wow
First rule of desktop security is to remove Adobe Flash, Reader and all Java runtimes. As long as those malware portals are on your system if you ever connect to the internet you might as well assume your box is pwned.
A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle's Java patch schedule, it may be some time before a fix becomes widely available. The vulnerability is present in the Java Runtime Environment (JRE) version …
Well if you use Chrome you get flash sand boxed which is a decent compromise assuming you don't mind Google collecting data. Damned if you do somewhat. As for Java as mentioned virtually no non corporate desktop will notice its gone. Java has largely been a fail on the consumer desktop.
That's not really true any more. You lose a little bit from Flash, but not as much as you'd think. You can use an alternative PDF reader, too. Just keep it up to date (Secunia PSI is useful for some folks in this respect).
As for Java, since being exposed to twelve year-old minecraft bores on my Mumble server, I have never felt an urge to play it, and thus never missed Java on my desktop machines.
This post has been deleted by its author
thus why I said on consumer desktops/laptops. The corporate world is the main place it found its niche. Its not a bad language necessarily (although managed code in general is a joke imho) but the Snoracle VM implementation has always been sh_t. Java's biggest problem has always been its steward.
Very soon, no person in Denmark will be able to interact with a financial institution or the government via the internet without the use of Java. It is already more or less 100% true, but there are a few holes left.
Here in this little duck pond, JAVA is the ONLY GAME IN TOWN.
I think we are not the only ones on the planet having this shoved down our throats.
Or was that just a troll post? People want to do the things that are enabled by your so-called "malware portals".
I think the first rule of security ought to be that companies have some liability for their security failures. Not so bad as to bankrupt them, but at least a significant fraction coming from somewhere near the top. Since I really doubt that most companies could afford to pay for the damage their security incompetence causes, I think the best compromise would probably be to take a fraction of their after-tax profits to be distributed to their victims, where the fraction would go up or down mostly in response to the trends. In other words, delivering more secure software should have an impact on the bottom line.
Just to use the most extreme example of the most extreme abuse, I have to point at Microsoft. They have led the way in disavowing ANY financial liability for the SEVERE consequences of their LOW priority on security. Yes, they have improved in recent years, but other companies like Oracle have picked up the torch for security LAST. My own belief is that if Microsoft had paid for all the damage caused by flaws in their software, they would have gone bankrupt long ago, but their lawyers shucked all those costs on the victims.
Of course the punchline is that most of the victims never even got to choose Microsoft because Microsoft had deliberately destroyed the alternatives and because Microsoft was mostly selling to the computer makers, not the end users. You just use Microsoft because it was already there on your computer--and ditto the bugs and the suffering.
This post has been deleted by its author
i use nothing java (maybe pingtest.net but that's only for the packet loss part, do not really need pingtest.net to tell me my Virgin-media connection is dropping packets), i just unintsalled it my self
for Chrome users if you have Click to play ticked Plugins will not load unless you click on them to start them (Java, flash PDF files or Anything that is not native to chrome)
I have yet to see an online collaboration and conferencing tool which does not use java.
Microsoft netmeeting, WebEx, etc all are 100% java based.
On the positive side these are corporate gimmicks and can be whitelisted leaving the rest of the web javaless.
I really wasn't expecting to upset anyone! You guys are sensitive!
I haven't installed Java for the web for over 7 years.
I grant you that in a corporate environment it may well be required and an asset for maybe one or two apps, but in a domestic setting or a business environment where there is an alternative support method I just haven't seen a useful Java app for web. Clunky old IRC clients and Rich Text Editors don't count.
There is no place for Java on my PC and I also really hope that it will just go away one day as a development runtime for desktop OSs. I don't mind it running on mobile devices, but the way it behaves on desktop PCs is just annoying. That's not to mention that it's very slow, and that original idea of providing a truly cross platform solution didn't quite work out. Unfortunately too many universities still have programming classes that teach Java as introductory courses. Does anyone actually develop applets these days? Come on people, it is time to switch to either Flash or Silverlight. You can already take advantage of the microphone and web camera on Google Chrome using just HTML5. We need to keep supporting innovative promising technologies, not a 20 year old workaround.
I don't think Android can run Java Applets either. Linux? I haven't had a chance to run Silverlight on that OS, but I bet you can still use Flash for pretty much anything applets are capable of. In my recent experience, development of plugin applications is only needed if I have to access hardware (i.e. webcam), which is soon going to unnecessary with extensive HTML5 support. HTML5 and JavaScript backed by, say, Node.js, are more powerful than you probably think.
Unfortunately many things require java runtime. Many things. I certainly hope Oracle will see their way clear to temporarily ignore their policy at being against the world, and release a patch asap. You just can't hold the keys to something like java and take a few months to patch an existing exploit.
What high profile websites require Java to be enabled? When I last reinstalled my laptop I forgot to install Java and it was over a month before I noticed. I have never noticed Java's absence on my iPhone. Never. Not once.
Flash is going away too. While there are still plenty of videos that require flash on the web, sites that require it for navigation are becoming quite rare, and the videos are less numerous than they used to be. Now that Android can't run flash in the future, that abomination should quickly disappear from the web entirely, at least from any sites that ever hope to attract any mobile users at all.
It's a good thing cross platform stuff like Java and flash are going away, too, because anything that potentially provides a single attack that works against pretty much everything out there is a disaster waiting to happen. Java code has run in a sandbox since version 1.0, and it still isn't safe even now, so it's quite obvious it never will be. Good riddance.
Maybe someone will try again in the future, running the cross platform managed code in a VM, since they obviously can't be trusted to program a secure sandbox.
Flash may be going away, but, it is still extensively used, and not just for video or navigation. I've no idea what html5 is capable of, but, can it do what car manufacturers use Flash for? Go to most major manufacturers sites and Flash is there, and is very useful. Choose your model, paint colour, interior trim, wheels, and see a picture of your chosen car, in a 360 degree rotational model.
I don't know idea what those sites look like to those poor unfortunate souls who bought inferior devices incapable of running Flash, but, some of them look pretty damn good in all their Flash goodness.
"It's a good thing cross platform stuff like Java and flash are going away, too, because anything that potentially provides a single attack that works against pretty much everything"
How the picture will be better when cross-platform HTML 5 and HTML 5 Video are the standard?
The problem with Java and flash is that there is one single company with one single codebase that covers every implementation. If there is a security hole, it affects everyone.
HTML5 does not suffer from that issue, there are separate codebases for IE, Firefox, Safari and Chrome. An HTML5 bug in Firefox will not affect Chrome. An HTML5 bug in IE will not affect Safari. OK, Chrome also uses Webkit, so depending on what the bug is it might affect both Safari and Chrome, but at least that's not everyone.
This is important because if there is a bug announced tomorrow that affects every version of Java (rather than fortunately affecting only 1.7.x like this 0-day exploit) and you MUST run Java as some people here have reported they must, you are effectively screwed. If you MUST run HTML5 and there's a nasty 0-day in Firefox, you have the option to safely use IE or Chrome until Firefox is updated.
Not true, cross platform is a good idea BUT the machine specific environments, within which the cross platform software runs, need to be secure.
Developing once for many environments is a huge benefit for developers.
Sun need to make Java environments safe.