraft in something other than Java and I'll happily ditch, until then I'll take a cautionary approach to it, keeping it updated, keeping my malware and anti-virus scanners updated, and making sure Windows is updated, as well as every Windows machine on my network.

[Brandon H Supervisor]

Tell Notch to code Minecraft in something other than Java and I'll happily ditch, until then I'll take a cautionary approach to it, keeping it updated, keeping my malware and anti-virus scanners updated, and making sure Windows is updated, as well as every Windows machine on my network.

I wish it were that easy lol

If I remember correctly Notch said at one point that the main reason he went with Java in the first place was because it was a language he knew how to work with well, and that at this point (this was awhile ago I mind you) that it'd be too much of a pain in the ass to port it over to a different language

which is completely understandable by him, but I can still dream :p

[ArialBlue]

Minecraft is one of the worst examples of Java coding.

It is horrendeously slow and a momory hog.

[Seizure1990]

Minecraft is one of the worst examples of Java coding.

It is horrendeously slow and a momory hog.

How can you even say that without seeing the source code? And do you have a current version, or have you just seen someone play the game a few months ago? People forget that the game has actually been in BETA until very recently.

[articuno1au]

For you Warwagon.. I choose bend over ;)

[kizuran]

1. Not Back Page News material
   
2. Never seen malware via Java.
   

Oh it's out there, insidiously lurking warez(ed) materials & p2p in general. :huh:

Users who download stuff using gnutella p2p & java-based file-sharing programs are the (typically) worst amongst my desktop support clientele.

They use Windows... use either outdated &/or weaksauce antivirus software (if any @ all)... visit all manner of heinous websites... download suspicious music and video files that I would mentally flag as "whoa there!" instantly... and wonder why I "charge so much" to attempt to recover their OS/data to a useable state! :/

[ArialBlue]

How can you even say that without seeing the source code? And do you have a current version, or have you just seen someone play the game a few months ago? People forget that the game has actually been in BETA until very recently.

You do not need to see the source code to easily realize that Minecraft is horrible.

Just like you do not need to look at GTAIV source code to realize that it is a bad PC port.

Minecraft uses very small textures and super-low polygon count models.

The world is made out low res textured cubes which repeat themselves.

Stuff like Mushrooms seem to be made out of 2 or 4 two-dimensional planes with bitmask transparency.

You see more polygons and more texture information just in the face of some bad guy from a modern FPS game.

Rendering highly repetitive super-simple objects is not difficult (there are many optimizations/shortcuts which are standard for these things),

additionally anyone with a brain wouldn't render _everything_ but just the things which are visible.

Additionally, anyone with a brain would thread any modern game to separate things out a bit.

So there is nothing about Minecraft that should make it require any more hardware power than an old 2Ghz Single Core, right?

Wrong!

Minecraft requires something like a Core 2 Duo to run smoothly and about 2GB RAM (unless you like disk trashing) and it is pretty much single threaded based on what I read (and my task manager...).

Oh and before you start defending Minecraft, realize that there are half a thousand of pages of people complaining and that is just one thread.

So my point stands,

Minecraft is a very bad example of Java coding and it may be hurting Java.

[articuno1au]

While I agree with you in the technical stand point, you are completely wrong about it being bad for the language.

Those of us who know it's bad already know that Java is bad when misused. Thus we learnt nothing new.

Tons of new people are being exposed to Java as a result of it. /shrug

Humbug :p

[BetaAddict]

In an age of HTML5, javascript, and Flash, I cannot remember the last time my java client even bothered to load up. Nevertheless, I somehow still keep it installed. JRE 7 has been out for weeks actually through manual download on their developers site. But again, I could just install java altogether and not lose any function on my computer.

[+BudMan MVC]

There are quite a few commercial websites that require java not just fun stuff like minecraft. I run into it a couple of times a week supporting web filtering with issues in using the proxy. Be it the applet does not auth to the proxy, or regardless of the machine/java settings does not want to use the proxy, etc

It is highly unlikely that in a business environment you could get by without having some version of it installed. Problems are more related to which version you have installed and what either a website needs or application requires. Have had quite a few problems over the years where just badly written stuff does not pick the correct version if you have more than one installed, etc. And companies just not updating their code to use the most current version available. This is where I see one of the big issues with java in general. If you going to write code for java, then keep up with the times as they update it -- still run into stuff that requires 1.3.1_02 etc.. and if you running the latest just doesn't work.

As to anything from a security standpoint if you do not have a need then by all means there is no point for it to be available. Least Privilege would tell you that if user has no use for it, then why should user/application have access to it. If you have no need of java, then there would be no reason for it to be installed on your machine - this is just common sense and standard security practice. You don't run services/applications/protocols that you have no use for - and be it I personally think the risks of java in general are being a "bit" exaggerated here. I have to agree if you have no need of it, then it should not be installed/enabled.

If you have need of it, then by all means you need to keep up with updates and best security settings for said anything.

But you can not just make a blanket statement like if you have it installed you might as well bend over, etc. There are risks with any sort of anything you install on your machine, the more things like flash/java/silverlight/shockwave/etc that you install onto your machine exposes your machine to more risks -- this is just plain common sense that in this day an age should not have to be explained to anyone that uses a computer. Just like allowing the public access to a web/ftp server exposes you more than if they did not have access to these services.

