|Java-Enabled Browsers Not Up-To-Date and Vulnerable To Java Exploits|
I know that many "in-the-know" disable Java. Those that don't know, clearly, are in the vast majority.
|Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published by security vendor Websense. |
The company recently used its threat intelligence network, which monitors billions of Web requests originating from “tens of millions” of endpoint computers protected by its products, to detect the Java versions that are installed on those systems and are available through their Web browsers. Java-Enabled Browsers Not Up-To-Date and Vulnerable To Java Exploits [pcworld.com]
|The Java telemetry data gathered by Websense showed that only 5.5 percent of Java-enabled browsers have the most up-to-date versions of the software’s browser plug-in—Java 7 Update 17 (7u17) and Java 6 Update 43 (6u43)—installed. These two versions were released on March 4 in order to address a vulnerability that was already being exploited in active attacks at the time. |
Meanwhile the meeja ( including the BBC tech correspondents ) would claim that the innnertubes were broken..
hehe, perhaps they would.
Either way, if those figures are correct, that's a huge imbalance.
I will check with my friends, but i'm pretty sure they won't have a clue about it.
Leosghost: a few niche "not in the know" may stop drinking it when they're online. You know, risk of shaky hands and all... ;)
I have one gaming site I visit that is 100% Java and I have one browser with Java always enabled just for visiting those sites only and nothing more.
I also don't let anymore else use my computer under penalty of death or at least a big scolding so it's pretty safe ;) Even my wife gets the 'cat on the hot tin roof' treatment to do only what you must use that computer for and get off it as quickly as possible before you mess up my settings by accident.
She has her own computers, which I never use, so I don't get it... but that's another topic for another day in Foo.
|Google's entire business would be in meltdown until G had paid for enough TV ads to get the masses to re-enable it.. |
<noscript>Dude, you're not seriously surfing the web like this?</noscript>
I always have Java disabled by default simply because I've hardly ever seen a site that requires it. Use alternative content to tell me to enable Java and if I think the site is worth it I'll temporarily turn it on.
It's a shame Sun fell to Oracle and this is but a taste of what is to come with other products especially MySQL. That is why I'll be migrating to PostgreSQL.
|but a taste of what is to come with other products especially MySQL |
I certainly hope that MySQL doesn't go downhill. Thankfully MariaDB and the like are already around if this is the case.
It seems that only Google infected browsers are complaining about Java. Yes, even Firefox is infected by Google developers, especially since version 4 and the fact that Google is now the main funder of Firefox.
Like Microsoft, Google thought that they could plagiarise Java and got a good rap over the knuckles. Ever since then Google has been paying out on Java.
Java has been the safest language to use for eons by design. It cannot be a threat and it has always been that way. But if Java can now be a threat to web browsers it will be by the design of those web browsers that are trying push boundaries and if it's Google doing the push it will be privacy at risk.
If you are a Java developer or only a Java user you will be suffering from these new limitations. For example, if you are a developer you now need to maintain a currently code-signed jar file for your clients to update their web resources. If you are a Java user you may be in big trouble because the Java app that you purchased over a year ago may not have been code-signed or the code-signing has expired, so kiss your investment good-bye.
That right, not only must your Java app be code-signed but it must be code-signed by a current certificate. Only idiots from hell would not realise that any app that is code-signed is code-signed for life. The app developer has been certified and authenticated and that app has been sealed with approval. It cannot be altered in any way without breaking the code signing, not now or in 10 years!
Need a second opinion? Notice how IE is not complaining about Java. The only browsers complaining about Java are the ones under the influence of Google.