back to article Oracle gives 21 (new) reasons to uninstall Java

Oracle this week pushed an updated version of its Java runtime environment that fixes 21 security vulnerabilities, 19 of which allow attackers to remotely install malicious software on end-user machines. The company recommends users install Java 6 Update 24 as soon as possible, but before readers follow though, allow us to …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Up

    way ahead of you there

    Uninstalled Java, due to the fact that despite constantly patching, chattering over the network and being a general asspain, the Java updater never seemed to keep Java up to date, and installed versions were often vulnerable to already (theoretically) fixed bugs.

    So far, the only difference that I have noticed is that I am unable to try Minecraft out. Probably for the best. All other java software that I had was easily replaced elsewhere. The net effect of getting rid of it was beneficial.

  2. Primus Secundus Tertius

    Open Office needs Java

    Open Office needs Java to support its lesser-known file formats: as examples, docbook and MS_XML_2003. However, it does not need Java to support odt/doc, ods/xls, and odp/ppt.

    Open Office would be a much cleaner product if those Java dependencies were eliminated. But I guess that means replacing the Java class libraries, not just the code. Should be possible in C++, though.

    1. MacroRodent

      LibreOffice working to remove it

      The LibreOffice fork has getting rid of Java as one of it's goals. For example, the intend to rewrite the database part to work without Java (see Java-related items in http://wiki.documentfoundation.org/Easy_Hacks )

  3. David Webb

    Unless

    Unless your broadband goes down and you need to access BT's speedtester, ever try downloading Java on dialup speeds? It takes a long time. Or you use a Cisco and need to use their software which seems to use Java AND Flash, stupid Cisco.

    1. Destroy All Monsters Silver badge

      Yeah...

      Or Java and Java-mediated calls to the Microsoft Windows API.

      About which I shall avoid adding an adjective.

      But I never considered Cisco again.

    2. Anonymous Coward
      Anonymous Coward

      If you are referring to WebEx - not really

      WebEx runs fine (within the official documented functionality limits) on Mac Linux which does not have flash and has no chance of getting any.

    3. Grease Monkey Silver badge

      Cisco?

      "Or you use a Cisco and need to use their software which seems to use Java AND Flash, stupid Cisco."

      If you need to use the Cisco GUI then you probably shouldn't be messing with it. You don't need Java or Flash at the command line.

      1. Anonymous Coward
        Paris Hilton

        Your dick is bigger than mine

        Few things irritate me more than people demonstrating how superior they are by pontificating on how using the command line is what competent people do, eschewing more advanced user interfaces.

        Going down ... for being a dick.

        Paris: obviously.

        ps: My bank requires Java, as does almost every other bank in this country (denmark)

        1. Anonymous Coward
          Anonymous Coward

          Er...

          "eschewing more advanced user interfaces."

          Surely the whole idea of GUIs is to be simpler than the command-line, not as powerful? It's pretty inescapable that pointing at things and clicking is easier but less powerful than using a formal language.

    4. Anonymous Coward
      FAIL

      Confused

      If your broadband has gone down, how would you even access BT's speed tester? And if it had gone down, do you really need a speed tester to tell you that you're getting 0kbps?

      Other than that, all your argument is complaining about something which is quite big, taking a long time to download over dialup speeds. Well, yes.

      1. Anonymous Coward
        Anonymous Coward

        @Confused

        Because BT will refuse to do anything until you've at least tried to run the tool. I know. I've had issues recently and it still had to be done.

  4. Anonymous Coward
    Megaphone

    This

    Pleasepleasepleasepleasepleaseplease . . . let Larry's hubris be the death of Java. The mantra of "write once, run anywhere" has become "write once, run somewhere . . . maybe." Assuming you have just exactly the right JVM and the developer has not snuck in some platform-dependent code and is not, in fact, a chimpanzee turned loose on a laptop as a lark, the Java code might execute properly. Or you might get a big red stop sign saying "FUCK YOU, YOU STUPID WHORE. YOU'RE RUNNING JAVA. WHAT THE FUCK WERE YOU THINKING?"

    The final sign that Java had jumped the shark was that IBM started using it (Eclipse, that is, and anyone who wants to lecture me on the difference can do something that mentioning in this post would undoubtedly cause it to be rejected) as the GUI framework for Load of Goats, which, in terms of user experience improvement, is roughly analogous to smearing feces on a pig.

    Death to Java!

    1. Destroy All Monsters Silver badge
      FAIL

      Did you just...

      ...enroll in a freshman programming course?

      Knowledgeable people generally dont have such strong opinions.

      1. Gerhard Mack
        Stop

        @Destroy All Monsters I disagree

        I'm a sysadmin who has gotten burned far too many times by Java updates breaking things. My favorite so far has been the Java update that broke the app that Cisco uses to admin it's firewalls and forced me to install beta Cisco firmware to work around.

        1. Destroy All Monsters Silver badge

          That's the app writer's problem...

          Not Java's problem.

          Cisco should be able to hack this. As usual, their Quality Control is made by a rat in the cellar paid by 5% taken off someone's support license.

        2. Anonymous Coward
          Anonymous Coward

          @Gerhard Mack

          Ever tried using Java + NTLM proxy + SSL? Bug first reported in 2007. Fix is just going in to 1.6.0_25. Of course, the fact that most of my customers have strict IT rules on installing new version of software means they won't benefit from the fix until about 2015 at the earliest...

          I do wish Java would just go away

        3. Anonymous Coward
          Anonymous Coward

          @Gerhard Mack

          Complain to Cisco - there coding is shocking, and an example of how incompetent programmers can bugger up the "write once, run anywhere" principle by applying sufficient amounts of pig-headed ignorance. That goes for all cross-platform Java issues I've encountered.

      2. Ben Holmes
        Happy

        That's because...

        ... knowledgeable people ceased to give a shit years ago. We just accept it for what it is, curse the fact we have to use it, get over it and move on.

      3. Tom 13

        I've had thoughts similar to the ones you are criticizing from time to time.

        It has nothing to do with Java per se, and more to do with the idiots writing (or to be more precise, NOT writing) the code I have to support in my daily job. Twits still haven't updated their code base to a SUPPORTED version of Java and I've now been here for a year and a half. And it doesn't play well with the other app that uses a supported version of Java, and yes, frequently people who need the first app also need the second.

