Big Java security fixes on the way – but not so fast, Windows XP users As if running Windows XP after Microsoft withdrew support wasn't risky enough, XP users who have Java installed may soon have even more to worry about. Oracle is due to issue its next Critical Patch Update – the massive, quarterly fix-it fests that deliver security updates across the company's entire product line, including …
Are you referring to Javascript? This is an entirely different animal from Java (the language) or the Java Runtime Environment (JRE) (what unfortunate users get to install)..
More useful will be when LibreOffice finally manages to escape from any dependency on the Java Runtime Environment.
Java is not a browser only technology. You may be so unlucky to have to use some Java application, like Eclipse or some Oracle tools like SQL Developer.
Sure, then you can disable it in the browser and become far less vulnerable, but there are some server remote management applications like Dell's iDRAC that requires ActiveX or Java in the browser to use their remote console capabiities (which are ok if you don't like a walk or worse a drive to a server room far away).
Noscripts also stops plugins, so using this should provide a good level of protection.
Security risks will usually come from java apps running slyly in the background, rather than (reputable) apps you actually want to use.
Limiting its execution to where you know you want it used is a sensible precaution.
I don't install Java on my own machines, but I'm required to use it on the corporate machines.
In my experience Java is rarely backward compatible, with 6 being widely deployed in multiple companies I deal with.
So it really makes little difference if Oracle supports versions prior to 8 or not, those versions are going to remain widely in use. Oracle may think it can claim "we told you to use the latest version", but ultimately it is going to need to shoulder some of the responsibility for the impending major security fail rooted in older versions since the new version doesn't work.
...if this is about the "stand-alone" Java **JRE/SDK** or the **browser plug-in** or both.
"...a dizzying 91 per cent of all web-based exploits throughout 2013 targeted Java." seems to point at the plug-in, but the context of the article is not unequivocal.
Why is it that even IT media seem to be generally unable to make that distinction in their reports on "Java" security issues?
After all these years, is there anything that Windows does WELL that XP did not?
My new computer runs on Windows 8.1, and while I think nearly everyone on a desktop would agree that "metro" is a stinking pile of crap, even the rest of the thing just seems so disjointed that its not even funny.
Why do I need to look in 3 different places to get all of the info on my wireless connection such as the band its connected to, the speed data is moving though that connection, and how much data has gone through that connection over time?
Its almost like someone tossed the OS into a blender, ran it for hours and hours, and then took the mess that came out, and ran links to all the bits.
If I look at internet connection(s), I should see everything about it (or them), and all my options for it (or them) should all be there.
If I look at printers, all printers should be listed, and all options that can be preset should be lised.
If I look at storage, everything about storage should be there. Hard drives, SSDs, Optical, memory sticks, external drives and so on.
But apparently this is too much for Microsoft to understand. Windows is almost 30 years old, and Microsoft still does not understand this concept.
Next to Adobe Flash Player, Java likely has the worst security record of ANY software on ANY platform. Anyone still using Java these days deserves to get hacked.
Countless publications have said that if you don't need it, don't install it. If you don't know if you need it, you probably don't.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
