Eric is living in Chapel Hill, NC. By night, he writes and edits science fiction. On weekends, he spends too much time making plumbers hop on things. Eric has posted 249 posts at DZone. You can read more from them at their website. View Full User Profile

Does Java Need a Major Security Overhaul to Survive?

  • submit to reddit
Last week the Department of Homeland Security recommended that everyone disable Java in order to avoid major zero-day vulnerabilities. Apple blocked version and lower in OSX. Oracle released an emergency patch on Sunday, urging all users to update

According to Oracle, the most recent vulnerabilities only impact Java 7 (update 10 and earlier) running in web browsers - not servers or standalone applications -  but some security experts still recommend that Java users keep the software disabled for now, even after applying Sunday's update. 

This is the latest in a line of high-profile Java exploits, but unprecedented moves like those by Apple and DHS call Java's security into question on an increasingly public stage. Which makes you wonder: Does Java need a major security overhaul to survive? Should Java be disabled in all browsers? Is it more of a security vulnerability than it was three years ago? Is Oracle facing a Java "brand" crisis? Time will tell.

Published at DZone with permission of its author, Eric Gregory.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)


Greg Brown replied on Mon, 2013/01/14 - 2:38pm

Java should definitely be disabled in the browser. It's just a dangerous ball and chain at this point. It should be removed from the Java platform entirely and eliminated from future updates.



Jonathan Lermitage replied on Mon, 2013/01/14 - 3:45pm

Too. The Java plugin (Java Applets) is an outdated technology, in addition to the latest security issues. It is dead since the rising of Flash, Ajax and (now) HTML5 applications.

Loren Kratzke replied on Mon, 2013/01/14 - 4:49pm

 The number of users that require Java on their system in the first place (if not used for applets) is only slightly higher than the number of users that require Apache HTTP Server - a very small number. While applets provide a unique functionality, they are not worth the bad PR.

Jonathan Fisher replied on Mon, 2013/01/14 - 6:01pm

Java needs an overhaul, but not only security, but the dang SDK kinda sucks compared to the SDK of things like ruby/python.

Dave Smith replied on Mon, 2013/01/14 - 9:53pm

What java needs is to automatically and silently install the latest version of java for all consumers. If someone needs a specific version they should be able to override this behavior,  but the default should be automatic and silent updating of java to the latest version.

Alejandro Dobniewski replied on Tue, 2013/01/15 - 7:23am in response to: Greg Brown

 I think it would be better if the Java plugin is disable by default, requires administrator permission to activate and maybe moved to a separate optional component in a future Java version.

Also there should be a way to set security levels to signed applets. We know that CA have been compromised at the past so why we should execute arbitrary code just because is signed? That's no better than ActiveX security.

Jaffa Wify replied on Fri, 2013/06/21 - 2:42am

 These provide help in running small applications such as JAVA applets that can be downloaded from a Web server and run over the world wide web through JAVA-compatible web browsers. Thanks for sharing.
carpet repairs patching services toronto


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.