Page 1 of 2 12 LastLast
Results 1 to 15 of 25
  1. #1
    3 Star Lounger KritzX's Avatar
    Join Date
    Jun 2014
    Posts
    380
    Thanks
    15
    Thanked 42 Times in 42 Posts

    Question Java and Flash: Do I really need them?

    Here's the thing: I ran into Chrome a few months ago on my bro's PC, and ever since, I've been using it as the primary browser on almost all of my PCs. On 2 of my PCs, I use IE as the default browser, mainly because I don't use them that often, and rather than try and keep track of updating 2 browsers, I figured there was no harm in letting IE be the default browser. Recently, one of them acquired a backdoor via Flash (have no idea how), and instead of removing it with an AV program, I just reformatted and reinstalled Windows, as the PC wasn't used that often. This is a Win7 Home Premium machine. The reinstall was successful. Then, when I was testing out IE in that PC, IE kept demanding Flash for viewing a YouTube video. After some time, it switched over to HTML5, but there was no video; only audio.

    I never installed Flash or Java yet on this PC. It already came down with an infection once, thanks to Flash, and I'm really leery of installing it again. Now here's my question: Shall I just install Chrome on this PC and deal with having to update 2 browsers, or shall I bite the bullet and install Flash (and also, possibly Java), and vigilantly be on the lookout for new malware? Which is easier? Keep in mind, I don't use this PC too often (perhaps 4 times a week), so I can't constantly be on the lookout for new updates.

    Thanks!
    Fact of Life:

    “Real stupidity beats artificial intelligence every time.”
    Terry Pratchett

  2. #2
    3 Star Lounger SpywareDr's Avatar
    Join Date
    Dec 2009
    Location
    Miami, Florida, USA
    Posts
    371
    Thanks
    3
    Thanked 43 Times in 35 Posts
    Use Chrome instead of IE, (Flash Player is integrated into Google Chrome), and don't install Java unless you must. If you keep getting infected, might also want to consider Malwarebytes Anti-Malware Premium. It detects and protects against malware in real-time.
    Last edited by SpywareDr; 2014-08-02 at 14:59.

  3. #3
    3 Star Lounger KritzX's Avatar
    Join Date
    Jun 2014
    Posts
    380
    Thanks
    15
    Thanked 42 Times in 42 Posts
    Thanks for your suggestion. I used to have MSE on this PC, but since it couldn't stop the backdoor from entering my PC, I installed MalwareBytes Premium after the reinstall. Anyways, like you said, I'm only going to install Java if necessary.

    But another question: How will I know which programs require Java? Websites always inform me, but will all programs also behave likewise? I ask this, because if a program does require Java, and installs it without informing me, then I'm pretty sure it'll be an out-of-date version.

    And the only thing worse than Java, is an out-of-date version of Java.
    Fact of Life:

    “Real stupidity beats artificial intelligence every time.”
    Terry Pratchett

  4. #4
    3 Star Lounger SpywareDr's Avatar
    Join Date
    Dec 2009
    Location
    Miami, Florida, USA
    Posts
    371
    Thanks
    3
    Thanked 43 Times in 35 Posts
    The page should prompt you if it needs Java.

  5. #5
    4 Star Lounger
    Join Date
    Mar 2014
    Location
    Forever West USA
    Posts
    515
    Thanks
    0
    Thanked 44 Times in 44 Posts
    When I access my Domain one feature on the main page is a link to World Time Clock. It uses a script to call the clock and if Adobe Flash Player is not installed I get a message. It's occurs mostly when I'm setting up/working on someone else's computer.

  6. #6
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,914
    Thanks
    32
    Thanked 260 Times in 254 Posts
    Java won't auto install and even requires its own UAC for it to run.

    I have both 32 and 64 bit versions installed and kept up to date but have Java disabled in browsers through its console in All Control Panel Items.

    This is done by right clicking on the "coffee cup" and selecting Open then under the Security tab, uncheck the box for Enable Java content in browsers/Apply and ensure that in IE/Manage add-ons, all Java items are set to Disabled - this way if you are prompted that Java is required then you only have to check that box and restart IE to effect.

    It was probably a failing of MSE that allowed that infection rather than Flash, otherwise Google would be awash with complaints about Flash Player.