  5. Destroy All Monsters Silver badge
    Dead Vulture

    ohlookitsthisthreadagain.jpg

    "Try uninstalling Java altogether. This will dramatically shrink the attack surface of your machine, and unless you use a handful of specific applications, you'll never notice the difference."

    I don't know what's going on here, but we already had that exact exhortation about a month ago or so.

    Has the Microsoft check cleared or something?

    1. Anonymous Coward
      Anonymous Coward

      Or ...

      Perhaps, like me, they find Windows and Java equally awful.

      Some of us have come to the conclusion that Java is awful. We did that on our own merit, and without being bribed, cajoled or manipulated.

  6. Anonymous Coward
    Anonymous Coward

    Java usage going up

    Actually I've noticed more sites switching to Java from Flash lately, I know I wouldn't get far without it on my machines.

  7. Anonymous Coward
    FAIL

    Uninstall Everything

    If you are going to uninstall everything with a security flaw in it, you might as well forget owning a computer: MacOS, Linux, Windows, BIOSes, Java, .NET, the whole lot can go.

    Its fun to write dumb articles like this one, but giving companies grief when they publish security fixes is a pretty bad strategy - it is only going to encourage companies to hide their flaws.

  8. Ben 56
    FAIL

    Why not...

    uninstall Microsoft .Net - just like Java, except its updates are forced with Windows updates so you don't see them, didn't you know that? Perhaps you should also suggest Adobe products or even Windows itself

    Stop scare mongering. Chances are if people have it installed already it's because an app on their system needs it.

    1. Grease Monkey Silver badge

      .Net

      "Why no uninstall Microsoft .Net?"

      Never installed it in the first place, matey. You might need it in a corporate environment, but otherwise no.

      Too many people just install everything rather than taking a decision on whether they need it.

      1. Fuzz

        .NET != corporate

        I think I might have more .NET apps on my home PC than my work one, it is, at the very least a close thing.

        Java on the other hand is a very corporate affair, lots of those at work and very few at home.

      2. Anonymous Coward
        FAIL

        Right...

        Presumably if they're installing it... it would be because they need it...

        However in the case of .Net unless you're still on XP then chances are you already have it....

  9. Fred Flintstone Gold badge

    Sadly..

    .. Openoffice depends on it :-(.

    1. Grease Monkey Silver badge

      Really?

      "Openoffice depends on it"

      Really? I'd better not tell my PC that. Openoffice might stop working if it finds out.

    2. Chemist

      "Openoffice depends on it"

      Turning Java requirements off is an official way of speeding-up OpenOffice startup

  10. Anonymous Coward
    Alert

    Formula 1 live timing

    ....I need it for this. (oh and a few porn sites too)

    1. Anonymous Coward
      WTF?

      This may be a daft question,

      but what does a porn site need with java?

      1. Apocalypse Later

        what does a porn site need with java?

        It's what they used to program the robotic hand.

  11. Anonymous Coward
    Go

    Maybe in a couple more months...

    Right now, I've got a research project consisting of about 14kLoC, which I don't exactly feel like rewriting over a weekend. And the "write once, run anywhere" property did work well enough for me. It allowed me to write the code on a Win7 machine with graphics and benchmark it on a RedHat cluster just fine.

    However, I think after this, that'll be the end of it. Anyone have any suggestions for a good alternative language? Something object oriented, with good GUI support, besides C++? Never could get my head around C++ somehow.

    Go; cause it's time to.

    1. Anonymous Coward
      Anonymous Coward

      You want options? ....

      Python perhaps? Ruby was all the rage recently, but its memory handling remains leakier than java's. Crusty old sysadmins would probably do OO in perl just because. Or if you're a Real Academic, lisp (or its cousin scheme) of course; you'll hash out any missing OO infrastructure with but a few definitions. If you're more of the low-level persuasion you could do it in even less FORTH words. That's not OO-y enough? What about smalltalk? Oh you wanted something modern? Haskell is de rigeur in some circles.

      That a bit too many options? Try the first one, or else explain a bit more about what sort of research project you're talking about, as in what type of coding you tend to write.

      1. Destroy All Monsters Silver badge
        Go

        Or maybe

        Clojure or Scala or Groovy. Run on the JVM.

        1. Anonymous Coward
          Anonymous Coward

          Did I miss something?

          Surely the point was to get away from Java bugs?

          1. Anonymous Coward
            Megaphone

            @OP

            Delphi. Or preferably Delphi's funky open source and cross platform cousin Lazarus.

            They are both dialects / derivatives of object pascal, which is often dismissed as a toy language or a teaching aid. It is however surprisingly powerful and a metric fuck-ton faster than Java for scientific or maths stuff.

            1. sT0rNG b4R3 duRiD

              Never heard of Lazarus, tbh.

              I didn't like Embracadero's pricing plan a while back so I've not really followed Delphi since.

              Object pascal is quite interesting but if you already know c++, I can't really see the point in learning something else that is less popular and not free (ok I admit, I am discounting Lazarus here) and with a future that's not completely quite certain.

              (I'll grant that c++ is horrid and fugly)

          2. Destroy All Monsters Silver badge
            Pint

            "Surely the point was to get away from Java bugs"

            In this universe, you don't get away from bugs.

            You can just trade them in for others.

      2. Anonymous Coward
        Happy

        Mmm.. options, tasty....

        Well, since I don't need to start on any new projects soon, I can't really say precisely what I need. But, essentially, I'm looking for a general purpose language, that's able to tackle a wide range of problems effectively. As an example from the previous project mentioned, some chunks were written with an object oriented approach, (the data structures and overall hierarchy primarily) some were written procedurally, (just cause it's straight-forward) and still others were written in a functional manner (some math routines.) So, Java and C++ are nice in that it's easy to take and mix various styles of programming to whatever best suits a subtask. Of course, I could make some "perfect world" requests, such as fast execution, easy to read and write, portable, dev-safe, concurrency support, etc.. FWIW, I do tend to use Perl for quick and dirty scripting and MATLAB for heavy math. I would expect that I'd be using the language primarily on desktop type machines, though the occasional cluster wouldn't be out of the question. I guess I'm mostly wondering if there's a successor to C++ and Java yet.

        I've heard of most of those... Though just the thought of doing heavy programming in a number of those would probably drive me crazy (Lisp, Scheme, Haskell) I had heard good things about Python and Ruby, so it's nice to know that Ruby has memory issues. Of course, I've heard good things about C# too, though it's not really portable outside MS land. And it appears that C++0x still hasn't landed yet. =( So, it sounds like I should check out Python the next time I've got a new project to play with.

