[LINK] Security problems with Java in browsers

Fernando Cassia fcassia at gmail.com
Tue Sep 18 03:17:15 AEST 2012


On Mon, Sep 17, 2012 at 12:16 PM, Robin Whittle <rw at firstpr.com.au> wrote:

> (looks really complex):
>

It isn´t. Just install the Preferences Toolbar (prefbar.mozdev.org), or the
NoScript Firefox extension and you can "Whitelist" Java (along with
JScript) on those sites that need it, and disable it on all others.


> Unless there is a clear need for it, it may be easier to uninstall Java
> from the computer entirely.
>

This is complete FUD. Java is more than a browser plug-in (which BTW, is
used for things like Intel´s driver update software, "powered by
SystemRequirements", some on-line banking secure log-in and other useful
sites like KeepVid.com to download youtube videos).

It´s curious how every patch tuesday there´s "critical security updates"
coming down the wire from WindowsUpdate for components like ActiveX and
Microsoft´s .Net, yet there´s not a single headline this year suggesting
users "remove .Net completely".

For instance, on my machine I run several Java apps on a daily basis,
including  Jitsi (open source VOIP, video-conferencing and Skype-killer)
www.jitsi.org, muCommander (http://ho.io/mucommander), Java Image Editor,
and ocassionally Art of Illusion (raytracing/3D), Freemind (mind mapper
software), Sweet Home 3D (floor planning, home design).

Interesting how the scaremongering headlines appeared shortly after this:

Oracle has been good to Java, despite early fears
http://www.infoworld.com/t/java-programming/oracle-has-been-good-java-despite-early-fears-200200

And these stream of positive events:

-Oracle makes OpenJDK 7 the reference implementation of Java7

-All Linux distros ship OpenJDK
http://www.java7developer.com/blog/?p=361

-IBM joins OpenJDK
http://www.infoq.com/news/2010/10/ibm-joins-openjdk

-Apple contributes its OSX JRE code to OpenJDK
http://9to5mac.com/2011/01/12/openjdk
-code-lands-as-mac-port-project-springs-to-life/

-Twitter joins OpenJDK
https://dev.twitter.com/blog/twitter-open-source-and-jvm

-Oracle decides to offer Java 7 JREs for Apple OS X
http://www.macrumors.com/2012/08/14/oracle-officially-launches-java-se-7-for-os-x/

-In 2012, Java continues to be among the top-3 programming languages
according to TIOBE index, despite a campaign of previous FUD articles like
this:

http://www.businessweek.com/stories/2005-12-12/java-its-so-nineties

And third-party languages for the Java VM have skyrocketed, thanks to
Java7's support for dynamic languages:

http://java.sun.com/developer/technicalArticles/DynTypeLang/

http://en.wikipedia.org/wiki/List_of_JVM_languages

I guess Microsoft' s anti-Java campaign never actually ended after all:
http://ho.io/sunblock

And someone in Redmond must be laughing out loud.

Corolary: If the high-profile web sites you visit daily are infected with
malware, you have bigger problems to begin with.... today could be Java,
tomorrow could be Flash or ActiveX based...

FC
-- 
During times of Universal Deceit, telling the truth becomes a revolutionary
act
- George Orwell



More information about the Link mailing list