Linked by lucas_maximus on Mon 5th Dec 2011 17:23 UTC
Java Patch up warmly this winter if you're running Java. That's the advice from .NET shop Microsoft, which reckons Oracle's platform is the single biggest target for hackers. Java proved the single most popular target in the 12-month period to the end of June, according to Microsoft's latest Security Intelligence Report has found here Running Java as a Web-browser Plugin is much more dangerous than Flash, and should disable the Java Applet Plugin.
Thread beginning with comment 499081
To read all comments associated with this story, please click here.
That was painful
by aaronmcohen on Tue 6th Dec 2011 02:25 UTC
aaronmcohen
Member since:
2011-09-19

Gosh that was a painful whitepaper to read. So Microsoft funded paper with 23 Microsoft employees writing it found a concern with a MS competitor.... shocker! personally the fact that they found few ActiveX and MS Office VBA Attacks does raise an eyebrow.

"As in previous periods, many of the more commonly exploited Java vulnerabilities are several years old, as are the security updates that have been released to address them."

Java only recently had a good update capability under Windows and still has a long way to go. Personally I'd love to see the Browser plugin/JVM get updated with zero day updates and the system JVM get updated with only service packs.

I agree that there are some improvements needed in Java Release Engineering but I am not sure MS should be the one calling foul.

Reply Score: 4

RE: That was painful
by lucas_maximus on Tue 6th Dec 2011 05:47 in reply to "That was painful"
lucas_maximus Member since:
2009-08-18

Java only recently had a good update capability under Windows and still has a long way to go. Personally I'd love to see the Browser plugin/JVM get updated with zero day updates and the system JVM get updated with only service packs.


I honestly don't even know why Java is installed on most peoples machines. Not many programs use it for desktop programs, and I haven't been to a popular site that has used it ever.

I have Java installed with the JDK, but developers are in the minority.

I agree that there are some improvements needed in Java Release Engineering but I am not sure MS should be the one calling foul.


I think the main problem is applet ... simply have Java on the system isn't a security problem.

Reply Parent Score: 2

RE[2]: That was painful
by Straho on Tue 6th Dec 2011 09:08 in reply to "RE: That was painful"
Straho Member since:
2011-09-30

I honestly don't even know why Java is installed on most peoples machines.

I have same problem with windows.

The number-one exploit was CVE-2010-0840, affecting the Java Runtime Environment (JRE), disclosed in March 2010 and addressed with an Oracle update the same month.

Oracle produce update for the number-one exploit the same month when it's found, so what's the problem.
May be I don't understand all article, but still from what I understand - Java has security problems (yes, all platforms have them), Oracle update them the same month (good for Oracle unlike other companies), "Keep all software in your environment up to date, not just Windows" ("Don't play with fire!", says my grandmother).

Edited 2011-12-06 09:08 UTC

Reply Parent Score: 2

RE[2]: That was painful
by tidux on Tue 6th Dec 2011 19:22 in reply to "RE: That was painful"
tidux Member since:
2011-08-13

1. Vuze/Azureus
2. [Open/Libre]Office
3. Minecraft

It's still relevant.

Reply Parent Score: 2

RE: That was painful
by dsmogor on Tue 6th Dec 2011 08:05 in reply to "That was painful"
dsmogor Member since:
2005-09-01

I'm reading Larssons Millennium and the old Tycoon Vanger told troubled Blomkvist : if you are beaten hard by someone don't fight back if you know you will lose in full frontal attack but never forget and let it go. Observe and wait until your enemy is vulnerable to strike him. Ms have been hardly whipped on the security front, they have a lot of credibility to recount especially in the enterprise. This is just a great opportunity to hit two birds with one arrow. I have no doubt they will use the same tactics against Android when the time comes.

Reply Parent Score: 5