        1. Richie 1

          That MATLAB code your writing means you still need Java

          Or at least, it does if you use more or less any of the features of the the MathWorks IDE.

      3. Anonymous Coward
        Anonymous Coward

        Smalltalk, you say?

        The Pharo project is making great strides towards bringing Smalltalk a bit more up to date.

        http://pharo-project.org/home

        And it has to be said that even Smalltalk-80 makes Java look like a poor-man's version of OOP (which, to be fair, it literally is - Sun wouldn't pay the license fee for ST so they did their own half-arsed version instead).

        There is some merit in your FORTH suggestion too, but I don't think the mass market is going to get excited about that in the foreseeable future. To put it mildly.

        1. Anonymous Coward
          Happy

          Smalltalk

          I spend about 2/3 my time at work developing in Smalltalk with the rest in C++ with some C# and Java. Smalltalk blows these others totally away for productivity, maintainability and dev. environment. It's also the best for test driven development. We can train a new developer in Smalltalk in a couple of days max. Once you 'get' Smalltalk you wonder why everybody isn't using it.

          Ckeck out Pharo Smalltalk (great for web development using Seaside and totally cross platform) or Dolphin Smalltalk for mega cool environment but Windows only. Othe commercial implementations are VA Smalltalk from Instantiations and Visual Works from Cincom.

    2. Displacement Activity

      NFTR

      I had the same problem a few years ago. I would just bite the bullet and learn C++; you can read 'Accelerated C++' in a couple of weeks. It's not pretty, but it more or less does the job. My 'research project' is now getting on for 100KLoC, and I'm pretty sure I would be shafted if I'd used a proper language instead.

      My next few w/ends will be taken up with trying to move it all from MinGW to MSVC.. :(

    3. Anonymous Coward
      Boffin

      Smalltalk

      Pure OO. Just get stuff done, quickly and efficiently and stop spending time massaging a stupidly complex syntax.

  12. Anonymous Coward
    IT Angle

    java..that still kicking?..

    Yeh uninstalled java a long time ago. Not to many things require java unless you deal with enterprise stuff alot which is only usually at work. I don't think I have come across any general websites that require java. Remember java and javascript are completely different.

    Good advice overall. I think alot of people over-estimate the importance of java on their machines. I find it's disappearing more and more as time goes on. Glad I stopped learning it early on as I saw cottoned onto the fact what was promised was rarely delivered in reality.

    1. Anonymous Coward
      Anonymous Coward

      There's a lot more Java than you think there is out on the web

      If you set the Java Console to launch when Java is in use you will notice it comes up fairly often on a wide range of web sites.

  13. Major Variola

    The universe is written in Java

    The Universe is written in Java. Everything else is a historical contamination or worse, a microsoft infiltration.

    Politics aside, Java is awesome. Oracle needs killing, but Java will persevere.

    1. Eddie Edwards
      Happy

      Ob XKCD

      http://xkcd.com/224/

    2. Anonymous Coward
      FAIL

      Aaaahhhh ...

      Just bollocks, on so many levels.

    3. Matt Bryant Silver badge
      Boffin

      RE: The universe is written in Java

      <Sighs> Ever heard of a geezer called Dennis Ritchie? I have a T-shirt somewhere that states "Real coders do it in the C-shell", with ".....but only 'cos those that know assembler are all dead!" on the back.

      1. Destroy All Monsters Silver badge
        Thumb Down

        C-Shell, huh?

        That is fail on so many levels.

        Any shell is better than csh

      2. Apocalypse Later

        those that know assembler are all dead!

        Not all. Some of us are just old.

        The problem with being old is that no one listens to you anymore. This would be less frustrating if I wasn't always right about everything.

  14. amanfromMars 1 Silver badge

    The New Yin to that Tired Old Yang

    "Oracle this week pushed an updated version of its Java runtime environment that fixes 21 security vulnerabilities, 19 of which allow attackers to remotely install malicious software on end-user machines."

    Dan, Hi,

    For Any and All into Command and Control of Computers and Communication for Creative CyberSpace Programming, is Java a Prime Facilitator with its Remote Installation Utility for those delivering SMARTer IntelAIgents Software for Virtual Future Projects ....... Concerted Cloud Compositions with a Cacophony of Choice CodedD Campaigns to Catalogue and Cherish with Compliance and/or Complicity.

    One just can't have end-user machines doing whatever they like, can we, for that would be as an Open Invitation to CHAOS and Anarchy and that is no NEUKlearer HyperRadioProActive World Order Programming, is it, for that is just more of the same old nonsense as is being presently provided.

    1. Anon the mouse
      Thumb Up

      Back for a vist??

      Your not dead................

      Don't leave us again.

  15. G2
    WTF?

    tried RuneScape on windows, linux, os x?

    ever tried playing RuneScape without java?

    give me a way to play RS without java on all the computers that i use (OS: Windows, Linux, MacOSX) and i will gladly take it, until then java is the ONLY way.

    1. Anonymous Coward
      Anonymous Coward

      Runescape?

      "ever tried playing RuneScape without java"

      No. Nor have I ever tried running RuneScape. Nor will I ever try running RuneScape.

    2. sT0rNG b4R3 duRiD
      FAIL

      Runescape

      LOL

  16. Peter Galbavy
    Thumb Up

    what an excellent idea

    No, really. I never thought this through - bad me - but so little depends on Java anymore and this laptop is not my work PC where we need Java lots. Let's see what breaks - I suspect very very little.

  17. Michael H.F. Wilkinson Silver badge
    Boffin

    There is a lot of scientific stuff in Java

    Therefore I cannot do without it (alas, I prefer coding in C(++))

  18. Anonymous Coward
    FAIL

    Sure....

    ...oh hold on, that means I can't do my job.

    Do you know how many business web apps use java? Pretty much cripple my access to telecoms hardware and I know the same goes for a lot of network kit.

    1. Anonymous Coward
      Anonymous Coward

      Not _real_ networking kit, it doesn't.

      I recall a certain industrial ethernet switches manufacturer sponsoring a certain heavily networked conference full of nerds just to see if they'd held up in that environment so differently hostile than what it usually caters to. The accompanying representatives* kept hearing from the network techs that the CLI stuff just _had_ to get better because a java UI just wasn't acceptable. And it isn't. It is a massive waste of productivity and blocking off of automation opportunities. If it hadn't had a CLI at all, the networking people would have flat-out refused to touch the kit and made do with whatever else they could find.

