Why are there so many issues with Java?

delia25
delia25 20 weeks ago

It seems that whenever there is a zero day vulnerability, there is a better than even chance that it will have something to do with Java. What is it about Java that makes it so prone to security threats? Oracle isn't exactly some start-up operating out of a garage, you would think they would have this Java thing figured out by now.

Tags: java, Oracle, zero day exploit
Topic: Security
Answer this Question

Answers

5 total
rtrembley
rtrembley 20 weeks ago
Vote Up (9)

The way Java is constructed includes what they call the "Security Manager", which is intended to restrict applications to running in the Java sandbox. This is a major part of the problem, somewhat ironically, because Security Manager has a number of interconnected subsystems that have repeatedly allowed exploits to bypass it and gain access to the machine running Java. The issue, or at least part of it, is the way that all of the subsystems interact make it much harder to correct than it would be to fix a single flaw, partially because of unintended consequences that can result in changes made to one subsystem to fix one flaw may open up a new potential exploit through a different subsystem. Also Oracle doesn't play well with others, and won't work with people outside of the company to attack flaws, so they do everything in a bit of a vacuum.

 

I am so sick of Oracle trying to install unwanted junk like tool bars and add-on with every update that I'm done with Java anyway. I really, really don't want an Ask Toolbar, and I don't want to have it installed by default unless I opt-out EVERY SINGLE UPDATE! Grrrrrrrrr! Ars has a harsh article on this very topic today, in fact. 

jimlynch
jimlynch 20 weeks ago
Vote Up (7)

Here's an article that explains how to disable Java altogether. Probably a good idea for most people.

Java is Insecure and Awful, It’s Time to Disable It, and Here’s How
http://www.howtogeek.com/122934/java-is-insecure-and-awful-its-time-to-d...

"As usual, there’s yet another security hole in the Java Runtime Environment, and if you don’t disable your Java plugin, you’re at risk for being infected with malware. Here’s how to do it.

Security holes are nothing new, but in this case, the security hole is really bad, and there’s no telling when Oracle will get around to fixing the problem. Plus, how often do you really need Java while browsing the web? Why keep it around?"

Bill Anderson
Bill Anderson 20 weeks ago
Vote Up (6)

Well with most all applications in the world running on JAVA there are inevitably going to be problems that arise. So folks go ahead and disable Java in your browsers and while your at it throw your cell phones, PDA's and all the other " fun things " you have at your disposal away. This includes your XBOX 360 and your playstations that are running all those "cool games that include Java libraries that you know nothing about.  Yes, trash the cable TV box too flawed Java is what brings all those channels to you in HD.

 

And while your at it get rid of that internet router. It also runs on Java. Oh yea you will also need to close that bank account. Most banking applications run on Java also. You will also need to get rid of that debit and credit card, Java reads it when you swipe. 

 

 

Alas, now you can pitch your tent and go to the woods. That is what you will have left. Of course, then you will be vunerable to bear and the like. 

 

But yea, Oracle knows nothing about JAVA technology, right?

rtrembley

rtrembley 20 weeks ago

While I think you make a good point about the prevalence of Java, you are comparing apples (small A) and oranges a little. Java running in a browser is not the same thing as Javascript or Java Card. Also, while the Android SDK uses Java, so apps are written in Java, the phone itself is using Dalvik instead of Java Virtual Machine, and is not vulnerable in the same way as a machine with Java SE 7 running in the browser.  I agree with you that Java is widely used, and is widely useful. However, in the context of use in a browser, which I inferred from the original question because of the use of the term "zero day vulnerability" and the well publicized security weaknesses of Java SE 7 the picture is not so rosy, and there is little compelling reason to continue to use it.  

Agili Ron
Agili Ron 20 weeks ago
Vote Up (3)

Hello Friends,

Java is a popular programming language that is used to develop games, applications, and utilities  that are found on the Internet, cell phones, and other digital devices. There are thousands of other programming languages out there, such as C, C++, HTML, ColdFusion, Python, Flash, PHP, Visual Basic, and more, but Java has gained popularity in the last few years because it will work on many different kinds of computers.
The same reason that there are frequent updates for the Flash player. Because these applications are installed on so many computers around the world, and because they are cross-platform, they are extremely vulnerable to security risks. They are frequently targeted by hackers and other cyber criminals, so Sun Microsystems is constantly trying to stay one step ahead of the bad guys.

