Stay away from Java!!!

[RichAlgeni]

http://allthingsd.com/20130219/this-is- ... any-hacks/

How can companies continue to rely on this?

[Tenaja]

http://allthingsd.com/20130219/this-is- ... any-hacks/

How can companies continue to rely on this?

Could not the same be said about all Windows systems, since they also have vulnerabilities? And OSx and Linux, for that matter? Just because Java was used to exploit a weakness does not mean it was Java's fault. Weaknesses in all of the OS's have also been used to spread malicious code as well. The only guaranteed way to avoid all risk of hacks is to only use software written by yourself on a computer with no operating system and no connection to the outside world. That is not possible, however, because to write software, you must first install software...

[RichAlgeni]

Have to disagree with your assessment, because of the type of software it is. Of course there are issues with Windows, Linux, et. al., and there probably always will be. But how many lately have been on the same scale as the issues with Java?

I will make the argument that with Java, your problems are increased logarithmically, if not exponentially!

[Poshu]

I will make the argument that with Java, your problems are increased logarithmically, if not exponentially!

Well, java and oracle's java plugin are two different things. I'm using another implementation of the JVM (openJDK for that very mater) which doesn't suffer from these exploit, there is most probably other, but not this one.

But how many lately have been on the same scale as the issues with Java?

In the last two years, Stuxnet, DUQU, flame... Seems enough to stay away from windows with your way of thinking, right? And yet, I'm betting you're still paying for this deeply flawed os :p

So, yeah, this is as stupid as telling people to stay away from C++ =_=;

[RichAlgeni]

I stand corrected, stay away from the 'browser version' of Java. My apologies.

So, yeah, this is as stupid as telling people to stay away from C++

You seem to be so intent on discrediting me, that you make a ridiculous statement, and discredit yourself.

[Nituvious]

Java is terrible regardless of the flavor it comes in.
Their lame installer even has adware in it.

All of my machines(except my $30 android tablet) will forever be Java free.

[Kuron]

All of my machines(except my $30 android tablet) will forever be Java free.

Same here, and it has been that way for many, many years.

[Poshu]

You seem to be so intent on discrediting me, that you make a ridiculous statement, and discredit yourself.

Could you tell me why please? A lot of libraries you might want to use when conding in C++ have security hole, so is the JVM. Purebasic's ones are probably flawed as well...

Java is terrible regardless of the flavor it comes in.
Their lame installer even has adware in it.

Once again, Oracle's JVM is not Java. There is other implementation, but I guess it's harder to check than criticize...

[GWarner]

Sometime last year, around October I think, when there was a big todo about another security problem with Oracle's JVM, I uninstalled it. After that I found I had Microsoft's old JVM and removed it too, since it is no longer supported.

Since then I have only encountered one site that complained about the lack of an available JVM, the site worked fine without the JVM anyway, the only thing that didn't work was the ability to preview the checks you were ordering, since all I wanted was basic no-frills checks, I didn't need the preview feature and just carried on without it.

So my opinion is, don't bother with installing a JVM unless you need to access a web site that requires it.

[tj1010]

Most of it is ROP attacks on invalid memory handling in the core classes like MIDI and XML ones in JVM. Flash and PDF Reader get the same amount of publishing when firms focus on them, ROP and heap-spraying on AS core libs there. Eventually people will go to MAC like SELinux and windows GPO+ASLR+DEP to mitigate the attacks from memory corruption, until then enjoy reading about cyber espionage and botnets...

You gotta love how billions of dollars and companies full of experts can't figure it out and ignore the obvious... I guess if you mainstream working solutions you can't sale products and services for the problem... business

EDIT: Goes and scans a malicious malware dropper to make sure it doesn't match a known file hash before running it, using his trusty $100 AV.. it's clean cause the author is using 20 year old xor loop obfuscation techniques ^^

[RichAlgeni]

http://arstechnica.com/security/2013/03 ... g-targets/

Another one...,

[X]

OK, seriously, lay off the kool-aid. All you need to do is disable the browser java plugin ... Nothing wrong with Java itself.

[jack]

agree, besides java has achieved quite a bit of speed lately, sometimes equaling C.

[tj1010]

agree, besides java has achieved quite a bit of speed lately, sometimes equaling C.

I've always found the performance arguments on the net to be entertaining, considering the little difference in thread, stack, and heap management between properly coded C/C++ and most managed-code frameworks, and the benefits of managed code.

I like when the firms focus on Adobe products and the details get into the hands of certain governments, and all the sudden rootkit droppers show up but everyone waits for patches because of Flash Player popularity ^^