R
RomanZ
Jan 16, 2012

What do you do to minimize the security risks created by Java?

In my experience, two of the greatest risks to system security are Flash and Java. Flash has a pretty central place in web design, as those of use who have used iPads, iPhones and Android 2.1 or earlier are well aware. Hopefully the widespread use of Java will fall off now that Adobe has killed support for development of flash for mobile platforms and HTML5 is on the rise. Java, on the other hand, doesn't seem to be going anywhere and remains a popular vehicle for exploits. What do you do at your company to minimize the risks that are created by using Java?

jimlynch
01/17/2012
I think it's a good idea to just get rid of both of them if you don't need them. I ranted about flash in a column a while back, and I still think it stinks.

Why Flash Sucks
http://jimlynch.com/en/2010/04/07/why-flash-sucks/

As far as Java goes, good riddance if you can just get rid of it. Neither of these things is really worth bothering with, given the security headaches (among other things).

So if you can remove them from your system(s) then more power to you. You're probably saving yourself a lot of aggravation in the long run.
h
henyfoxe
01/17/2012

 

Java is a big issue, in my opinion.  Browser plug-ins are one of the favorite avenues for cyberattacks, and have been for a long time.  Fortunately, both Chrome and Firefox block out of date plug-ins, which definitely helps matters, at least with those two browsers.  Of all plug-ins, Java is most often used for exploits, in my experience.  Fortunately, there is a good way to minimize the risks of Java: remove Java completely.  There is almost no need for it, and most users will never even miss it.  If you use Chrome, you can use sandboxing to run Java in a secondary browser if you absolutely have to run it.  

 

BTW, apparently we aren't the only ones concerned about the vulnerabilities created by Java.  Mozilla is considering blocking the Java plug-in to help stop SSL attacks.It will be interesting to see if they follow through, and if so, whether there is a reaction from Firefox users.   

 

Answer this
ASK a question
250