This discussion is archived
7 Replies Latest reply: Mar 17, 2013 12:56 PM by 939520 RSS

Java security

996767 Newbie
Currently Being Moderated
I wasn't sure where to go to ask this, but here I am

I run a small IT support service, plenty of clients are getting advice online about turning off java for all the security breaches (exploits) and ask my advice as well.

what is the thinking on this, should I be supporting them in turning it off? We sure do see a lot of viruses through this vector
  • 1. Re: Java security
    EJP Guru
    Currently Being Moderated
    You do? I've never seen one in 16 years. What you should be doing is encouraging them to the latest upgrade.
  • 2. Re: Java security
    996767 Newbie
    Currently Being Moderated
    you've got to be kidding me. This is such an ignorant reply. I can see I am in the wrong forums here.
  • 3. Re: Java security
    EJP Guru
    Currently Being Moderated
    It's more of a question than a reply. Do you have an answer? or just an attitude?

    What is truly ignorant here is even thinking that it's feasible to just decommission a major piece of the world's computing infrastructure, rather than being professional and informing yourself about the costs risks and benefits. MS.DOS and its successor Windows products have been subject to virus exploits for over thirty years, but I don't see anyone rushing to decommission them.

    It is also unprofessional, not to mention ignorant, to overreact to part of an answer and completely ignore the other part. The part that answers your question.
  • 4. Re: Java security
    Kayaman Guru
    Currently Being Moderated
    993764 wrote:
    you've got to be kidding me. This is such an ignorant reply.
    "Make sure you have the latest version" was an ignorant reply?
    I can see I am in the wrong forums here.
    Well since you're not a Java developer, yes you are. Maybe there's a forum for you IT support people, where you can share your non-ignorant expert opinions :D
  • 5. Re: Java security
    gimbal2 Guru
    Currently Being Moderated
    Kayaman wrote:
    993764 wrote:
    you've got to be kidding me. This is such an ignorant reply.
    "Make sure you have the latest version" was an ignorant reply?
    Guess I'll be happy to be ignorant then, because ignorance apparently means being correct.
  • 6. Re: Java security
    893253 Explorer
    Currently Being Moderated
    Java is VIRUS-FREE. Remember this and tell to your friend as well. As you are from IT Support you should follow below links:

    http://www.java.com/en/download/help/cache_virus.xml

    http://www.java.com/en/download/help/virus.xml
  • 7. Re: Java security
    939520 Explorer
    Currently Being Moderated
    Is this a private flame war or can anyone join? ;)

    Anyway, I believe the issue with Java running on the browser is the use of applets. I'm a Java developer and I never use them due to security issues (which may have since been addressed, aside form the most recent exploits). I use JSP, JSF, HTML5 (eventually), or similiar technologies for the front end instead, with Java on the backend server.

    Any software running on the client is subject to hacks. That doesn't mean it necessarily shouldn't be used, but should be suspect when sending data to/from your server. There are ways of handling that such as (re)validating all input from the user back on the server. As for letting a signed applet run on your client machine, you need to be sure you can trust the source. I believe the vast bulk of Java web applications do not use applets. Its unfortunate that Oracle was so slow in addressing this recent security issue. At home, I have two computers. One for general internet surfing, the other for business transactions and the like (both have anti virus software kept up-to-date). That way, I'm better protected.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points