      This, by the by, is exactly why part of the evaluation is "does it do CLI?" and that's not a GUI, not "web managed", not a TUI. It's using ssh or a serial terminal** and typing commands telling it what to do. And then, as part of the evaluation, just as much as testing all the other things you require the stuff to do, you test the CLI for functionality too.

      Who buys the gear you work with and what's their excuse for buying stuff unfit for purpose?

      * There for providing the inevitable software updates, and yes there were a few.

      ** Likely emulated. Few cart around glass terminals these days.

      1. gnufreex

        No true scotsmen

        http://en.wikipedia.org/wiki/No_true_Scotsman

        1. Anonymous Coward
          Anonymous Coward

          You seem to imply

          that other people's demonstratably bad choices invalidate assertions as to what would make better choices. I disagree with that. Now, an RMA on these scotsmen, please?

  19. Anteaus
    Thumb Up

    Been doing that for years.

    It must be a decade since any major website used Java. Most people don't realise that though.

    One of the key issues used to be (and maybe still is) is that new Java versions don't remove older ones. And, java apps can dictate which of several versions present is to be used. Thus, upgrading confers NO security advantage UNLESS you also manually remove old versions. The more old versions still gathering dust in Add/Remove Progams, the wider the attack-surface you are presenting to malicious websites.

    An alternative to removal (if for example you use OO) is to turn off Java in browsers. You can do this with the settings, or a more secure way in Mozilla browsers (which applies to all profiles and can't be so easily over-ridden) is to modify the greprefs\all.js file:

    pref("security.enable_java", false);

    is the line you need to change, from true.

    1. Anonymous Coward
      Anonymous Coward

      Still very common on many trading websites

      If you want reliable, secure, high speed, OS independent code running client side from a browser, Java is pretty much your only choice. Flash + AJAX is getting there but it's a tradeoff between programming complexity and "just works".

      1. Anonymous Coward
        Anonymous Coward

        Yes, the financials.

        Who also regularly manage to write java that only runs on windows *sigh* but I digress.

        I have to note, though, that flash is still available on less platforms than java is, has only one closed-source implementation and generally suffers from historic bad choices in that regard, that java has made less of. So as soon as you use flash you're actually worse off on the interop ticket.

        Honestly I'll take java for the few apps that need it. But the point made in the article is that most people by far do not actually need java for anything at all, so might as well ditch it. And that is just prudence; especially in the light of various people here saying "oh right totally forgot about that". Doesn't mean you have to ditch it if you do need it for some reason.

    2. graeme leggett Silver badge

      Damn right

      Why isn't there even an OPTION to remove earlier versions?

      Why should we need third party tools like JavaRa to check how many old versions are laying unused on our systems and remove them...

  20. Squirrel
    Flame

    and just 1 irrevelant bugfix

    Oracle, you expect people to use your crap but don't actually make it work. Fixing the HTMLEditorKit/HTML Delegator has been looked over again.

  21. Colin Reid

    We need an Ellison Icon!!!

    Compared to other platforms, there are very few client-side apps that require java, but as some of the users noted above there are some very specific but very helpful apps out there. As a long term java developer, I have never written any published client side code - it's all code for servers which in the most part is not going to be affected by security problems since the VM is only running code that I write, not the code some scallywag wrote to pump my system full of crap.

    That being said, I think to boldly say to everybody to uninstall Java is a pretty strong statement, and something that is only going to contribute to the bad press Java has been getting recently due to the er-so-hated Oracle and it's fight with the world. These are troubling times for us Java developers, and I dont like reading articles liek this!

    Which brings me to another point - of all the icons I can attach to my ramblings on Reg, including Bill and Steve, surely it's time we had a halo/horns icon of Mr Ellison? In fact, you might has well leave out the halo image, it wont be needed ...

    1. Squirrel

      upvote for icon!!

      Ellison icon - subtext: Bleeding it dry

  22. Andy E
    Alert

    What about the OSX users?

    You can't easily uninstall Java from Apple's OSX. Might be an opportunity for the AV firms to sell a product to the Mac crowd. Looking forward to a useless bit of software that hogs all the resources, gets in the way when you try to do something and won't protect you from infected web sites.

    It's going to be just like Windows !

    1. Anonymous Coward
      Anonymous Coward

      I Wouldn't worry too much...

      I doubt that it's going to be part of the next OS X release!

  23. spencer

    Eclipse

    Unfortunately if your want a free IDE your still gonna have to put up with Java.

    1. sT0rNG b4R3 duRiD

      Is Eclipse all that good?

      Seems big and clunky to me. I don't want an IDE that bad if it means eclipse, tbh :P

  24. Tigra 07
    Thumb Down

    Almost...

    You had me on side Reg...

    Until this part anyway "Most OpenOffice functions work just fine on machines that don't have Java installed."

    Most isn't good enough for me so i'll have to suffer with an updated and barely used Java.

  25. Meep!

    one word....

    Just one word.... MINECRAFT!

    ...before that I could live without Java - but not any more :)

  26. Paratrooping Parrot
    Flame

    Java updates

    As I develop in Java, why is it that I have to download 70Mb every few weeks to update the JDK? Why can't they get a patching system implemented? Grrr!

    1. Thomas Wolf

      ...you don't *have* to....

      First of all, in general JDKs don't appear every few weeks - in the past, we've been lucky to see one or two per year. Second, who's forcing you to update the newest JDK? The APIs don't change for all these security updates, so unless a given release fixes some *must have* bug, why are you downloading the JDK each time? In my group, we're developing a rather large client/server app and the developers in the group have anywhere from JDK 1.6_10 to JDK 1.6_23 installed on their machines - and everyone's pretty happy.

      If you just want to feel secure, why not just update your JRE? That's a much smaller install.

  27. John 62

    JEdit

    Slow and hasn't been updated for a while, but quite handy. Otherwise I can't think of any other reasons for Java.

  28. hex
    Unhappy

    Eclipse saves the day

    I'd gladly uninstall this piece of crap framework, made for lazy and BAD, yes BAD, programmers but I absolutely love Eclipse IDE and use it for a lot of languages/projects. Damn.

    1. Thomas Wolf

      ...inflamatory drivel...

      I've been writing in Java for about 10 years. Prior to that 5 years in C++. Prior to that 5 years in C. Prior to that 4 years in Pascal and Assembly Language. If I had to hazard a guess, I'd venture to say that I'm a far better programmer than you are. So, no, Java is not just for bad, lazy programmers.

