Is Java Safe and Do I Need It? - Comments Page 1

Category: Security




(Read the article: Is Java Safe and Do I Need It?)

All Comments on: "Is Java Safe and Do I Need It?"

Comment Page: 1 |  2 

Posted by:

Beth
14 Jan 2013

According to the latest articles I'm reading, the update issued by Oracle on Sunday only fixes 2 vulnerabilities, which still leaves PCs vulnerable to attack by hackers intent on committing cyber crimes. When some security consultants are advising businesses to remove Java from the browsers of all employees except for those who absolutely need to use the technology for critical business purposes, you have to ask, "Is it really worth the risk to use Java right now?"

Posted by:

olamoree
14 Jan 2013

Quoted from MercuryNews: BOSTON -- Oracle (ORCL) released an emergency update to its Java software for surfing the Web on Sunday, but security experts said the update fails to protect PCs from attack by hackers intent on committing cyber crimes. Now what?

EDITOR'S NOTE: As I said in the article, you can disable it completely, or keep it active only in a secondary browser.

Posted by:

Martin
14 Jan 2013

Aren't the "classic" security precautions enough? I think that being careful about the sites you visit and the links you click, and of course, keeping a good antivirus software enabled, should keep most security holes covered. Of course, I can be terribly wrong. So what do you think? Are those security flaws in Java "broadcasting" themselves to the "mischief community" out there? (I use Java as a development tool, so I'm forced to keep it on)

Posted by:

George
14 Jan 2013

Thanks for the information on Java, it was very informative. I appreciate it.

Posted by:

Geo
14 Jan 2013

It is my understanding that java and javascript are two different things. Correct? Seems to be a lot of confusion generated over the two.

EDITOR'S NOTE: They are quite different. See http://askbobrankin.com/is_javascript_the_same_as_java.html

Posted by:

Bob in Spain
14 Jan 2013

I recently downloaded MP3 Rocket to try - apart from installing the Ask toolbar and updater (and the changes it made to my firewall settings) it also plonked 160mb worth of Java on my system. MP3 Rocket may be a good program but I'll never know as I removed the lot immediately, it's hard enough staying clean as it is without that malware sponge.

Posted by:

Joseph B Fischer
14 Jan 2013

As an example, you suggest enabling Java in Internet Explorer, and only using it when needed. Internet Explorer itself sometimes has unpatched security holes. I would suggest not ever using Internet Explorer, unless a particular web site requires it. It you need to run Java, run it with a different web browser. This is particularly true if you are still running Windows XP and can't use the latest version of Internet Explorer.

EDITOR'S NOTE: All browsers have unpatched security holes. IE is at least as secure as any of the other majors. (I might have said differently 8 or 10 years ago, but things have changed for the better with IE.)

Posted by:

Stuart Berg
14 Jan 2013

You forgot to mention that there are computer based (i.e. not on the Internet) applications that require Java. I know because, when I uninstalled Java, one of my PC programs stopped working. Since I don't need Java in my browser, I reinstalled Java but disabled it in my browsers. Now my PC application is happy!

Posted by:

Kay
14 Jan 2013

I keep getting a pop up that says "Java Scrips has crashed" Most of the time I can continue with no problem but sometimes my computer locks up Is that related to the Java??

EDITOR'S NOTE: I assume you mean "JavaScript". No relation to Java, despite the similar name.

Posted by:

Ed
14 Jan 2013

Bob, slight change for Firefox direction

In Firefox, click the Firefox button, or open the Tools menu.
Select Add-ons Choose the Plugins tab, select the Java plugin(s) and click disable.

thank you for giving us an easy way to manage this.
ed

EDITOR'S NOTE: Good catch, fixed now!

Posted by:

Jim
14 Jan 2013

I really think you should address Stuart's point in the article. The majority of Java development today has very little to do with web applets. Most Java development is for server side (JSP and the likle, which the common user won't see anyway) but also, more importantly, for desktop applications. As an example, some major parts of Libre Office require Java, and all of ThinkFree Office.

Disabling Java in your browser does not disable Java on your computer.

