Security Experts Advise Users to Ditch Java

[jamescv7]

After installing an operating systems on their computing machines, most individuals rush to install applications that help them browse the web. While many believe that without components such as Flash and Java they won’t be able to access certain content, there are always safer, more secure, alternatives.

F-Secure researchers report that many people use Java, but in reality they don’t need it, its presence only giving cybercriminals the opportunity to exploit the device it’s installed on.

The main issue is that a lot of Internet users confuse Java with JavaScript, a crucial component for the web.

“If you're running Java, but not the latest version, you're vulnerable. So either you have to check at all times that you have the latest version of Java — or get rid of it altogether,” said F-Secure’s Mikko Hypponen

After studying the infamous Blackhole exploit kit’s control panel, the experts discovered that more than 16,000 computers were taken over using the Java Rhino vulnerability.

If you really need Java for online banking or other Internet apps, it’s recommended that you install the Java plug-in in a separate browser that you utilize only for the specific tasks, allthough, many have discovered that after uninstalling the dangerous component, their daily activities are not affected in any way.

Read More

 

[MrXidus]

Already ditched Java 6 months ago. Thanks.

 

[Deleted member 178]

Already ditched Java 6 months ago. Thanks.

same. No need to be an expert.

Thanks

 

[moonshine]

I ain't ditching Java because I use Java for some applications. I'm protected because I always use the latest version and I'm using EMET.

P.S I'm aware of the consequences.

 

[jamescv7]

Just decided last week to removed Java since there is no reason to use it beside if its really necessarily. Adobe Flash player is a must since mandatory of the videos around the web were used.

 

[MrXidus]

Just decided last week to removed Java since there is no reason to use it beside if its really necessarily.

If necessary, I open up a Windows 7 VM that has Java installed. Then flash wipe the VM afterwards.

 

[Tom172]

If you require Java, keep it updated. If you don't need it, remove it. What more needs to be said.

True, if you want to be more cautious, run it Sandboxed/Virtual environment.

I removed it promptly after my need for it ended.

 

[Ink]

I need Java for the software I use to transfer media to my PlayStation 3 or stream to TV.

Two issues I have:
1. Runs a process to schedule updates, if not running. No updates received.
2. Updates are set to check every month, by default.

 

[MetalShaun]

I need Java for the software I use to transfer media to my PlayStation 3 or stream to TV.

Two issues I have:
1. Runs a process to schedule updates, if not running. No updates received.
2. Updates are set to check every month, by default.

Ditto. Need it for Ps3 Media Server. I also run it under EMET.

 

[iPanik]

can't remove it. I need it for banking, tax system etc.

 

[win7holic]

I never want remove it. I need it.

 

[Jack]

This Java exploits aren't something new, they have been happening from years now ... Most of the exploit are successful because people don't update their Java and cyber criminals take advantage of those security holes.....Like the guys from F-Secure said Java is need it only by a few people so if you don't need it , just unistall it because it's hard to always keep your eyes open for updates... For instance I have checked my Firefox Java plugin an found that it was out of date.......

 

[Tom172]

This Java exploits aren't something new, they have been happening from years now ... Most of the exploit are successful because people don't update their Java and cyber criminals take advantage of those security holes.....Like the guys from F-Secure said Java is need it only by a few people so if you don't need it , just unistall it because it's hard to always keep your eyes open for updates... For instance I have checked my Firefox Java plugin an found that it was out of date.......

That's where something like Secunia PSI comes into play

 

[Prorootect]

Hey, maybe I'm also 'security expert'? I'm kidding.

But look at this, Posted: 02 February 2010 at 4:22pm: http://forum.sysinternals.com/topic21844.html

 

[WinAndLinuxTutorials]

Will these Java vulnerabilities also affect Linux users?

 

[win7holic]

I think yes, winlinux.

 

[Ramblin]

I got rid of Java more than 2 years ago. I think if a user has no use for it, its better off to uninstall it. If its needed sporadically then it can be installed in a sandbox that gets deleted after using it. In my opinion, only users that need Java for work should have it in their computer.

Bo

 

[jamescv7]

Any OS were vulnerable especially like Java is installed and can be easily exploit at any kind of vectors.

 

[LochNess]

"Ditched" long ago... one less exploit, but not the 'target' it once was... too bad that 'Web-Forest' if full of so many 'Scarey Creatures'... :-(

 

[Gnosis]

Don't blame Java, blame outdated C and C++ code that Microsoft uses.