Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Blogs

War on Error

John E Dunn

New Year resolution 2013 - ditch Java

Article comments

Get rid of it

Not even Oracle’s recent security overhaul to Java Development Kit 7, Update 10 (JDK 7u10) deserves to save its seat on the average non-business PC, a slew of informed experts have argued. I'm not about to disagree.

We’ve written about Java and its security problems before and certainly the update addresses some of the concerns that have been an issue for years and years. For a start, anyone installing the new version will from now on get a dialogue box warning when the plug-in is out of date and a control panel allowing various types of Java application to be assigned one of four security levels.

Great.

But, in truth, very few consumers really need Java; most of the improved security in JDK 7u10 will benefit the real customers of Java, namely business users running applications written to use it.

The message for everyone else is don’t simply update but de-install, and do the same for browser plug-ins (after making sure not to confuse it with JavaScript).

Perhaps the biggest Cause for Java anxiety is not simply that it is still one of the most targeted types of software on PCs but that Oracle, the company now tending its development, is still seen as tardy.

In the words of nCircle director of security, Andrew Storms:

“The Java 7u10 includes a number of new features designed to bolster security, but when I make a list of software people should uninstall, Java is always near the top. New features notwithstanding, Oracle still has a long way to go to improve security.”

“Oracle has done lousy job addressing Java security throughout 2012 and there’s no reason to expect they will change their approach in 2013.  They don’t communicate with their users about zero-day threats and are consistently slow delivering patches,” he added.

Another possibility - raised by Wolfgang Kandek of Qualys in 2012 - would be for Oracle to make whitelisting (i.e restricting which sites it can be used with) easier to access regardless of browser.

Let’s see. More likely, the legacy of poor Java security and the fact that it sits on millions of PCs in a vulnerable state will still be a discussion point for several New Years to come.

Enhanced by Zemanta

Share:

More from Techworld

More relevant IT news

Comments

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *