Java jockeys join Flash fans in the 0-day exploit club Trend Micro has issued predictable-but-sensible advice that Java should be switched off, because there's a zero-day being exploited in the wild. Trend malware researchers Brooks Li and Feike Hacquebord said the exploit will hose systems running the latest Java platform. Because there's no patch, they added users should disable …
On my latest Windows 7 (yes!) laptop, I installed neither Java nor Flash. The Web looks much better without all the Flash ads. Youtube works fine on HTML5. So do most news sources where I sometime watch a video. And I do not need to update both every second week.
Is my life too boring?
You may need to use some damned software written in Java. Take Dell iDRAC. Its remote console lets you choose between ActiveX and Java. Sure, I use a "third" browser dedicated to them, but still you need Java installed, or get a separated KVM (hoping it won't use Java too), or walk/drive/fly to the local console anytime you need to perfrom something which requires "direct" access to the machine.
vSphere vCenter uses Flash, and you may need it installed as well. Bad choices? Sure - just you have no control upon them.
Your life may not be boring, but if all of yours IT needs is YouTube and news, maybe it's not a true IT life...
I now understand why I had problems installing WebEx. However at the webmeeting site there was a link to a "temporary" WebEx installation that did work. So apparently there is a Java free version.
With Java, if you must install it then at least change the browser plug-in to "Never activate". It is possible, at least with Firefox.
PS. Luckily, I do my coding in C++ with no Java attached.
Annoyingly, even though I don't have to develop in Java, being a tramp, I do have to have it installed on my home PC, because my employers remote connectivity requires it. And not just that its there, but that security is disabled while running their applets. You can only imagine how happy I am about that.
The Trend Micro report, el Reg's cut-n-paste of it, and the comments above show considerable ignorance about Java. The vulnerability is in the Java plugin, a shim that allows applets to run in the browser which uses the crappy old NPAPI (Netscape plugin API) that is being culled from the major web browsers. The Java VM itself is not remotely exploitable - all you need to do is disable the plugin itself. I know having ambiguously or plain wrong headlines is a good click bait, but you're doing your less savvy readers a disservice and boosting the egos of the likes of Trend Micros researchers, who seem to mostly spend their time perusing script kiddie forums and posting "after the fact" reports on exploits found by others.
Amen to that.
Here we go again...
El Reg, repeat after me:
"Articles on Java MUST make it clear ALWAYS if they are referring to the JDK/JRE or the Java web browser plug-in. These are NOT the same thing."
And yes, there are (still) applications out there which do not run in a web browser.
Thank you.
At this point, we can only hope that Minecraft stays on Java .....
I wouldn't worry. Microsoft spent several billion dollars to demonstrate their faith in the game. As a fairly inviolable rule you can guarantee that whenever Microsoft invests billions, the company or product is doomed. So there won't be anything worth porting....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
