What do you do to minimize the security risks created by Java?

RomanZ

In my experience, two of the greatest risks to system security are Flash and Java. Flash has a pretty central place in web design, as those of use who have used iPads, iPhones and Android 2.1 or earlier are well aware. Hopefully the widespread use of Java will fall off now that Adobe has killed support for development of flash for mobile platforms and HTML5 is on the rise. Java, on the other hand, doesn't seem to be going anywhere and remains a popular vehicle for exploits. What do you do at your company to minimize the risks that are created by using Java?

Tags: Flash, HTML5, java
Topic: Security
Answer this Question

Answers

2 total
henyfoxe
Vote Up (30)

 

Java is a big issue, in my opinion.  Browser plug-ins are one of the favorite avenues for cyberattacks, and have been for a long time.  Fortunately, both Chrome and Firefox block out of date plug-ins, which definitely helps matters, at least with those two browsers.  Of all plug-ins, Java is most often used for exploits, in my experience.  Fortunately, there is a good way to minimize the risks of Java: remove Java completely.  There is almost no need for it, and most users will never even miss it.  If you use Chrome, you can use sandboxing to run Java in a secondary browser if you absolutely have to run it.  

 

BTW, apparently we aren't the only ones concerned about the vulnerabilities created by Java.  Mozilla is considering blocking the Java plug-in to help stop SSL attacks.It will be interesting to see if they follow through, and if so, whether there is a reaction from Firefox users.   

 

jimlynch
Vote Up (29)

I think it's a good idea to just get rid of both of them if you don't need them. I ranted about flash in a column a while back, and I still think it stinks.

Why Flash Sucks
http://jimlynch.com/en/2010/04/07/why-flash-sucks/

As far as Java goes, good riddance if you can just get rid of it. Neither of these things is really worth bothering with, given the security headaches (among other things).

So if you can remove them from your system(s) then more power to you. You're probably saving yourself a lot of aggravation in the long run.

Ask a question

Join Now or Sign In to ask a question.
An open-source project has released the first free application for the iPhone that scrambles voice calls, which would thwart government surveillance or eavesdropping by hackers.
Symantec's Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company.
Now that BlackBerry has fallen significantly behind Apple and Google in the race to offer features and third-party apps for its smartphones, the company is concentrating on providing devices that, it claims, have the strongest available security -- the killer feature for the enterprise.
Today's hotels are unfortunately vulnerable to types of attempted fraud. Here's how to keep data safe when you travel.
U.S. Senator Patrick Leahy has introduced a new version of a bill to rein in the National Security Agency's bulk collection of U.S. phone records in an effort to strengthen legislation that passed the House of Representatives this year.
The IT infrastructure of the National Research Council of Canada was recently compromised by highly sophisticated Chinese state-sponsored hackers, the Canadian government said Tuesday.
The majority of Android devices currently in use contain a vulnerability that allows malware to completely hijack installed apps and their data or even the entire device.
U.S. and EU privacy and consumer groups called on privacy regulators to stop Facebook's plans to gather the Internet browsing patterns of its users while they visit other sites.
A configuration problem in Facebook's popular Instagram application for Apple devices could allow a hacker to hijack a person's account if they're both on the same public Wi-Fi network.
Questions abound over sites authenticating users via identities established through social networks, Yahoo Ponemon Institute survey shows.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness