Programs like NoScript

Story: Java Security Vulnerability – How To Disable Java In Linux BrowsersTotal Replies: 4
Author Content

Jan 12, 2013
1:04 PM EDT
Programs like NoScript block Java, Flash, and Java Script for all sites except those the user adds to a white list. If everyone ran these tools or they came installed by default in browsers it would probably make drive by attacks less common. Also as an added bonus advertisers would go back to the GIF format, which granted sometimes makes for a larger file, but it doesn't jump out all over the screen and spread malware... I hate Flash ads!

Jan 14, 2013
2:03 PM EDT
Removing Java from your system or not installing it in the first place is far more effective than any plugin out there.

Jan 14, 2013
2:37 PM EDT
First of all their is nothing wrong with Java for applications its no different and no less secure than any other VM abstracted application layer such as .Net, unfortunately its tied to the web plugin because its distributed with the JRE. I mean do folks actually use Java on the web nowadays other than on company intranets, I dabbled with it back in the 90's but thats a long time in tech terms.

Oracle needs to separate it out and have them as separate downloads so that the plugin doesn't get installed when using Java for desktop based applications. This is the most sensible option and I have no idea why they don't do it, pure silliness in my opinion to lump them together.

Mind you im biased as I like Java and I don't like to see it suffer and get a bad name on the desktop because of the crappy web plugin.

Jan 14, 2013
3:44 PM EDT
I have to agree about it making sense to separate the Java browser plugin/sandbox from the virtual machine itself. I'm rather ambivalent about virtual machine based languages in general (though I have used several Java programs, and I have programmed in Perl and Python, which is not so completely different). Still, the vulnerabilities are in the sandbox (or perhaps in the principle of trying to sandbox the extensive functionality of something like Java in the first place).

Jan 14, 2013
4:08 PM EDT
I agree with you, Koriel. Perhaps I didn't make my point clearly enough. Too many people install Java automatically just for the browser plugin and do it as a matter of course, not because they specifically need a Java based website. Heck, many Linux distros install Java by default; lock, stock and barrel. Those practices need to change.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!