Are you 'scared' of Java?

[knb]

As we know Java is a programming language and as any software it is extremely difficult to be 100% security proof.

Oracle bought Sun Microsystems for Java for tons of money years ago...

And a little whole ago there were reports of Java security flaw, and Apple stopped bundling Java about two years ago... one wonders why Oracle let it slip... but that's another question...

The question for you is, as a Mac user, are you scare of Java or feel it's ok as mentioned above, 'no software is completely safe'? And a closely related question is, where and how could one know how do the majority of Mac users feel about Java?

Thank you.

----------

As we know Java is a programming language and as any software it is extremely difficult to be 100% security proof.

Oracle bought Sun Microsystems for Java for tons of money years ago...

And a little whole ago there were reports of Java security flaw, and Apple stopped bundling Java about two years ago... one wonders why Oracle let it slip... but that's another question...

The question for you is, as a Mac user, are you scare of Java or feel it's ok as mentioned above, 'no software is completely safe'? And a closely related question is, where and how could one know how do the majority of Mac users feel about Java?

Thank you.

And another thought,
Just because fly can come into a room we never open up window for fresh air?

 

[MikhailT]

Majority of the issues are in the java applets. For many users, that's enough to be scared about.

Java on its own is fine, just not the remote/web applets because you can spread malware quickly to the mass via those technologies.

A LOT of big tech giants uses Java as a server-side apps and it's secure to use, it's more tightly controlled.

 

[knb]

Majority of the issues are in the java applets. For many users, that's enough to be scared about.

Java on its own is fine, just not the remote/web applets because you can spread malware quickly to the mass via those technologies.

A LOT of big tech giants uses Java as a server-side apps and it's secure to use, it's more tightly controlled.

Great observation. Thank you for sharing. I don't like java applets neither.
Not sure if many daily Mac users know the difference between java applets vs. programs written in Java or relies on Java...

 

[MikhailT]

Great observation. Thank you for sharing. I don't like java applets neither.
Not sure if many daily Mac users know the difference between java applets vs. programs written in Java or relies on Java...

Many of them don't even know that Java and Javascript are two different things. I hear about this confusion all the time from any regular folks, not just Mac users.

 

[benwiggy]

Are you scared of Java?

“Nothing in life is to be feared, it is only to be understood. Now is the time to understand more, so that we may fear less.”
Marie Curie.

 

[knb]

“Nothing in life is to be feared, it is only to be understood. Now is the time to understand more, so that we may fear less.”
Marie Curie.

Excellent. Seriously I may quote this when I say Java is required. Thank you a million.

 

[wrldwzrd89]

The Java/JavaScript naming confusion is unfortunate and sad, in my opinion, because it created confusion where there shouldn't have been any. If only the standard name "ECMAScript" existed back then and was more widely used than it is today...

As for Java itself, most of its security problems only impact or primarily impact the web plugin. As a Java programmer, I can't be "scared" of Java per se. That said, I do think that Java applets were a big mistake, and should be killed outright - which isn't what Oracle thinks. Hey, at least Oracle's now committed to providing timely security fixes with Java SE 8 and later versions, according to this Oracle blog post.

 

[maflynn]

I work with Oracle technologies (oracle database, weblogic web servers and peoplesoft applications) and because Oracle owns java, a lot of the tools I used are Java based. I can say that I'm not scared of java, but by the same token it may not always be the best solution but it works well enough

 

[cg399]

“Nothing in life is to be feared, it is only to be understood. Now is the time to understand more, so that we may fear less.”
Marie Curie.

Not disagreeing with the intention of the quote - but is there not an irony when you consider what happened to Marie Curie...

 

[Shrink]

Happily, I have no need for Java, and don't even have it installed.

But to be honest, with my limited technical knowledge, it does concern my that it may act as a portal for malware. Probably just my ignorance at work.

 

[justperry]

Not at all, I live there. ↩↩

-----

Java (For us Consumers) should go the same way as Flash.
I just switch it off in my browser before, now I just leave it of my System.
But, it's on a Mac not as bad as it seems (To my knowledge), how many got infected, not that many.

 

[knb]

Many of them don't even know that Java and Javascript are two different things. I hear about this confusion all the time from any regular folks, not just Mac users.

Many web applications use javascripting, and by default, most browsers enable javascript. So, that's not my concern.

My application does require Java because it uses an app server, which is written in Java.

 

[benwiggy]

The only problem with Java is the VECTOR by which code can be run from an outside source. Java is designed to run code in your browser: fair enough, but the issue is what that code can access on your machine, and whether it can "get out".

That has pretty much been fixed with Apple's security update to Safari, which allows black-listing/white-listing, or by turning of Java in your other browser.

"Oh, I must remove all traces of Java from my Mac to be safe" is a massive over-reaction.

 

[knb]

["Oh, I must remove all traces of Java from my Mac to be safe" is a massive over-reaction.]
Exactly. That tends to be the case with millions of daily computer users, when they read a news report something about alleged Java issue they immediately jump guns... can't really blame them tho because they don't have sufficient technical knowledge to make a correct judgement.

 

[knb]

What would be the most compelling and easy-to-understand reason to inform and education average Mac user if their Mac does not have Java installed already to install it?

One answer is:
1) Java itself is in general safe.
2) The software program for Mac OS X is compelling enough/interesting enough for them to take an extra step to install Java

Your thought?

Thanks.

 

[subsonix]

What would be the most compelling and easy-to-understand reason to inform and education average Mac user if their Mac does not have Java installed already to install it?

If they don't have it and don't need it, there is no compelling reason to install it.

I have Java turned off in Safari and it's been that way for years btw.

 

[MrNomNoms]

I think what made matters worse was the fact that Apple's Java was always behind not only version but also when it came to issuing security updates thus it is one thing to say there is a security hole but if the response from the vendor (in this case) is slow then it causes more anxiety for the end user. For me I don't expect software to be perfect but I do expect that the software vendor owns up and provides a security update in a timely manner with a workaround that allows one to decrease the chances being attacked.

 

[subsonix]

I think what made matters worse was the fact that Apple's Java was always behind not only version but also when it came to issuing security updates

Well that is all behind us, the reason to turn it off in the browser is that Java applets are very rarely used any more. It's just an unnecessary potential for someone to get in, might as well turn it off because it makes you completely unaffected by Java security mess ups.

 

[CptSky]

As a Java programmer, I know that the language itself is safe. I don't like Java because it is generally slow... I avoid Java Applet on the web, which is the source of most vulnerabilities, because, well, it's an outdated technology.

So, I'm not scared of Java. For apps, it's fine, for applet, webmasters should look for a better alternative. (Java Applets are *in theory* pretty safe as they work in a VM without any access to the real system.)

 

[knb]

I think what made matters worse was the fact that Apple's Java was always behind not only version but also when it came to issuing security updates thus it is one thing to say there is a security hole but if the response from the vendor (in this case) is slow then it causes more anxiety for the end user. For me I don't expect software to be perfect but I do expect that the software vendor owns up and provides a security update in a timely manner with a workaround that allows one to decrease the chances being attacked.

Totally agree. Please go to forumdisplay.php?f=73
and look for my post on PackageMaker, I sorely need help on that... thanks in advance.

----------

Well that is all behind us, the reason to turn it off in the browser is that Java applets are very rarely used any more. It's just an unnecessary potential for someone to get in, might as well turn it off because it makes you completely unaffected by Java security mess ups.

Making sense. Please go to forumdisplay.php?f=73
and look for my post on PackageMaker, I sorely need help on that... thanks in advance.