      But, like any popular programming environment with wiz-bang tools to automate the production of code, it does attract its share of programmer wanna-bes. I've been on the Netbeans mailing list for 8 years now - in the last 5 years or so, the types of questions that get asked in that forum have definitely deteriorated. Nowadays, we get a lot of questions about "Java" - because the people asking the questions don't know where Netbeans ends and the language starts :-(

  29. Arturski
    FAIL

    ms: java please

    Funny enough Microsoft use the Java Platform to power the download manager for large files.

  30. PeterG
    Gates Halo

    MSI Delpoyment

    On our Windows (Yes I know!!) Network we fire out the Java Updates using the MSI that is in C:\Users\Username\AppData\LocalLow\Sun\Java (Windows 7) when you start to install the Offline version from the java website. Saves hassle and we need java so the PCs can access 3rd party apps such as banks etc.

  31. Anonymous Coward
    Anonymous Coward

    As I play Minecraft I need Java

    As above

    Minecraft addict = Java installed.

  32. Anonymous Coward
    Anonymous Coward

    Java is a beautiful programming language and very satisfying to program with.

    I use Apache Tomcat to serve up MySQL database access via Java Servlets. My Tomcat configuration uses OpenJDK.

    The applications, Applets and Servlets I write need zero-modification to run on Linux and Windows. My customers are using OpenJDK and Oracle's own version, seamlessly on Windows and Linux.

    Dan's argument seems to be an emotive finger pointing exercise: Look they have updated Java. Told you it was insecure!

    Dan, your article lacks a professional Journalistic feel and in my opinion undermines theregister.co.uk's credibility.

  33. Anonymous Coward
    Anonymous Coward

    Re: Java is a beautiful programming language

    I was just thinking that the article wouldn't be out of place in The Daily Mail.

    1. sT0rNG b4R3 duRiD

      Re: Java is a beautiful programming language

      It's a darn sight prettier than c++ but I know which I would rather use.

  34. Werner McGoole

    Java still has its good points though...

    Yes, Java has always had implementation issues, and distribution and updating is something I try and avoid using for as long as I can because it's always been a headache.

    But for prototyping complex apps (which is mainly what I do) I still don't know of anything better. It scales effortlessly as the project gets bigger and if I write a load of complex new code and it compiles and runs, then it's pretty much always running correctly. The amount of time I have to spend debugging Java code is tiny compared to other languages (and yes I've written lots of stuff in a wide variety of languages). For me, the advantages of easy coding in Java easily outweigh the disadvantages.

    So I couldn't live without it. But it's true that if you really don't want to use it you can probably manage to get by fine without it. The same is true of almost any piece of software, actually, as there's almost always an alternative (except flash, grrr). But if you're that paranoid you'll be removing everything from your machine. I just try and limit the amount of code that's accessed via the web by using noscript and only letting approved sites run stuff beyond basic HTML. That seems to me the best approach to security. Otherwise you'll forever be worrying about what you've installed and whether it's secure.

  35. Anonymous Coward
    Anonymous Coward

    Java in academia

    This reminds me of the following exchange between myself and a uni professor. I had noted in a report accompanying a java project that I had found that the application just showed up as a blank window when running the application with varying, supposedly compatible, SDKs and OSs. Code compiled on one SDK would not run on another and in some cases code compiled on a different OS would not run on another OS with the same SDK.

    He said "What is the point of java if it doesn't work on all compatible SDKs and OSs?"

    Indeed, sir, indeed.

    1. Destroy All Monsters Silver badge

      That's the problem with academia.

      They are so high in the taxpayer-funded ivory tower that the world looks an immaculate white.

  36. Anonymous Coward
    Dead Vulture

    I dislike this sort of cheap "journalism" too

    It seems to me this sort of article has parallels with the press pointing at the prime minister and saying "Look, he's listened to people and changed his mind. Isn't he weak!".

    In general, I'd say it's good for politicians to listen to people and admit when they're wrong. It's also good for software companies to fix their code when it's insecure. Of course, it's better if they don't get it wrong in the first place, but nobody's perfect.

    The problem with this type of so-called journalism is that it makes people less likely to admit their mistakes and correct them and I can't see how that benefits anyone really. So this article isn't actually serving the interests of its readership at all. Quite the opposite, in fact.

    In the IT context it is also, let's be frank, the cheapest basest sort of journalism you can do. You just look at some release notes (always plenty of those to choose from), find what bugs have been fixed (always a long list of those too) and come up with a suitably snide angle (not much imagination needed there). I could pick any other piece of software and do the same.

    I know the Reg is capable of better than this.

    1. Rafael 1
      Dead Vulture

      Re: I dislike this sort of cheap "journalism" too

      From the article: "We won't spend much time complaining about Oracle's legal broadside on the Android operating system, but that's another reason you may want to avoid Java."

      That explains it all for me -- Oracle is being bad to Android so let's us give Oracle a wedgie by uninstalling Java from our desktops.

  37. xryptic
    FAIL

    Ofc, uninstall Java, why didn't I think of that?

    Genius Plan!!

    I'll get right on that Java uninstall & keep my computer safe.

    And hey, as an added bonus I won't be spending so much of my time coding for Android anymore! Who cares if it's an enjoyable & useful pastime, much more important to protect my system from some future 0-day remote exploit menace obv, right?

    Nvm simpler, less extreme solutions; like how much easier it would be to simply disable Java in my browsers, or whitelist any sites I needed it for...

    >.>

  38. Chris 69
    Coat

    Don't blame Java for all it's Ills

    I've been doing Java for a number of years and IMHO there's not much wrong with Java per-se, but I have a HUGE issue with the way it has been taken up by the "lets just use someone else's framework" camps: Apache, Spring, Hibernate and so on, I'm looking at you!

    I'm currently having to fix someone else's code that uses Hibernate and guess what:

    - Something that should take one simple insert issues nearly FIFTEEN THOUSAND unnecessary select statements and then does an insert and an update just because it couldn't get the insert right the first time.

    - Their code can't run side by side with another web application because of jar incompatibilities and conflicts which everyone just says "oh you just delete the xxx.jar file from Jboss " but they ignore the fact that the server will then crash all the other applications it's running.

    -When things go wrong the stack traces show a call sequence so deep that the logging cuts it off with "... and 150 others.." and those 150 include the line in your code so you cant see why it happened.

