What do you do to minimize the security risks created by Java?

RomanZ
RomanZ 1 year ago

In my experience, two of the greatest risks to system security are Flash and Java. Flash has a pretty central place in web design, as those of use who have used iPads, iPhones and Android 2.1 or earlier are well aware. Hopefully the widespread use of Java will fall off now that Adobe has killed support for development of flash for mobile platforms and HTML5 is on the rise. Java, on the other hand, doesn't seem to be going anywhere and remains a popular vehicle for exploits. What do you do at your company to minimize the risks that are created by using Java?

Tags: Flash, HTML5, java
Topic: Security
Answer this Question

Answers

2 total
jimlynch
jimlynch 1 year ago
Vote Up (8)

I think it's a good idea to just get rid of both of them if you don't need them. I ranted about flash in a column a while back, and I still think it stinks.

Why Flash Sucks
http://jimlynch.com/en/2010/04/07/why-flash-sucks/

As far as Java goes, good riddance if you can just get rid of it. Neither of these things is really worth bothering with, given the security headaches (among other things).

So if you can remove them from your system(s) then more power to you. You're probably saving yourself a lot of aggravation in the long run.

henyfoxe
henyfoxe 1 year ago
Vote Up (8)

 

Java is a big issue, in my opinion.  Browser plug-ins are one of the favorite avenues for cyberattacks, and have been for a long time.  Fortunately, both Chrome and Firefox block out of date plug-ins, which definitely helps matters, at least with those two browsers.  Of all plug-ins, Java is most often used for exploits, in my experience.  Fortunately, there is a good way to minimize the risks of Java: remove Java completely.  There is almost no need for it, and most users will never even miss it.  If you use Chrome, you can use sandboxing to run Java in a secondary browser if you absolutely have to run it.  

 

BTW, apparently we aren't the only ones concerned about the vulnerabilities created by Java.  Mozilla is considering blocking the Java plug-in to help stop SSL attacks.It will be interesting to see if they follow through, and if so, whether there is a reaction from Firefox users.   

 

Answer this Question

Related Questions

jdixon
jdixon
24 weeks ago
How can I convert my company's Flash-based website to work on the iPad?

Apple's IOS-based devices (iPad, iPhone, and iPod Touch) can't read Adobe Flash, and we would like for our website to be available to...

Tags: Conversion, Converter, Flash, HTML5
7 Answers
Answer It
rcook12
rcook12
1 year ago
With Flash for mobile already going away, what's to keep the same thing from happening to Silverlight?

Ok, so by now we all know Steve Jobs was right about Flash for mobile platforms, even though I didn't believe Adobe would give up on it...

Tags: Flash, HTML5, silverlight
2 Answers
Answer It
henyfoxe
henyfoxe
1 year ago
How did HTML5 become so dominant in web development?

We've seen the demise of Adobe's Flash format for mobile devices and questions about Miscrosoft's Silverlight, and it seems that HTML5...

Tags: Adobe, Flash, HTML5, silverlight
3 Answers
Answer It
dvarian
dvarian
38 weeks ago
Have you disabled java on all your machines?

Another day, another java exploit. A new browser based exploit apparently lets attackers execute arbitrary code on client systems, and...

Tags: exploit, java, JRE, malware
2 Answers
Answer It
dniblock
dniblock
18 weeks ago
Should Android users worry about Java?

The US Government's security warning about Java on computers has been widely reported at this point, but I can seem to find what that...

Tags: android, java, security warning
2 Answers
Answer It

Ask a question

Join Now or Sign In to ask a question.
Google to lengthen SSL encryption keys from August
Google plans to upgrade the security of its SSL (Secure Sockets Layer) certificates, an important component of secure communications.
Microsoft brushes off claim Xbox Live accounts were compromised
Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service.
Could the Bitcoin network be used as an ultrasecure notary service?
Manuel Araoz, a 23-year-old developer in Argentina, has an idea for Bitcoin that doesn't focus on money.
U.S. urged to let companies 'hack-back' at IP cyber thieves
U.S. companies should be allowed to take aggressive countermeasures against hackers seeking to steal their intellectual property, contends the private Commission on the Theft of American Intellectual Property.
Researchers find more versions of digitally signed Mac OS X spyware
Security researchers have identified multiple samples of the recently discovered "KitM" spyware for Mac OS X, including one dating back to December 2012 and targeting German-speaking users.
SoftBank said to be in talks with US to allay national security fears
The U.S. government is in negotiations with SoftBank for greater control over equipment purchases by Sprint Nextel and the selection of one of the Japanese company's nominee to the U.S. carrier's board, according to a news report.
Twitter aims to become safer with two-step sign-in
Twitter, in a much-needed move to keep its users safer from cyberattacks, is introducing a more secure login process.
Growing mobile malware threat swirls (mostly) around Android
Mobile devices are getting hit by a boom in malware similar to the one that hit PCs starting with the rise of the Web, a security software executive said Tuesday.
Blue Coat Systems to acquire security analytics firm Solera Networks
Blue Coat Systems, a provider of Web traffic filtering and business assurance products and services, plans to buy security analytics specialist Solera Networks, which uses data mining techniques to classify network traffic and detect potential security threats.
New Citadel malware variant targets Payza online payment platform
A new variant of the Citadel financial malware is targeting users of the Payza online payment platform by launching local in-browser attacks to steal their credentials, according to researchers from security firm Trusteer.

Most Active Members

jimlynch

jimlynch

0 questions | 1603 answers

TRUSTED VOICE
Christopher Nerney

Christopher Nerney

2 questions | 180 answers

becker

becker

43 questions | 92 answers

TRUSTED VOICE
wstark

wstark

41 questions | 70 answers

lsmall

lsmall

14 questions | 87 answers

TRUSTED VOICE
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+