Thanks and Regards,
Agili Ron

agiliron.com

Answer this Question

Related Questions

RomanZ
RomanZ
1 year ago
What do you do to minimize the security risks created by Java?

In my experience, two of the greatest risks to system security are Flash and Java. Flash has a pretty central place in web design, as...

Tags: Flash, HTML5, java
2 Answers
Answer It
dthomas
dthomas
20 weeks ago
Who is going to win the big legal battle between Google and Oracle?

I feel like I'm watching a very long hockey game between Oracle and Google - big boys playing for big bucks. I think Google is more...

Tags: google, java, lawsuit, Oracle, patents
3 Answers
Answer It
dvarian
dvarian
41 weeks ago
Have you disabled java on all your machines?

Another day, another java exploit. A new browser based exploit apparently lets attackers execute arbitrary code on client systems, and...

Tags: exploit, java, JRE, malware
2 Answers
Answer It
dniblock
dniblock
22 weeks ago
Should Android users worry about Java?

The US Government's security warning about Java on computers has been widely reported at this point, but I can seem to find what that...

Tags: android, java, security warning
2 Answers
Answer It
Lemarchand
Lemarchand
1 year ago
Are you ready to deploy a Next Generation Firewall?

Is Palo Alto the only true NGFW? SonicWall? Juniper SRX? Do you think that Gartner's definition of a NGFW is correct? Does anyone know...

Tags:
2 Answers
Answer It

Ask a question

Join Now or Sign In to ask a question.
Google asks to make surveillance orders public, citing First Amendment
Google has asked the court overseeing terrorism-related surveillance programs at the U.S. National Security Agency to allow the company to publish information on the number of surveillance requests it receives.
Google funds campaign against child porn online
Google announced a new multimillion-dollar investment in creating technology that will filter out images of child sexual abuse.
US officials: Surveillance programs helped stop 50 terrorist plots
U.S. law enforcement agencies have disrupted more than 50 terrorist plots in the U.S. and other countries with the help of controversial surveillance efforts at the U.S. National Security Agency, government officials said Tuesday.
Source code for Carberp financial malware is up for sale at a very low price, researchers say
The source code for the Carberp banking Trojan program is being offered for sale on the underground market at a very affordable price, which could result in additional Carberp-based financial malware being developed in the future, according to researchers from Russian cybercrime investigations firm Group-IB.
Proposed e-license plates can be altered remotely and may be used to track you
A pair of South Carolina lawmakers has introduced legislation that would pave the way for a pilot program involving electronic license plates that could be altered remotely by the state's DMV.
Start-up tackles advanced persistent threats on Microsoft, Apple computers
Start-up CrowdStrike today made available its first product, called Falcon, designed to detect and block stealthy infiltrations of Microsoft Windows or Apple Macintosh-based endpoint machines and servers.
Most data breaches caused by human error, system glitches
When it comes to data breaches, hackers and organized crime garner most of the headlines, but most data breaches are caused by human errors and system glitches--application failures, inadvertent data dumps, logic errors in data transfer and more. As a result, educating your employees and making sure they're not cutting corners is a big component in preventing data breaches.
Google Glass privacy concerns raised by international data protection authorities
The Canadian privacy commissioner and 36 other data protection authorities on Tuesday raised privacy concerns about Google Glass in an open letter to CEO Larry Page.
Swedish court OKs Pirate Bay co-founder Svartholm Warg's extradition to Denmark
The Swedish Nacka District Court has ruled that Pirate Bay co-founder Gottfrid Svartholm Warg may be extradited to Denmark to face hacking charges, the court confirmed Tuesday.
Yahoo discloses user data requests from US law enforcement agencies
Yahoo has received between 12,000 to 13,000 requests for user data from law enforcement agencies in the U.S. between Dec. 1 and May 31 this year, the company said Monday.

Most Active Members

jimlynch

jimlynch

0 questions | 1708 answers

TRUSTED VOICE
Christopher Nerney

Christopher Nerney

2 questions | 193 answers

becker

becker

43 questions | 94 answers

TRUSTED VOICE
wstark

wstark

41 questions | 75 answers

lsmall

lsmall

14 questions | 88 answers

TRUSTED VOICE
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+