Is Java Safe and Do I Need It? - Comments Page 1
Posted by:
|
According to the latest articles I'm reading, the update issued by Oracle on Sunday only fixes 2 vulnerabilities, which still leaves PCs vulnerable to attack by hackers intent on committing cyber crimes. When some security consultants are advising businesses to remove Java from the browsers of all employees except for those who absolutely need to use the technology for critical business purposes, you have to ask, "Is it really worth the risk to use Java right now?" |
Posted by:
|
Quoted from MercuryNews: BOSTON -- Oracle (ORCL) released an emergency update to its Java software for surfing the Web on Sunday, but security experts said the update fails to protect PCs from attack by hackers intent on committing cyber crimes. Now what? EDITOR'S NOTE: As I said in the article, you can disable it completely, or keep it active only in a secondary browser. |
Posted by:
|
Aren't the "classic" security precautions enough? I think that being careful about the sites you visit and the links you click, and of course, keeping a good antivirus software enabled, should keep most security holes covered. Of course, I can be terribly wrong. So what do you think? Are those security flaws in Java "broadcasting" themselves to the "mischief community" out there? (I use Java as a development tool, so I'm forced to keep it on) |
Posted by:
|
Thanks for the information on Java, it was very informative. I appreciate it. |
Posted by:
|
It is my understanding that java and javascript are two different things. Correct? Seems to be a lot of confusion generated over the two. EDITOR'S NOTE: They are quite different. See http://askbobrankin.com/is_javascript_the_same_as_java.html |
Posted by:
|
I recently downloaded MP3 Rocket to try - apart from installing the Ask toolbar and updater (and the changes it made to my firewall settings) it also plonked 160mb worth of Java on my system. MP3 Rocket may be a good program but I'll never know as I removed the lot immediately, it's hard enough staying clean as it is without that malware sponge. |
Posted by:
|
As an example, you suggest enabling Java in Internet Explorer, and only using it when needed. Internet Explorer itself sometimes has unpatched security holes. I would suggest not ever using Internet Explorer, unless a particular web site requires it. It you need to run Java, run it with a different web browser. This is particularly true if you are still running Windows XP and can't use the latest version of Internet Explorer. EDITOR'S NOTE: All browsers have unpatched security holes. IE is at least as secure as any of the other majors. (I might have said differently 8 or 10 years ago, but things have changed for the better with IE.) |
Posted by:
|
You forgot to mention that there are computer based (i.e. not on the Internet) applications that require Java. I know because, when I uninstalled Java, one of my PC programs stopped working. Since I don't need Java in my browser, I reinstalled Java but disabled it in my browsers. Now my PC application is happy! |
Posted by:
|
I keep getting a pop up that says "Java Scrips has crashed" Most of the time I can continue with no problem but sometimes my computer locks up Is that related to the Java?? EDITOR'S NOTE: I assume you mean "JavaScript". No relation to Java, despite the similar name. |
Posted by:
|
Bob, slight change for Firefox direction In Firefox, click the Firefox button, or open the Tools menu. thank you for giving us an easy way to manage this. EDITOR'S NOTE: Good catch, fixed now! |
Posted by:
|
I really think you should address Stuart's point in the article. The majority of Java development today has very little to do with web applets. Most Java development is for server side (JSP and the likle, which the common user won't see anyway) but also, more importantly, for desktop applications. As an example, some major parts of Libre Office require Java, and all of ThinkFree Office. Disabling Java in your browser does not disable Java on your computer. |
Posted by:
|
I think your statement, "If you are sure that you never use any websites that need Java ..." is wrongly stated. We shouldn't require users to know what a website uses. A better statement would be, "*Unless* you know a website you use requires Java, uninstall it." That is the safest route. If one encounters a website that needs Java, it will tell you; then make the decision whether that function is important enough for you to install Java *and* keep it updated. For me, the answer has always been no but YMMV. |
Posted by:
|
I use XP and IE. I searched for Java and there were so many items and I am not that PC literate that I didn't dare delete any of them and don't know how to just disable them in case I needed to put them back on. I will download the "partial" fix you noted but I guess I just hope for the best after that. |
Posted by:
|
My bank uses Java for their security program, you have to have Java to enter your password which is from a random arrangement on screen number pad and the letters from your keyboard. How could I get along without Java? |
Posted by:
|
Thanks for the correction and reply about Java Scrip. Now can you tell me what JavaScrip is, do I need it and if I don't how do I get rid of it and if I need it how do I fix it so it doesn't "crash" |
Posted by:
|
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422 Last revised:01/17/2013 NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. |
Posted by:
|
After the recent Government warning on Java, I decided to take Java off each of my 7 computers. I've had NO problems until today. Today, I read a report that said that UPnP devices can be easily attacked, and that they should be disabled. I then found an application called "Scan Now for UPnP" described like this ... "The free scanner checks whether your network-enabled devices might be vulnerable to attack through the UPnP protocol. Find out if you might be one of the millions of users at risk through these vulnerabilities and what steps you can take to reduce risk", so I downloaded it and attempted to execute it. The result was an error message that I needed Java to run it and a link to Suns Java download page. BOOOOOOOOOOOO !!!!! EDITOR'S NOTE: I've addressed this conundrum in a subsequent article: http://askbobrankin.com/security_alert_universal_plug_and_play_vulnerability.html |
Posted by:
|
Why should I trust you telling me to use Java if your webpage has an ad for MacKeeper on it? You're very clearly full of crap. EDITOR'S NOTE: I'd reply to you personally, but you entered "nope@nope.com" as your address. So I'll talk about this here. First, I recommend that you read this article (http://www.cultofmac.com/170522/is-mackeeper-really-a-scam/) for a balanced view of the MacKeeper controversy. It appears to me that some of the criticism is undeserved, and possibly orchestrated by a competitor. Second, I don't decide what ads appear on the page. They are automatically selected based on contextual relevance and user-based factors. I don't see any Mac-related ads when I view the page. But since you have an Intel Mac running Safari on OS X 10.7.5, that makes it much more likely that you'll see ads for Mac products. And third, I didn't actually tell you to use Java! In fact, I discouraged it. |
Posted by:
|
I use Frontpage 2002 for our company's website (old I know, but that's the way it is) and this week changed my buttons to be hover buttons. My work computer ran it just fine. Now I have discovered that apparently you must have java on your computer for these to work. My laptop (using Chrome) asked to use java and I said yes. My home PC however will not display the buttons because I don't have java on it. Now I have to figure out if the hover buttons (which looks so cool to me) are worth it if our customers don't have java. |
Posted by:
|
This always confuses me. I don't have just "java" or "java script" but rather: |
Read the article that everyone's commenting on.
To post a comment on "Is Java Safe and Do I Need It?"
please return to that article.
Need More Help? Try the AskBobRankin Updates Newsletter. It's Free! |
Prev Article: Geekly Update - 09 January 2013 |
|
Next Article: Geekly Update - 16 January 2013 |
Link to this article from your site or blog. Just copy and paste from this box: |
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter About Us Privacy Policy RSS/XML |
(Read the article: Is Java Safe and Do I Need It?)