that is crazy

(don't know if this is double posted)

its common to know that apple falls short when it comes to pachting your systems. thats why I'm glad I use windows coupled with safe browsing and anti-virus software. my never hasn't seen a virus for years now, and I can say no trogons for roughly 2 and half years now. its all about safe browsing. its never a good when someone's computer gets a virus or trogon so please do what is recommended and buckle down your macs to this vuln. by turning off java applets....this would be a bummer for me though because I play a lot of java based games online with my friends and family at yahoo games and games in windows live messenger with my girl.

however, to the author or anyone who can answer this question: when the user turns off java applets does that mean they can't use google docks? pesonally i don't use google docks but just for the sake of information I'd like to know.

People still use Java?

This is a rather sad reflection on the once-"cutting-edge" technology that is Java. No-one cares any more! Still, leaving an unpatched, known exploit is a bit stupid.

No one cares?

Apparently the criminals don't care.

Their entire skill set is focused on infecting Windows and developing the skills necessary to target a new platform isn't too much effort for too little gain.

Apple doesn't care because no ever bothered attacking them. Yes someone put a Trojan into some pirated mac software, but the blame and the responsibility for that falls on the end user not Apple.

Mac User's don't care because they never had to worry about this sort of thing before and they are not going to start until something actually happens.

Apple and Java is a mixed bag :(

I don't think Apple really wants to support Java any more. One hint is the lack of any JVM on the iphone and another is the long time it takes until Apple supports new Java versions.

I use SoyLatte http://landonf.bikemonkey.org/static/soylatte/ although this is a X11 application and thus not very good integrated, but it works for most Java apps even on older Apple hardware.

Java - too uncool for Apple

As a Java developer, I do love the fact that the mac comes with a better version of Java than MS ship for Windows. But that doesn't mean it is any good. Also, Apple like to leave all the old versions around, which may be good from a compatibility standpoint, but awful from a security perspective.

crApple==Macro$lut?

So is crApple now following Macro$lut in their secrioty issue management process, namely ignoring it in the hope that a) it will go away if no-one mentions it or b) wait until there are exploits out in the wild for the prob....... oh, wait. Scratch option b).

Come on crApple fannibopis. Why don't you defend "Those Who Can Do No Wrong"(tm). Or will you just stick your fingers in your ears and loudly yell "lalalalalalala I can't hear you. OSX is 100% secure! Lalalalalalalalala"?

So what

"Everyone that uses a Mac should care. The point isn't a trivial vulnerability, its the fact that Apple is so slow in patching their software, and that Macs aren't as invulnerable as the users and Apple make them out to be."

Please tell me how this impacts on my life in any way whatsoever and how I should 'care'. Should I stop using my Mac, sit here terrified or inconvenience myself by altering my habits?

I don't care. I never will care. And I will blunder around the net forever more knowing full well the chances of anything bad happening to be infinitesimal.

No OS is 'invulnerable', but when it comes down to the fact no harm will come to me in a month of Sundays, semantics are irrelevant.

Practically, I *am* invulnerable. And no smart alec preaching what I should or shouldn't feel or do makes no difference whatsoever.

Stick that in your pipes and smoke it!

"Plagued?"

My dictionary defines "plague" as, "cause continual trouble or distress to." (Yes, dangling preposition and all!)

Somehow, despite the existence of exploit code, one doesn't hear about Mac users "still" having "continual trouble or distress" from this problem. In fact, one doesn't hear that they "occasionally" have trouble or distress.

Maybe because OSX won't run the exploit until the user says she wants to run some strange program downloaded from AbandonAllHope.Com, the source of grief can be quickly shut down, if indeed it has infected more than a handful of Mac users.

I'm not claiming that we Macbois _mightn't_ have trouble, just that the headline seems horribly overwrought. As in, "Man Stomps on Elephant!!!" (without an elephant).

@Andy

"This is a rather sad reflection on the once-"cutting-edge" technology that is Java"

You kidding me? You're kidding me, right?

If a language was cutting-edge ten years ago, it's going to be pretty difficult for it to still be cutting-edge. Most "cutting-edge" developments turn out to be bullshit, and die a quiet death about a year after their hype, whereas Java is mainstream now. Your comment seems to imply that it's fallen on its arse. The various Java-based enterprise systems I use on a daily basis would tend to disagree.

@ Roger Heathcote

"I love it when Windows users claim they've never had a trojan. I mean how would they know?! Because their copy of Norton never mentioned it?!?"

Because alongside a basic anti virus package, I check for suspoious network connections every couple of weeks, check the packets that are coming in and out of my computer , scan with at least 2 different scans (online scans) each month and keep my system up to date with security patches.OH and i scan for spyware as well because at the moment that is more liekly to infect you it seems.

Boldly saying that the person can't have a clean system based on limited information about how the person is checking makes you look like an idiot.

@Steve Loughran

You:

".....the mac comes with a better version of Java than MS ship for Windows."

From the Article:

"There's no such requirement on Microsoft developers, since Sun provides Java fixes on that platform."

So MS don't actually ship a version for Windows, Sun do. I suspect that MS may well bundle what was the latest version at the time on install media and offer updates via Win update for those with the Java updater turned off, but I wouldn't know. I get my updates automagically from Sun.

I'm intrigued as to how exactly Apple's later interpretation of a Java release is always "better" than the vanilla Sun version.

Java is a Sun thing?

OK so you get the JRE from Apples sources but if its created by or in collaboration with Sun then perhaps the reason behind the lack of update lies outside apple. Its quite possible apple have got into MS's 'its our operating system but we dont have a clue how it works' mode (Samba had to tell them how their SMB worked) and Java is not simple so they cant work out how to mend it.

Java is part of OS X

"...This article is confused. JAVA is not part of the OS..."

It is, being Apple the one who maintains and distributes OS X' custom version.

NoScript

Firefox+NoScript=Sorted.

@TeeCee

"I'm intrigued as to how exactly Apple's later interpretation of a Java release is always "better" than the vanilla Sun version."

Maybe in the same way that IBM's and Blackdown's JVM on Linux are better than Sun's.

I don't know whether it is the case but those other 2 consistently manage to better Sun on Linux

@Mark

"Maybe in the same way that IBM's and Blackdown's JVM on Linux are better than Sun's."

Right, right, that must be why I always have to install the Sun JVM to stop memory problems, Eclipse grinding to a halt, etc.

@AC

"Because alongside a basic anti virus package, I check for suspoious network connections every couple of weeks, check the packets that are coming in and out of my computer , scan with at least 2 different scans (online scans) each month and keep my system up to date with security patches.OH and i scan for spyware as well because at the moment that is more liekly to infect you it seems."

I guess the economy depends on sad bastards like you.

@Greg

Shock headline: Java user defends Java! Meanwhile, the rest of the world carries on not caring. While I enjoyed your tangent, you appear to have missed my point entirely. The only reason for my "cutting-edge" reference was ironic (note sarcastic quotation marks), to suggest that it's always been lowest-common-denominator crap. HTML and ECMAScript were around before Java on the web, and have learned lots of fancy new tricks so they're even more relevant today; Java has undeniably 'fallen on its arse', as it thoroughly deserved to. It's left with a small niche in enterprise, of course – where infrastructure traditionally evolves at sub-glacial speeds.

I'm convinced it's time to have Java off by default for web browsers, and really to seriously consider whether it's worth including at all. I know the last time I used a Java applet was the late nineties.

@Andy

"Java has undeniably 'fallen on its arse', as it thoroughly deserved to. It's left with a small niche in enterprise, of course – where infrastructure traditionally evolves at sub-glacial speeds."

That's so wrong it's not even worth responding to.