I gather I should update Java on my PC due to security concerns. A little investigation has me confused. What version should I install (SE6? SE7?)? Do I need to manually remove the existing version or will the update do that for me? Do I just do it once for the PC (Windows XP), or do I need to it separately for separate browsers (IE & Firefox)? Where should I go to get the update?
If you have version 6, you have to remove the old updates manually. Version 7 removes old version 7 updates.
That being said, Java has become such a target for spyware, Homeland Security has recommended it be uninstalled completely. Adobe Reader and Java exploits account for 80% of spyware infections. Java cannot be made safe, just remove it. I use Foxit Reader instead of Adobe Reader for PDF files.
you can install/update java and disable it in all browsers in Windows.
in the Control Panel click on Java, open the Security tab, uncheck ‘enable Java content in the browser’. your particular version and settings of Windows may make this look different.
if you install/update recent versions of Firefox it will default to disabling Java as an add-on and you need to change the setting to allow it to function.
Huh. I’m uninstalling Java now. Never knew that.
also in Adobe Reader go and enhance its security.
don’t allow it to run programs, macros or scripts or access the internet.
in its preferences -> Security (enhanced) have it run in "protected mode’ and ‘Protected view’. have it run with “enhanced security”.
in its preferences -> Javascript you should uncheck that it can run script.
I got rid of AR a long time ago. It’s too damn slow; I use X-Change Viewer now.
Won’t uninstalling Java cause some pages not to work? I’m not sure but it would seem eBay now uses Java a lot, can this be verified? Imo the new eBay and all the java now sucks pond scum covered rocks.
A couple of slight corrections DHS said to disable java in your web browser, they did not specifically say to remove the language from your computer if you have a use for it.
Second, ebay and other sites tend to use “javascript” which is in no way even related to java except that it was trying to ride the popularity of java’s name.
http://www.java.com/en/download/faq/java_javascript.xml
Most java exploits are from unpatched versions of the software, “Zero Day” exploits have actually been pretty rare.
Any programming language will be vulnerable to exploits and while there are areas where java could be vastly improved the reality is that whatever software becomes popular gets exploited most.
As noted above, some earlier versions of java would not uninstall older versions, make sure you remove those versions and do not ignore the update notifications and you should be reasonably secure.
With that said, if you do not need java it should be removed just as should any piece of software you do not use.
What do I need Java for? Other than jscript I can’t remember it ever being used by anything. It just sits there and demands to be updated every 30 seconds.
JScript is actually an implementation of ECMAScript, and has nothing to do with Java. It’s named that way to remind people of JavaScript, which is also an implementation of ECMAScript, which also has nothing to do with Java. Blame Netscape, they made a confusing mess with their naming.
For what it’s worth, I third-fourth-whatever removing Java. You don’t need it. And if you have a program that does, trash it and find a better program to do the same thing-- alternatives are out there.
The true tragedy in modern computing is Notch’s strange, inexplicable decision to code Minecraft in Java-- Java would be 100% dead on consumer machines if not for Minecraft. Damn you, Notch!
Get rid of your percolator and get yourself a good French-press?
There’s also EA’s pogo.com online gaming site - at least the last time I checked. Probably lots of other browser-based online games, too.
And WebEx. I guess there’s a lot of companies out there propagating this awful technology.
(To be clear: I have no issue with Java in the server room, but I don’t think it belongs on consumer desktops.)
Aw, shit. The wife uses WebEx for work.
What language would you prefer for client apps over Java?
Anyone happen to know of alternatives to DavMail? I use it every day to download emails that otherwise would have to be viewed via Outlook Web Access. It’s also the only program that made me download Java before it would run.
Literally anything?
Seriously though, for a video game like Minecraft, I’d pick the C# + XNA and/or MonoGame (which lets you port easily to Mac and Linux.) Personally. Other people might have their own preference. But virtually anything’s better than Java.
Seeing as how Ruby on Rails has just gone through a period of massive security leaks I’d say most dynamic languages are a bigger problem than Java. Mono does allow apps to port to Linux and Mac but it’s nowhere near as good as the portability of Java. For example, I use KeePass (.NET app) on Windows, OS/X, and Linux; on Linux it’s mostly usable and OS/X it’s hardly so. Java has its problems, sure, but so does every language.
If I were selling software, I would be embarrassed and ashamed to require users install Java to run it. That’s really what it comes down to. Java’s track record of the last 5 years has been abysmal, both for normal everyday bugs (“user.home” in Java still returns the wrong value in Windows, like it has since 2002) and of course for security-related bugs.
Anyway, that’s my opinion.
Based on what argument?
The vulnerabilities are in the java browser plugin.
It’s not just about the vulnerabilities. Java requires a large file download to even install, much larger than other libraries. It prevents programs from running natively in any form, making them much less efficient. Despite its abstractions (which were designed for applets), it’s not any easier to code anything significant in it. It even takes work to make it consistent with the UI of the target operating system.
The only reason I can think to design your app in Java is if you are targeting those phones and other devices (like Blu-ray players) that essentially run Java natively.