    Adobe do have the odd out of cycle security updates to combat a Zero Day Exploit, but for the main, as with Java - keeping them up to date is usually sufficient and best advice is to ensure you have a more effective AV than MSE.

  7. #7
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    Quote Originally Posted by Sudo15 View Post
    Adobe do have the odd out of cycle security updates to combat a Zero Day Exploit, but for the main, as with Java - keeping them up to date is usually sufficient and best advice is to ensure you have a more effective AV than MSE.
    "odd out of cycle security updates"? No, exceptional ooc updates; normal updates are only every 3 months:

    July 2014: Critical Patch Update that contains 20 fixes for Java, the most severe having a rating of 10.0.

    April 2014: Critical Patch Update that contains 37 fixes for Java, 35 of which Oracle indicated can be exploited by an attacker without the need for authentication.

    January 2014: Critical Patch Update that contains 36 fixes for Java, 34 of which Oracle indicated can be exploited by an attacker without the need for authentication.

    October 2013: Critical Patch Update that contains 51 new security fixes for Oracle Java SE. Oracle indicated that fifty (50) of the Java SE vulnerabilities fixed in this Critical patch Update are remotely exploitable without authentication.

    Yup, that's well over a hundred Java exploits 'fixed' in the last year that wouldn't have triggered UAC.

    Bottom line is:- don't use Java, if you do, keep it updated, don't allow it in IE.

    It's been the main infection route into Windows for years!

  8. #8
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,914
    Thanks
    32
    Thanked 260 Times in 254 Posts
    It may have been this I was thinking about http://krebsonsecurity.com/2014/05/w...obe-shockwave/ but I seem to remember something about Flash Player being exploited/security scare.
    Last edited by Sudo15; 2014-08-03 at 04:06.

  9. #9
    3 Star Lounger KritzX's Avatar
    Join Date
    Jun 2014
    Posts
    380
    Thanks
    15
    Thanked 42 Times in 42 Posts
    Thanks for all your suggestions guys. Following your advice, I decided it's better to install Chrome and just deal with having to keep 2 browsers up to date, rather than obsessing over Flash or Java-related malware. Once again the day is saved...
    Fact of Life:

    “Real stupidity beats artificial intelligence every time.”
    Terry Pratchett

  10. #10
    3 Star Lounger SpywareDr's Avatar
    Join Date
    Dec 2009
    Location
    Miami, Florida, USA
    Posts
    371
    Thanks
    3
    Thanked 43 Times in 35 Posts
    Good decision.

  11. #11
    Star Lounger
    Join Date
    Dec 2009
    Location
    Winston Salem, NC, USA
    Posts
    58
    Thanks
    13
    Thanked 2 Times in 2 Posts
    The need for flash and Java depends on the sites you visit. Some sites require either or both and some don't. A lot of sites are getting away from Java now. I spend a large amount of time on Pogo (games) which requires Java for some of the games, but disable it when not on that site. In the upper left where the address block is you will usually see a little icon that looks like a small lego block, you can click that and turn on or off flash and Java (I think - lol)
    Last edited by shadow35; 2014-08-03 at 17:29.

  12. #12
    Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    66
    Thanks
    9
    Thanked 8 Times in 8 Posts
    The only popular app I know uses Java is OpenOffice and LibreOffice. Otherwise I see no reason to maintain it on a system unless you run an app that uses it.

    Flash is hard to avoid with all of the online video one comes across.

  13. #13
    3 Star Lounger SpywareDr's Avatar
    Join Date
    Dec 2009
    Location
    Miami, Florida, USA
    Posts
    371
    Thanks
    3
    Thanked 43 Times in 35 Posts
    And that's one of the very reasons to use Chrome: Flash is embedded in Chrome and Chrome automatically updates itself.

  14. #14
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,782
    Thanks
    84
    Thanked 343 Times in 309 Posts
    Quote Originally Posted by SpywareDr View Post
    And that's one of the very reasons to use Chrome: Flash is embedded in Chrome and Chrome automatically updates itself.
    Internet Explorer has had automatic updates including Flash for years too.

  15. #15
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,914
    Thanks
    32
    Thanked 260 Times in 254 Posts
    Intel's auto detect is another that requires Java, but until you need it then it's best disabled in browsers.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •