More Java woes

[x BlueRobot]

They could always write a new language, or make an extension of an existing language, if no-one is able to 'fix' Java.

 

[HammerHead]

They

Yes "they" could write an entirely new app, or I am sure the existing one can be fixed. Whoever "they" is there has to be a motive (motive = $$).

 

[Solarstarshines]

Did anyone mention that the problems are only for the Java browser plugins and NOT from Java itself?
Disabling the browser support you forget about that, and yet have full Java runtime still available for programs that need it. Websites that need Java are minimal, and you can selectively enable the plugin for those sites if you trust them.
There is no need to be paranoid about a bug that existed many time ago probably.

I don't know anyone has mentioned this but at the same time why risk using any Java related applications
at this point it's not about Java itself being safe it is more of everything related to it has been compramised

Why would you even want to risk it especially if it's not even installed on your system ?

 

[Alejandro85]

I don't know anyone has mentioned this but at the same time why risk using any Java related applications
at this point it's not about Java itself being safe it is more of everything related to it has been compramised

Why would you even want to risk it especially if it's not even installed on your system ?

The news name it, not so clearly, but always point to the web plugins being buggy. But those are driving some people crazy, because in first place most of us don't know what Java is in the first place.

Java is just a RUNTIME, an engine made to run a specific set of applications that are programed based on it, period. This by itself don't imply anything security related. Problem is that Java applications can be used to write malware (like any other environment), or bugs can be found in any of its applications (like in any other environment). One of such buggy applications that might allow malware to be run is the web browser plugin that brings client-side Java apps embedded in web pages. If you disable those, you are effectively immune to the "menaces" named in the articles.

Also, websites using client-side Java are not that much, and one may chose to enable the plugins for those that you trust if you need it. But normal desktop applications are not affected at all by that, so there is no danger in itself (of course, the apps themselves CAN be viruses, like any other .exe).

Even if you're in "risk" by using the Java plugins, you can also rely on the habitual layered defenses suggested everywhere. Besides being paranoid, people can run an antivirus, a firewall, have UAC, limited user accounts, low integrity processes, NAT routers, sandboxing, and most important common sense, which all help mitigate risks.

I agree 100% in that, if there is no Java, there is no point in worrying, or rushing to install it if not needed. Like any other thing, keep it off your system until you really want and will use it.

 

[Borg 386]

Well, one thing is sure, there are millions of devices that use Java and at this point, short of coming up with a new compatible language for those, the only option is for Oracle to stop sitting on their asses and do something. I just don't see how they can be taking their time like this. For heaven's sake, the freaking Homeland Security dept told people to stop using the software. Wasn't that enough of a wake up call?

I really would like to see a scenario where suddenly Java was considered unnecessary (I know, not everyone needs it, but some, unfortunately do). If Oracle were to suddenly face a mass migration away from it's software, how fast do you suppose they would come up with a fix?