Results 1 to 13 of 13
  1. #1
    2 Star Lounger
    Join Date
    Dec 2011
    Posts
    134
    Thanks
    5
    Thanked 1 Time in 1 Post

    Is it safe to use Java for non-Internet applications?

    An application that I want to install requires it, giving the instruction, "Please install Oracle JRE or JDK version 1.6 or later." If I disable it in my browser, am I then safe? Which one of those would be preferable?

    Thanks,
    Ellen

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Hi,

    Yes, if you disable it in your browser, you should be safe enough.
    Rui
    -------
    R4

  3. #3
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,748
    Thanks
    171
    Thanked 649 Times in 572 Posts
    JRE is only 30MB, but JDK is 125MB. So if you don't need the Development Kit, just use the Runtime Environment:

    Which Java package do I need?

    JDK: (Java Development Kit). For Java Developers. Includes a complete JRE plus tools for developing, debugging, and monitoring Java applications.

    JRE: (Java Runtime Environment). Covers most end-users needs. Contains everything required to run Java applications on your system


    Java SE Downloads

    Bruce

  4. #4
    Bronze Lounger DrWho's Avatar
    Join Date
    Dec 2009
    Location
    Central Florida
    Posts
    1,501
    Thanks
    30
    Thanked 205 Times in 163 Posts
    This may sound dumb.....but I don't get it?

    What's all this angst about Java? I've been installing it on all my computers since......I can't even remember not having it.
    I turn off the Java Scheduler, but then I update it manually about once a month or when the new updates come out.
    I always update it as well, on my customer's PC's, when I'm there for a repair or regular Tune-Up.

    Obviously the scare tactics have worked, because of threads like this one.

    Experience is truly the best teacher.

    Backup! Backup! Backup! GHOST Rocks!

  5. #5
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    1,651
    Thanks
    38
    Thanked 161 Times in 139 Posts
    Summary: The latest release of the Firefox web browser boosts browser security and stability by blocking Java software component plug-ins from loading by default.
    http://www.zdnet.com/firefox-26-bump...ns-7000024120/

  6. #6
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,621
    Thanks
    147
    Thanked 877 Times in 839 Posts
    Quote Originally Posted by DrWho View Post
    This may sound dumb.....but I don't get it?

    What's all this angst about Java? I've been installing it on all my computers since......I can't even remember not having it.
    I turn off the Java Scheduler, but then I update it manually about once a month or when the new updates come out.
    I always update it as well, on my customer's PC's, when I'm there for a repair or regular Tune-Up.

    Obviously the scare tactics have worked, because of threads like this one.

    Java exploits posed a very real threat and at one time it seemed as if Java were bringing out patches every week and even Java advises not to have it permanently enabled, which is why they added the console Security feature to disable it in all browsers.

    Java updates previously were only about twice a year, but they take the threat that seriously that they now update on a monthly basis.
    Last edited by Sudo15; 2013-12-13 at 16:08.

  7. #7
    Bronze Lounger DrWho's Avatar
    Join Date
    Dec 2009
    Location
    Central Florida
    Posts
    1,501
    Thanks
    30
    Thanked 205 Times in 163 Posts
    No worse than Microsoft, , , Eh?

    Only MS Updates can totally disable a computer. I've never had anything from Java do that.

    Oh well, to each his own. To some people, Peanuts are as deadly as arsenic.

    Experience is truly the best teacher.

    Backup! Backup! Backup! GHOST Rocks!

  8. #8
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,748
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by DrWho View Post
    No worse than Microsoft, , , Eh?
    No. Worse than Microsoft:

    rangliste_sw_nach_exploits_en_01_af6a2eaad3.jpg

    Adding together all of the attackers that are currently threatening the different versions of Java results in an overall total of over 82,000 attackers, thus making Java the top vulnerability for exploit attacks.

    Adobe & Java Make Windows Insecure

    Bruce

  9. The Following 2 Users Say Thank You to BruceR For This Useful Post:

    satrow (2013-12-19),Tinto Tech (2013-12-19)

  10. #9
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 576 Times in 479 Posts
    Java has been the major gateway for infections for the last 2-3 years.

  11. The Following User Says Thank You to satrow For This Useful Post:

    Tinto Tech (2013-12-19)

  12. #10
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Quote Originally Posted by satrow View Post
    Java has been the major gateway for infections for the last 2-3 years.
    This, and Bruce's pareto above, amount to a rather inconvenient truth for some people I fear.

    It's not just web-based Java threats; there are plenty of other vectors for a malicious Java applet to be launched. In my opinion, if the OP absolutely must have Java then he should turn it off in the browser as a minimum, but far better not to have it installed in the first place.

    Personally, I won't allow Java anywhere near machines that I'm responsible for unless I absolutely must. I've come across just one line-of-business application this year which required Java to run - it's a proprietary tool that establishes a secured communications channel used to access and control remote equipment, and has no alternatives.

    The users of the machines that require this software are given the tools that they need to do their jobs, but I don't like having a potential a backdoor in my network.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  13. #11
    New Lounger English Bob's Avatar
    Join Date
    Dec 2013
    Location
    Cambridge, UK
    Posts
    15
    Thanks
    5
    Thanked 1 Time in 1 Post
    I have a couple of simple applications which are run as .JAR files, and for those I use the jPortable portable Java.

    http://portableapps.com/apps/utiliti...table_launcher

    This is probably not relevant to an application that needs to be locally installed, but it does a good job of restricting Java's influence only to where it's needed, if you can use it the way I do. I thought I'd mention it anyway.

  14. #12
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,748
    Thanks
    171
    Thanked 649 Times in 572 Posts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •