Is it safe to use Java for non-Internet applications?

Topic

New Reply

An application that I want to install requires it, giving the instruction, “Please install Oracle JRE or JDK version 1.6 or later.” If I disable it in my browser, am I then safe? Which one of those would be preferable?

Thanks,
Ellen

Reply | Quote

Replies

Hi,

Yes, if you disable it in your browser, you should be safe enough.

Reply | Quote

JRE is only 30MB, but JDK is 125MB. So if you don’t need the Development Kit, just use the Runtime Environment:

Which Java package do I need?

JDK: (Java Development Kit). For Java Developers. Includes a complete JRE plus tools for developing, debugging, and monitoring Java applications.

JRE: (Java Runtime Environment). Covers most end-users needs. Contains everything required to run Java applications on your system

Java SE Downloads

Bruce

Reply | Quote

This may sound dumb…..but I don’t get it?

What’s all this angst about Java? I’ve been installing it on all my computers since……I can’t even remember not having it.
I turn off the Java Scheduler, but then I update it manually about once a month or when the new updates come out.
I always update it as well, on my customer’s PC’s, when I’m there for a repair or regular Tune-Up.

Obviously the scare tactics have worked, because of threads like this one.

😎

Reply | Quote

This may sound dumb…..but I don’t get it?

What’s all this angst about Java? I’ve been installing it on all my computers since……I can’t even remember not having it.
I turn off the Java Scheduler, but then I update it manually about once a month or when the new updates come out.
I always update it as well, on my customer’s PC’s, when I’m there for a repair or regular Tune-Up.

Obviously the scare tactics have worked, because of threads like this one.

😎

Java exploits posed a very real threat and at one time it seemed as if Java were bringing out patches every week and even Java advises not to have it permanently enabled, which is why they added the console Security feature to disable it in all browsers.

Java updates previously were only about twice a year, but they take the threat that seriously that they now update on a monthly basis.

Reply | Quote

Summary: The latest release of the Firefox web browser boosts browser security and stability by blocking Java software component plug-ins from loading by default.

http://www.zdnet.com/firefox-26-bumps-up-security-by-letting-users-screen-plug-ins-7000024120/

Reply | Quote

No worse than Microsoft, , , Eh?

Only MS Updates can totally disable a computer. I’ve never had anything from Java do that.

Oh well, to each his own. To some people, Peanuts are as deadly as arsenic. :rolleyes:

😎

Reply | Quote

No worse than Microsoft, , , Eh?

No. Worse than Microsoft:

35827-rangliste_sw_nach_exploits_en_01_af6a2eaad3

Adding together all of the attackers that are currently threatening the different versions of Java results in an overall total of over 82,000 attackers, thus making Java the top vulnerability for exploit attacks.

Adobe & Java Make Windows Insecure

Bruce

Reply | Quote

Java has been the major gateway for infections for the last 2-3 years.

Reply | Quote

Java has been the major gateway for infections for the last 2-3 years.

This, and Bruce’s pareto above, amount to a rather inconvenient truth for some people I fear.

It’s not just web-based Java threats; there are plenty of other vectors for a malicious Java applet to be launched. In my opinion, if the OP absolutely must have Java then he should turn it off in the browser as a minimum, but far better not to have it installed in the first place.

Personally, I won’t allow Java anywhere near machines that I’m responsible for unless I absolutely must. I’ve come across just one line-of-business application this year which required Java to run – it’s a proprietary tool that establishes a secured communications channel used to access and control remote equipment, and has no alternatives.

The users of the machines that require this software are given the tools that they need to do their jobs, but I don’t like having a potential a backdoor in my network. 🙁

Reply | Quote

I have a couple of simple applications which are run as .JAR files, and for those I use the jPortable portable Java.

http://portableapps.com/apps/utilities/java_portable_launcher

This is probably not relevant to an application that needs to be locally installed, but it does a good job of restricting Java’s influence only to where it’s needed, if you can use it the way I do. I thought I’d mention it anyway.

Reply | Quote

Java flaws were responsible for 91 per cent of all web-based exploits in 2013

Bruce

Reply | Quote