Follow Us

War on Error

New Year resolution 2013 - ditch Java



Not even Oracle’s recent security overhaul to Java Development Kit 7, Update 10 (JDK 7u10) deserves to save its seat on the average non-business PC, a slew of informed experts have argued. I'm not about to disagree.

We’ve written about Java and its security problems before and certainly the update addresses some of the concerns that have been an issue for years and years. For a start, anyone installing the new version will from now on get a dialogue box warning when the plug-in is out of date and a control panel allowing various types of Java application to be assigned one of four security levels.

Great.

But, in truth, very few consumers really need Java; most of the improved security in JDK 7u10 will benefit the real customers of Java, namely business users running applications written to use it.

The message for everyone else is don’t simply update but de-install, and do the same for browser plug-ins (after making sure not to confuse it with JavaScript).

Perhaps the biggest Cause for Java anxiety is not simply that it is still one of the most targeted types of software on PCs but that Oracle, the company now tending its development, is still seen as tardy.

In the words of nCircle director of security, Andrew Storms:

“The Java 7u10 includes a number of new features designed to bolster security, but when I make a list of software people should uninstall, Java is always near the top. New features notwithstanding, Oracle still has a long way to go to improve security.”

“Oracle has done lousy job addressing Java security throughout 2012 and there’s no reason to expect they will change their approach in 2013.  They don’t communicate with their users about zero-day threats and are consistently slow delivering patches,” he added.

Another possibility - raised by Wolfgang Kandek of Qualys in 2012 - would be for Oracle to make whitelisting (i.e restricting which sites it can be used with) easier to access regardless of browser.

Let’s see. More likely, the legacy of poor Java security and the fact that it sits on millions of PCs in a vulnerable state will still be a discussion point for several New Years to come.

Enhanced by Zemanta

Tags: java, java development kit, javascript, oracle, oracle corporation, personal computer, qualys, security

RSSSubscribe to this blog

More from Techworld

More relevant IT news

Contact Us

For editorial queries:
Mike Simons Mike_Simons@idg.co.uk

For website issues:
Email webmaster@techworld.com

For commercial queries
Russell Kearney russell_kearney@idg.co.uk


For more contact details click here.


Email this to a friend

* indicates mandatory field





Techworld White Papers

Optimising data protection for virtual environments

VM environments require the same level of data protection as does the physical server environment. Companies may use data protection tools built for the physical environment in the virtual world, but this has serious disadvantages.

Download Whitepaper

PCI Compliance: Are UK businesses ready?

Exploring the results of a recent survey, including: ? Levels of understanding of the standard ? Current perceptions of actual compliance status ? Attitudes toward addressing compliance

Download Whitepaper

Mobility Management for Dummies

Your complete guide to managing and securing mobile devices such as laptops and smartphones.

Download Whitepaper

Magic Quadrant for midrange and high-end NAS solutions

It is difficult to find one midrange or high-end NAS product that can cater to all needs. File systems embedded in NAS are often designed to solve one major pain point, with additional features being added later to broaden use cases and benefits.

Download Whitepaper

Techworld UK - Technology - Business

Oracle Video

Enabling agile and intelligent businesses

 Changing markets, competitive pressures and evolving customer needs are placing increasing pressure on IT to deliver greater flexibility and speed. Explore truly flexible SOA foundations with this Oracle video.

Watch
COLT White Paper

IT Misuse Survey

Complete this survey and you could win a Nexus One

Techworld are running a short survey to discover how UK businesses are managing Internet and email misuse in the Enterprise.

Complete Survey

Complete our survey and you could win a Sony E-book Reader.
Techworld have teamed up with HP to compile a survey relating to server virtualisation. Complete the short survey and you could be the lucky winner of a Sony E-book reader.

Complete the survey here

Site Map

Test