Why are there so many issues with Java?
It seems that whenever there is a zero day vulnerability, there is a better than even chance that it will have something to do with Java. What is it about Java that makes it so prone to security threats? Oracle isn't exactly some start-up operating out of a garage, you would think they would have this Java thing figured out by now.
Answers
Well with most all applications in the world running on JAVA there are inevitably going to be problems that arise. So folks go ahead and disable Java in your browsers and while your at it throw your cell phones, PDA's and all the other " fun things " you have at your disposal away. This includes your XBOX 360 and your playstations that are running all those "cool games that include Java libraries that you know nothing about. Yes, trash the cable TV box too flawed Java is what brings all those channels to you in HD.
And while your at it get rid of that internet router. It also runs on Java. Oh yea you will also need to close that bank account. Most banking applications run on Java also. You will also need to get rid of that debit and credit card, Java reads it when you swipe.
Alas, now you can pitch your tent and go to the woods. That is what you will have left. Of course, then you will be vunerable to bear and the like.
But yea, Oracle knows nothing about JAVA technology, right?
- Share this answer
- Permalink
While I think you make a good point about the prevalence of Java, you are comparing apples (small A) and oranges a little. Java running in a browser is not the same thing as Javascript or Java Card. Also, while the Android SDK uses Java, so apps are written in Java, the phone itself is using Dalvik instead of Java Virtual Machine, and is not vulnerable in the same way as a machine with Java SE 7 running in the browser. I agree with you that Java is widely used, and is widely useful. However, in the context of use in a browser, which I inferred from the original question because of the use of the term "zero day vulnerability" and the well publicized security weaknesses of Java SE 7 the picture is not so rosy, and there is little compelling reason to continue to use it.
Here's an article that explains how to disable Java altogether. Probably a good idea for most people.
Java is Insecure and Awful, It’s Time to Disable It, and Here’s How
http://www.howtogeek.com/122934/java-is-insecure-and-awful-its-time-to-d...
"As usual, there’s yet another security hole in the Java Runtime Environment, and if you don’t disable your Java plugin, you’re at risk for being infected with malware. Here’s how to do it.
Security holes are nothing new, but in this case, the security hole is really bad, and there’s no telling when Oracle will get around to fixing the problem. Plus, how often do you really need Java while browsing the web? Why keep it around?"
- Share this answer
- Permalink
The way Java is constructed includes what they call the "Security Manager", which is intended to restrict applications to running in the Java sandbox. This is a major part of the problem, somewhat ironically, because Security Manager has a number of interconnected subsystems that have repeatedly allowed exploits to bypass it and gain access to the machine running Java. The issue, or at least part of it, is the way that all of the subsystems interact make it much harder to correct than it would be to fix a single flaw, partially because of unintended consequences that can result in changes made to one subsystem to fix one flaw may open up a new potential exploit through a different subsystem. Also Oracle doesn't play well with others, and won't work with people outside of the company to attack flaws, so they do everything in a bit of a vacuum.
I am so sick of Oracle trying to install unwanted junk like tool bars and add-on with every update that I'm done with Java anyway. I really, really don't want an Ask Toolbar, and I don't want to have it installed by default unless I opt-out EVERY SINGLE UPDATE! Grrrrrrrrr! Ars has a harsh article on this very topic today, in fact.
- Share this answer
- Permalink
Related Questions
In my experience, two of the greatest risks to system security are Flash and Java. Flash has a pretty central place in web design, as...
I feel like I'm watching a very long hockey game between Oracle and Google - big boys playing for big bucks. I think Google is more...
Another day, another java exploit. A new browser based exploit apparently lets attackers execute arbitrary code on client systems, and...
The US Government's security warning about Java on computers has been widely reported at this point, but I can seem to find what that...
Is Palo Alto the only true NGFW? SonicWall? Juniper SRX? Do you think that Gartner's definition of a NGFW is correct? Does anyone know...
Ask a question
White Papers & Webcasts
White Paper
Controlling the Cost of File Transfers
White Paper
Secure Data Streaming with Attachmate FileXpress
See more White Papers | Webcasts
Hello Friends,
Java is a popular programming language that is used to develop games, applications, and utilities that are found on the Internet, cell phones, and other digital devices. There are thousands of other programming languages out there, such as C, C++, HTML, ColdFusion, Python, Flash, PHP, Visual Basic, and more, but Java has gained popularity in the last few years because it will work on many different kinds of computers.
The same reason that there are frequent updates for the Flash player. Because these applications are installed on so many computers around the world, and because they are cross-platform, they are extremely vulnerable to security risks. They are frequently targeted by hackers and other cyber criminals, so Sun Microsystems is constantly trying to stay one step ahead of the bad guys.
Thanks and Regards,
Agili Ron
agiliron.com