Seems to me someone got bit, and is just venting ;)

[+Warwagon MVC]

But you can not just make a blanket statement like if you have it installed you might as well bend over, etc. There are risks with any sort of anything you install on your machine, the more things like flash/java/silverlight/shockwave/etc that you install onto your machine exposes your machine to more risks -- this is just plain common sense that in this day an age should not have to be explained to anyone that uses a computer. Just like allowing the public access to a web/ftp server exposes you more than if they did not have access to these services.

Seems to me someone got bit, and is just venting ;)

Actually I said "Uninstall it, Update it OR bend over and grab the ketchup" Meaning uninstall it if you don't need it, up date it if you have it otherwise you might as well bend over!

[+BudMan MVC]

"up date it if you have it"

And while I 100% agree with that statement from a general security standpoint - with java this is where I mostly see an issue -- as I stated sometimes it not possible to update it, there are things that require specific version to work correctly. We have some kronos timekeeping stuff that just will not flat out work correctly if not using specific distribution of java.

Love to update it, love to get it off the systems -- but since locked into to using application X from company Y and they will not fix it your stuck between rock and hardplace -- from security point of view you should not be running such old version, but from business point of view they need application X to work ;)

This is the part that sounded like someone having to deal with issue of getting bit from java

"but please (for the love of god) keep it up to date, or disabled until you need it!"

And yes you did state "but don't know you explicitly really need it" for clarification etc.. But to me your warning did have a bit of "the sky is falling" feel to it ;)

Yes I agree there is elevated risk in having anything installed/enabled that you are currently not actively using/required to do your day to day routine, etc.

And sure if not using you could remove -- but same could be said for file and print sharing.. If you have no need for file sharing, there really is no reason to have it enabled on your machine.. Should everyone disable it? Should we be posting "for the love of god" please disable it??

Its one of those things that you might not use daily, but then again you never really know when you might run across something that needs it.. Just like file sharing -- you might not move a file between your home machines daily. But do you really want to have to go through the hassle of enabling it on the machine you want to copy a file every single time you want to copy a file?

You never know when your going to hit a website that requires java -- should you leave it uninstalled until you run across one of those sites? Should you uninstall it after you done with said site? You might not go back to that site ever, you might not hit it again for 3 weeks, etc. etc.

I agree with the security aspect of not having things installed/enabled if you don't need them -- but then again there is a matter of convenience that most users want.. Where **** just works when you run across it, be it a website or when you want to copy a file.

I have java installed on all my machines, and I have no plans to uninstall it -- but I do have it updated, and did just recently move from 6 update 29 to 7 u2 vs 30 on 6.. Things like java and flash are pretty much necessary evils if you ask me -- yes I believe anyone that is in IT has more than likely ran across some pain with java. But then again its also some pretty slick ****!!

But sure I agree -- if you have NO use for it, then by all means you would be safer uninstalling it. But I personally think the "for the love of god" part about uninstalling it bit much ;)

[majortom1981]

I am guessing nobody knows if they fixed the ssv helper bug in java 1.7?

[+Warwagon MVC]

And yes you did state "but don't know you explicitly really need it" for clarification etc.. But to me your warning did have a bit of "the sky is falling" feel to it ;)

In the case of having an older version of java on a machine and also having it enabled in the browser while browsing the internet, "the sky is Falling" , is not an exaggeration. If a person fits that scenario, they are a done turkey.

However, I do recommend the addon "Quickjava" (or noscript) for Firefox which lets you turn java off in the browser until you need it. In that case you would probably be ok. I would also recommend using something like sandboxie to sandbox the internet activity, just in case.

Should everyone disable it? Should we be posting "for the love of god" please disable it??

In the case of java and the severity of it's exploitation, sounds about right :yes:. When you pass flash in the infection vector list, that's saying something

Walfgang Kandek, CEO of Qualys, said that the 200,000 who visited broswere security service BrowserCheck in July 2010 ? January 2011, 42% of them were running versions of plug-in Java that had not been updated and contains known vulnerabilities. Only 24% of them were older versions of Flash that include also vulnerabilities. Other applications risky because old versions are Adobe Reader (32%) and Apple QuickTime(25%).

During 2010, Oracle released several updates to address vulnerabilities Java . One last update addresses a group of 21 vulnerabilities, 8 of them considered critical. 19 of which can be exploited through a network not valid without the required login data. It is the second warning that draws attention to Java , after the December, released by Cisco, which announced that attacks through Java had surpassed the number on the Adobe Reader and Acrobat in 2010.

Read more: http://computersight.../#ixzz1h6FIlfVj

From that blog post

?During the one year period starting in the third quarter of 2010 (3Q10) and ending in the second quarter of 2011 (2Q11), between one-third and one-half of all exploits observed in each quarter were Java exploits[1]. During this one year period, Microsoft antimalware technologies detected or blocked, on average, 6.9 million exploit attempts on Java related components per quarter, totaling almost 27.5 million exploit attempts during the year.?

The exploit attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier. If you are using Java 6 Update 29, or Java 7 Update 1, then you have the latest version that is patched against this and 19 other security threats. If you are using a vulnerable version of Java, it?s time to update. Not sure whether you have Java or what version you may be running? Check out this link, and then click the ?Do I have Java?? link below the big red ?Free Java Download? button. Apple issued its own update to fix this flaw and other Java bugs earlier this month.

http://krebsonsecuri...p-threat-level/