    - And you cant turn on the logging because the frameworks all expect different incompatible logging APIs (BlazeDS anyone)

    - And I now have to write 20 lines of meaningless XML instead of one line of Java...

    It seems to me that all the anti-Microsoft bigots tied themselves to the Java camp and set about destroying it by reinventing the mistakes Microsoft had made in the past (DLL Hell) instead of doing it better.

    .... oh don't get me started ...after 40 years programming, there's a lot more where that came from!

    So basically... Java is screwed and it's the Java fans that are to blame! When it finally bites the dust, just hope they don't move in on your favourite environment and do the same.

    Mine's the one with an 80 column punch card in the pocket

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Chill, man.

      Been there, done that. I have a whole shell scripting portfolio to simply get the jars where they should be. As well as several separate JBoss/Tomcat instances if needed just to keep the cats separated and calm.

      For the logging, look at slf4j. It's s drop-in-replacing for all the logging badness out. Just replace the existing logging jars.

      Where's the gallic shrug icon.

    2. Daniel B.
      Unhappy

      The renagade frameworks...

      I think that the problems with Spring/Hibernate stem from the fight between the official EJB spec and the renegade Spring/Hibernate "spec". The latter one breaks compliant J2EE containers! Even when Sun capitulated and added the wacky Hibernate thingies into the EJB spec, the weird frameworks prevailed. We had one coder do his stuff using Spring/Hibernate and the result was unusable in our QA WebLogic Server ... there was no way we would pass that turd all the way into production.

      Mind you, the Entity Beans used up to J2EE 1.4 were pretty bad on their own, but Session Beans with their Container-managed transactions were really good.

    3. Stephen Sherry
      Coat

      Do horrible coders only stand out when they program in JAVA?

      My generation (~35 and younger), containing some of the laziest coders that have ever been pumped out of the college/university system, have done more than try to make JAVA look bad. They hate almost anything that uses something "harder" than VB code. *VB, ugh, I threw up a little in my mouth*

      Before my generation there were more good coders than bad. Now, not only are there more bad coders than good, but those bad coders also seem to complain the most about the tools they "should" use, and will go to great lengths to create huge amounts of code in a less efficient language, than just learn one that is more appropriate for the task and do it right the first time. It's almost like saying word problems are easier than solving the same problem in equation form.(ex. you start with 3 chickens, one of them breaks into your house and steals all your stuff and leaves town, how many chickens do you have left; vs. 3-1=?) Or that English is too hard so we should all just talk in baby speak. My favorite hobby is asking those bad coders, some of them friends, to step me through their code (I'm good a feigning curiosity and interest towards bad ideas and decisions). They write code like I write drunken philosophy papers, except I'm allowed to remember only the jist of it, and not more detail than that. If I'm asked to step a person through my code, they usually regret asking (the curse of a good and fast programmer, they ask because I used to code very fast. How dare they doubt me!? They get to learn about the whole program in detail as a prize till their ears bleed :-] ). They usually don't even understand what they are doing in the language they supposedly know, but they sure do interview well, and dress sharp, and have that successful styled charm.

      I wonder why there are so many software security issues in the first place? (not really, that's sarcasm) Mostly I see it is the combination of bad coders with short deadlines, which at least in the US is way too common. Also, the main topic of this article, security, is the last thing on most developers of this type's mind. They can barely get code out the door on time in an alpha state. And that is what gets them the paychecks; most of their managers are not programmers, so if they see it does what they asked, they say it is good... Cha-ching!!

      Now that I think about it, there may not be that many bad coders, they just do so much damage that it appears as though there should be an army of them behind it, or a conglomeration of developers conspiring to ruin the user experience, when it just comes down to a few lazy and stupid coders that trick their way into important and well paid jobs (or god help us, teaching positions). That's how my gen seems to play out their version of the American dream, by lying their way into it. Ugh... but I'm not bitter ;-P

      But what else can they do, businesses see IT drones as a dime a dozen (or any field for that matter). Many big projects see many different coders manipulate them in their lifespans, all with their own coding style, which guarantees something will get in there that shouldn't, even if it just wastes resources (ex. Windows 95-present, why does it need a supercomputer to do the same thing as we used much slower computers for 10 years ago?... well, "because that's what happens when new versions come out," they respond; sounds like faith to me. It's the video games really, but don't tell them that :P They like the "just because" reason, I think they feel smarter for having any answer at all, no matter how ignorant it is). To add to that, if you don't appease the management deadlines, you better have your resume ready. THAT is why this article misses the real issue, and that is why no matter how we try to be secure with our computers, we can never reach 100%, or be sure we even are 1%, a lot of our feelings of computer security are literally based on hope. As we all know many people are 0% secure, as they are bot-net drones. And if someone really wants your information, you are not going to stop them. Computers are leaky things, treating them like they can be secure is like saying a living thing can get through life without dying... it's just not a reasonable way of thinking. And wastes a lot of time that could be productive instead... Like not bitching about how insecure the world is and try enjoying life.

      And that's why I don't program any more, and stick with fixing computers. If I'm going to be marginalized, at least I can see happy faces when their problems are fixed. Which seems better to me than fearing that I could lose my job by doing it right... the security of JAVA are some of the last of my concerns, all of the people I clear infections from have nothing to do with JAVA, it's mostly OS-UI failures so far, though those tricks often use Flash or JAVA after the user clicks another "are you sure" window out of the way to get back to using their computer, or a pop-up facilitated by business friendly web browser functionality. Or more often than not, they are trying to use what they think is a free game or porn, completely java and flash free. The OS is the biggest problem in allowing programs to run without any user interaction because they like giving businesses ways to push their products on customers, security be damned. It's been this way since IE evolved and they deviated from the HTML standards; they did it to give more tools to businesses. I know, I was there! :-P And unlike most people, I don't have selective amnesia.

      Last but not least, web development. Most of the new developers I know wouldn't know their own code if they saw it. No potential security issues there, no sir. Thank you Dream Weaver :-D

      So JAVA? Is it good or bad for your computer? Well, compared to what? I have 3 .NET versions just so I can change my video card settings with the "advanced" interface. God only knows what .NET can screw up... aside from allowing a lot of lazy coders to participate in the development world (Odd, sounds just like JAVA, Dream Weaver, and VB *ugh, bile*). Bad ideas, shared between individuals, are more dangerous, and we don't need computers for that :-P

      If Oracle can actually get JAVA to be what we as users and developers actually would like to see, more power to them. If we're supposed to assume JAVA is a lost cause, then why should we care what Oracle does to it, or who controls it, or even how secure it is? Honestly this article gives me hope of being a journalist myself, as I tend to have strong opinions about things I can hardly explain (I am American after all). Not to mention the suggestion applies to things that have been problems for more than a decade and involve every major application we use on a PC, i.e. poorly secured software. I'd love to uninstall Windows, but all my games run on it, and it is damn handy. JAVA is damn handy too.