Posted by:

bb
14 Jan 2013

I think your statement, "If you are sure that you never use any websites that need Java ..." is wrongly stated. We shouldn't require users to know what a website uses. A better statement would be, "*Unless* you know a website you use requires Java, uninstall it." That is the safest route. If one encounters a website that needs Java, it will tell you; then make the decision whether that function is important enough for you to install Java *and* keep it updated. For me, the answer has always been no but YMMV.
Keeping it around "just in case" (remembering that you'll also have to keep it updated) is not a good decision.
Finally, not updating Java is *bad*! Lots of current bad malware is Java-based - because Java is so powerful and functional. As soon as a Java vulnerability is found, all the current malware 'kits' are updated and yet another way to exploit your computer is published. Driving an un-patched PC on the Internet is like driving without a seatbelt. Do you really want a random website be able to run any program on your PC?
-bb

Posted by:

Beverly
14 Jan 2013

I use XP and IE. I searched for Java and there were so many items and I am not that PC literate that I didn't dare delete any of them and don't know how to just disable them in case I needed to put them back on. I will download the "partial" fix you noted but I guess I just hope for the best after that.

Posted by:

Art Sulenski
15 Jan 2013

My bank uses Java for their security program, you have to have Java to enter your password which is from a random arrangement on screen number pad and the letters from your keyboard. How could I get along without Java?

Posted by:

kay
15 Jan 2013

Thanks for the correction and reply about Java Scrip. Now can you tell me what JavaScrip is, do I need it and if I don't how do I get rid of it and if I need it how do I fix it so it doesn't "crash"
Thanks so much

Posted by:

Mario
20 Jan 2013


I found that other versions of Java, like Java 6, are NOT vulnerable. I am using Java 6, so this not a problem for me, at least for now. See below:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422

Last revised:01/17/2013

NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks.

Posted by:

Russell Coover
30 Jan 2013

After the recent Government warning on Java, I decided to take Java off each of my 7 computers. I've had NO problems until today. Today, I read a report that said that UPnP devices can be easily attacked, and that they should be disabled. I then found an application called "Scan Now for UPnP" described like this ... "The free scanner checks whether your network-enabled devices might be vulnerable to attack through the UPnP protocol. Find out if you might be one of the millions of users at risk through these vulnerabilities and what steps you can take to reduce risk", so I downloaded it and attempted to execute it. The result was an error message that I needed Java to run it and a link to Suns Java download page. BOOOOOOOOOOOO !!!!!

EDITOR'S NOTE: I've addressed this conundrum in a subsequent article: http://askbobrankin.com/security_alert_universal_plug_and_play_vulnerability.html

Posted by:

nope
11 Apr 2013

Why should I trust you telling me to use Java if your webpage has an ad for MacKeeper on it? You're very clearly full of crap.

EDITOR'S NOTE: I'd reply to you personally, but you entered "nope@nope.com" as your address. So I'll talk about this here. First, I recommend that you read this article (http://www.cultofmac.com/170522/is-mackeeper-really-a-scam/) for a balanced view of the MacKeeper controversy. It appears to me that some of the criticism is undeserved, and possibly orchestrated by a competitor.

Second, I don't decide what ads appear on the page. They are automatically selected based on contextual relevance and user-based factors. I don't see any Mac-related ads when I view the page. But since you have an Intel Mac running Safari on OS X 10.7.5, that makes it much more likely that you'll see ads for Mac products.

And third, I didn't actually tell you to use Java! In fact, I discouraged it.

Posted by:

SheilaScribbles
24 May 2013

I use Frontpage 2002 for our company's website (old I know, but that's the way it is) and this week changed my buttons to be hover buttons. My work computer ran it just fine. Now I have discovered that apparently you must have java on your computer for these to work. My laptop (using Chrome) asked to use java and I said yes. My home PC however will not display the buttons because I don't have java on it.

Now I have to figure out if the hover buttons (which looks so cool to me) are worth it if our customers don't have java.

Posted by:

bob price
26 Jun 2013

This always confuses me. I don't have just "java" or "java script" but rather:
Java Deployment Toolkit
and
Java (TM) Platform SE
Which is the java you are referring? Or neither?

Comment Page: 1 |  2 

Read the article that everyone's commenting on.

To post a comment on "Is Java Safe and Do I Need It?"
please return to that article.

Send this article to a friend. Jump to the Comments section. Buy Bob a Snickers. Or check out other articles in this category:





Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!

Prev Article:
Geekly Update - 09 January 2013
Send this article to a friend
The Top Twenty
Next Article:
Geekly Update - 16 January 2013

Link to this article from your site or blog. Just copy and paste from this box:


Free Tech Support -- Ask Bob Rankin
RSS    
Subscribe to AskBobRankin Updates: Free Newsletter

Privacy Policy