89 replies to this topic

[hazelnut]

That is what is being recommended by security firms in the light of concerns that it leaves machines open to attacks.

http://www.reuters.c...E87Q18820120827

There is also a test page so you can tell if your java version is exploitable

http://www.isjavaexploitable.com/

(I'm glad I don't have java installed and haven't for quite a few years)

[nodles]

I'm using NoScript which blocks all Java and Javascripts automatically (if I don't enable them manually).

[TheWebAtom]

I know Google Chrome doesn't run Java content without manual approval. Do other browsers do this too?

[Andavari]

Microsoft Java and Oracle Java aren't on my machine, and haven't been for years.

[hazelnut]

A lot of machines that go to repair shops have outdated java versions on them

Thing is though it is also the latest java version that is vulnerable.

[DennisD]

Also Java-less for a long long time.

Unless you specifically need Java, (gaming maybe?), it's not really worth having on your machine.

[nodles]

Games and some sites (like online banks) use Java.

[Alan_B]

nodles, on 29 August 2012 - 11:10 AM, said:

Games and some sites (like online banks) use Java.

Actions to take :-
1.
Switch to a bank that allows use of Non-IE browsers and excludes Java from its requirements

2.
Check whether the bank's casual attitude has leaked information that has/may result in identity fraud against you.  This may help
http://www.topcashba..._credit_report/

3.
Uninstall Java.

[Corona]

Thanks Hazelnut. I use Waterfox now and updated to Java7 update7 (64bit) and that warning site says my version is safe. NoScript keeps Java off till I tell it to run anyway.

[MikeW]

Security update issued on 30/08/2012

http://java.com/en/d.../manual.jsp#win

[Taximan48]

Oracle has issued fixes.
http://www.zdnet.com...ion-7000003517/
I still don't use Java though

[hazelnut]

Didn't last long did it, another vulnerability found in latest patched version

http://www.pcworld.c...er_release.html

[Winapp2.ini]

Poor Java.

[TheWebAtom]

Some fun facts: JavaRa (the Java repair/removal tool that I write/maintain) download numbers have quadrupled since Oracle's mess started. An average of 18,000 people are using  it to remove Java every single day.

[MikeW]

hazelnut, on 01 September 2012 - 01:23 AM, said:

Didn't last long did it, another vulnerability found in latest patched version

http://www.pcworld.c...er_release.html

Yup, Nearly as many updates as Firefox  

[Andavari]

TheWebAtom, on 29 August 2012 - 05:12 AM, said:

I know Google Chrome doesn't run Java content without manual approval. Do other browsers do this too?

The last time I actually used Java for anything was to use Trend Micro Housecall, their free online virus scan which would prompt in both those old versions of IE and Firefox. I do remember visiting a site years ago which back then has some nifty Java stuff on it that automatically ran in both IE and Firefox with not prompting.

[Super Fast]

Are you guys trying to kill Java?

I never trusted Java, seeing it is a multi-platform attack surface. We need fewer attack areas, not more!

Thanks for the update! Bye bye, java! Pity that Open Office uses it...

[Super Fast]

MikeW, on 01 September 2012 - 03:05 AM, said:

Yup, Nearly as many updates as Firefox  

But less secure,

[Winapp2.ini]

For Firefox users: https://www.mozilla....US/plugincheck/

[Andavari]

Super Fast, on 01 September 2012 - 12:11 PM, said:

Are you guys trying to kill Java?

Virtually bury it next to the buggy and always vulnerable Flash Player.