      Again, lastly, I wouldn't even have bothered commenting if the article was more objective in it's opinion, it's almost political in its style, especially in the lack of information as to why it has come to be this way. There was a time when you actually might need more than one version of JAVA on a system just to run all the apps no one wanted to update to the latest JDK/JRE (usually because their managers wouldn't let them, upkeep doesn't make you money, but new versions do). If you have written java recently, there's less to worry about, apparently. Complaining about JAVA now is like complaining about the robber barons, it's a bit late, and almost a wast of the energy to do it.

      Maybe someone will come out with a better free development kit that is easy to use... HAR-HAR-HAR-HAR-HAR!!!! OMG I kill me!! :-þ'

      Even with the change of ownership, JAVA has too much potential to just discard now. I've yet to find a home user who has had their security compromised by JAVA. Not that they don't exist, it's just not common enough. Most of them can't read Russian :P ZING!

      I always feel better after writing one of these long, rantish, article responses. Makes the dot.com bubble bitterness lessen each time. Damn, lazy, lying, sharp dressed, smooth talking, asses that ruined it for the best of us. Jerks!

  39. Thomas Wolf

    What an ignorant article

    The author claims that uninstalling Java will dramatically decrease your desktop's exposure to Viruses and such. And as "evidence" he offers up the increase in Java-based exploits. There are a number flaws in his conclusion: (1) any language/platform which gets increasing use will show this behavior - it's got nothing to do with Java per se. (2) The author has not mentioned the severity of the exploits nor any details about them - perhaps because he is ignorant of, or worse yet, wants to mask those because they would expose the article for what it is - needless FUD. I followed one of the links and found that this particular exploit required the user to download and agree to execute an anonymous jar - well, DUHHH - nothing to do with Java...if the same user had agreed to download an EXE, the same mayhem would have resulted. If the author could point to an instance where Java's mere existence on the machine caused an exploit (such as it running a deamon that listens on a network port) then he might have a case....but he doesn't.

    Aside from the security FUD, the author also throws around unsubstantiated claims that Java "failed on the desktop". I hear this being said a lot - but never with any evidence to back it up! Answer me this: if Java on the desktop is such a failure, why are there millions of Applets (lots of games) written in Java? Why have I and thousands of other private-industry developers been able to write Java clients for our corporate clients/employers? Just because the reporter doesn't see Java on his or his buddies desktops is meaningless. Java gets used *a lot* within companies....both on client and server sides.

    1. John 62

      Millions of applets?

      "Aside from the security FUD, the author also throws around unsubstantiated claims that Java "failed on the desktop". I hear this being said a lot - but never with any evidence to back it up! Answer me this: if Java on the desktop is such a failure, why are there millions of Applets (lots of games) written in Java?"

      You must show them to me! Or is your desktop a Blu-ray player? Or is my sarcasm detector a little wonky. Most little games are on the web and are made of ActionScript (aka flash)

      I've seen Java used for cross-platform UIs once or twice, but those were in Industry rather than the home.

      1. Thomas Wolf

        ...ok, you called my bluff :-)...

        ...I've never counted them, of course. All I know is that my mom (retired) seems to be whiling away most of her time on a casino site that uses Java for most, if not all of its games. Same with my daughter - although her preferred sites seem to be Flash-based.

        But doing a simple google search returns quite a few game sites. Near the top of the search was a site that just lists java game sites (http://www.compulink.co.uk/~toyne/javaders/netlistings.html) - have no idea how up to date that site is nor how many games individual game sites carry...but it's gotta be millions, right? ;-)

        I readily admit that "thick Java clients" are rare in the home. But the author didn't specifically call out Java's success in he home - he more broadly implied failure on the desktop - which includes corporate desktops. Over the years, I've helped write dozens of Java desktop apps in telecom, finance, academia, and security fields and I've seen hundreds others. And these apps are not of the hell-world applet variety either - substantial desktop apps, some of which run into the 100k+ lines of code.

    2. Anonymous Coward
      Thumb Up

      Well said

      that is all

    3. BossHog

      Seconded!

      *A lot!* +1

      There really is no alternative to the JVM - it is the most ubiquitous platform going.

      We really do write code on Windows PCs and deploy it to Linux servers, and it works great. I can only imagine how much of a pain it would be to have to cross-compile and worry about all that platform specific crud.

      Sure, the Java language has some annoying features, but Java also has some of most comprehensive, well-tested and well-understood libraries of any programming language *ever*, and all the tools & community help you could ever want.

      Java is the only industrial-strength cross-platform option.

      If all you want is the industrial-strength part, then yeah, you *could* use .NET... but you'll have to junk it all when Microsoft decide it's time for you to move to "Visual-C# @Cloud", or whatever comes next...

    4. Thomas Wolf

      An apology to Dan Goodin on part of my post

      I naively believed that Java did not increase the user's risk of virus infection because I thought that the only way a "jar" could execute on the user's desktop is if the user consented to it. I consider any such attack more of a "social engineering" feat rather than one that exploits the weakness of the platform. But Dan pointed out the naiveté of this thinking by referencing a couple exploit packs at least one of which made use of a flaw in Java Web Start whereby the program did not check command-arguments and could, potentially, run anything on the victim's machine...I have no way of checking whether the exploit can be performed without the user's consent - the exploit is for IE, which I don't have, but it certainly seems like it: http://seclists.org/fulldisclosure/2010/Apr/119

      Anyway, my post was rather crass and based on a naive belief in the Java sandbox. So my apologies to Dan.

  40. Big Al
    Thumb Down

    Bank says no.

    My bank demands that I use Java if I want to access my account online. (They also demand that I have a mobile phone to send single-use authentication codes to).

    For me, that's a critical enough service to make this article's advice redundant.

  41. Framitz

    Unfortunately . . .

    I have to run applications that depend on Java, so I keep Java up to date. If I uninstall it, the application installs an older version at launch. So some of us are just stuck with it... At least at work.

    But at home . . . what's Java?

  42. Kevin McMurtrie Silver badge
    Dead Vulture

    Evil Ellison icon, please

    Uninstalling Java is a harsh recommendation from a web site that's hammering my Flash blocker and Web-bug blocker.

    As a language, Java is very good for business applications. It's simple, has a rapid development time, and has growing support for multiprocessor systems. Most of the bloating comes from commercial "Enterprise" frameworks that attempt to eliminate boring boilerplate code with XML files. They run slowly, bloat applications, drive up costs, increase complexity, and usually take longer to use than the boring code they replace. Oracle makes those frameworks so there's a real conflict of interest in them owning Java.

  43. W. Keith Wingate
    Troll

    I'll uninstall Java when I ditch my PalmPilot

    I get rid of stuff when I a) No longer need it or b) Have something better.

    While not a full-time coder, I do need to write programs to do my job, so a) is not true in my case unless b) also is. From where, I'm sitting, it ain't. C# might be an alternative if I only wanted to run on Windows (happily, most of my work is on Linux), and moving to M$ for security reasons seems like a hard sell.

    The poor Java programming language has been a victim of corporate & community politics since day 0, and has suffered from some bad design dogma, er, uh decisions (e.g. no native compilation, grudging support for so-called platform-dependent features like environment variables, insistent boundary checking, etc.....). But after years of trying to graduate from C to C++ Java taught me OOP in a few months. It's a much better pedagogical language than the Pascal they taught when I was a kidl. The built-in threading model, while imperfect, is a great improvement on anything which preceded it.

    It suffers from bloat, but groovy (et. al.) will take you to the same place (compiling to either java source or byte code) with fewer lines of code, and if you compile the stuff natively it is at least as secure as a comparable C program in the same environment. It is only the runtime translation that may make it more vulnerable.

    Short of going back to malloc()'ing and free()'ing my own memory for every character string, and absenting the rebirth of the commercial grade java native compilers (gcj AFAIK, is all that remains), I think I'll stick with Java.

    BTW, until I find a "smartphone" to sync my calendar, contacts, categorized to-do items, memos, etc. at work and at home which let's me carry those data in between without costing a monthly arm & leg for a "data plan", I'll keep my PalmPilot too, thanks. All those smartphones, BTW, except for Apple's, seem to run Java.

    </irony>

  44. Anonymous Coward
    FAIL

    Another "Because..."

    ... Axis Bank (India).

    I have to keep a Windows partition, with a specific version of Java, just for their new "improved" net banking system. The old one ran under firefox+Linux, probably under anything.

  45. gnufreex

    What's the next post? Install .NET?

    This is crazy. Remove Java because it scares Bill Gates. I use OpenJDK in GNU/Linux and have no intention removing it. It is great.

  46. JanMeijer

    Norwegian bank also says "no"

    Same as in Denmark, AFAIK most Norwegian banks use a java applet for doing the sensitive stuff in their netbanking applications: the signing bit. Every time I pay a bill it reminds me of why I dislike Java ;)

  47. Daniel B.
    Thumb Down

    You'll pry my Java out of my cold, dead hands...

    The only true competitor to Java is .NET, which is worse. I'm sick and tired of mscorsvc.exe eating away 1Gb+ of my RAM.

    Asking users to uninstall Java is bordering in the Jobsian fetish of uninstalling Flash.

  48. Anonymous Coward
    Anonymous Coward

    Do you actually read what you have written, Dan?

    "While the vast majority of the affected platforms are Windows, attacks, albeit lame ones for now, are beginning to target Mac OS X and . "

    Yes, the . operating system is not what it's cracked up to be. Very insecure in my experience.

  49. Jim Moores
    Thumb Down

    Great, we can now use the author's nominated alternative

    If you're actually writing applications, what completely secure alternative is the author suggesting? Oh, and Apple don't control their JDK any more, so the OS X argument is rubbish.

  50. This post has been deleted by its author

    1. Destroy All Monsters Silver badge
      Troll

      Keep late-post trolling to a minimum

      M'kay?

  51. This post has been deleted by its author

  52. Anonymous Coward
    Anonymous Coward

    Dont forget to check the meta tags...

    <!--

    Internal Microsoft documents in Sun's possession detail an aggressive strategy for Redmond's 'top priority.' A CNET article by Dan Goodin, Staff Writer, CNET News.com. Published on September 23, 1998 5:00 AM PDT.

    -->

  53. Ignazio

    Guys what's the matter with you, seriously?

    Claims made:

    a) Java is insecure

    b) Java does not work everywhere

    c) Platform specific code in Java

    d) everybody who knows moved on

    ... wait, WHAT? when did all of this happen?

    I've been programming in Java for the last nine years or so, and not just fancypants hello world applications, so:

    a) the Java runtime can and has bugs. So do applications written in Ca dn in whatever else, including for that matter operating systems. Do you blame the screw if the guy with the tool in hand screwed up? Attacks against *nixes have the usual limitations, i.e., no privilege escalation etc., so nothing really new there. Actually it proves point b:

    b) Java does run everywhere. Been writing code on mac, debugged in linux and run it on windows, both xp, vista, 98 (yes that old) AND Windows CE 5 with the PersonalJava thingy that ran on it. Still have to find an error that's in the runtime, NOT in the code written by the stupid programmer (e.g., me)

    c) platform specific code in Java: like what? As before, never seen it. A few differences between VERSIONS of Java. Anyone complaining about it has tried using different versions of a compiler for other languages? Good luck with the variants for C and C++, just to mention proper languages.

    d) everybody who knows hasn't moved on, far as I know. Mostly because Oracle bought Sun because there was the key to own Java - or do you think Larry made an economical mistake? He seems quite good at judging how to raise the dividends. If the language was dead as you describe it, Oracle wouldn't have bothered...

  54. Anteaus
    Stop

    Web access is the issue

    The mistake isn't in having coding runtimes, it's in making those runtimes accessible to websites by way of browser plugins, and in doing so without the user's knowledge or consent. I daresay that qbasic could be used to write malware; the difference is that qbasic code cannot be run inside a browser. Java, .net and in some cases .vbs can be, and this is what makes them dangerous.

    If you use a Mozilla browser you can edit greprefs\all.js to stop java (and other large attack-surface plugins) being automatically loaded into the browser. Type about:plugins in the URL bar to see just how wide an attack-surface you're exposing. You may be surprised.

This topic is closed for new posts.

Other stories you might like