Java Question for fellow Programmers

Discussion in 'Mac Programming' started by Pentad, Feb 18, 2011.

  1. Pentad macrumors 6502a

    Pentad

    Joined:
    Nov 26, 2003
    Location:
    Indiana
    #1
    Greetings,

    I am working on a Java project on my MBP but I am growing more and more concerned with Java on the Mac and especially the security updates that seem to be lagging behind in Java for OS X.

    I saw this today and I am wondering about these updates for OS X??

    How are you folks -the other Java developers- dealing with this? I am considering moving to Eclipse for Windows via my VMWare but I have to tell you if this keeps up I'm not sure that I actually need a MBP anymore.

    When Apple dropped their deprecated Java Update late last year I was afraid security updates would fall even further behind than they had in the past. Now, I'm not even sure we'll get these security updates...

    -P
     
  2. chown33, Feb 18, 2011
    Last edited: Feb 18, 2011

    chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #2
    Every browser has the ability to disable Java, usually with a simple checkbox.
    So disable Java in your browser.
    Problem solved.

    After it's disabled in your browser, there is no longer any attack surface exposed by Java that isn't also exposed by other means. There are no daemons, services, etc. of any kind (as far as I know) that run in the background and rely on the JVM. None of the controllable services in System Preferences Sharing pane use Java at all.

    Java is still available at the command-line, but so are numerous other attack vectors, such as perl, python, shell, etc. If someone's going to attack an exploitable weakness, writing Java code in the exploit seems less likely than many others. If there's an exploitable weakness in some other service (i.e. an exploit that can be made to run externally supplied code), then firing up the JVM in the exploit is one of the harder ways of doing it.

    If you need to run Java in your browser for some reason, then create a non-admin account and enable it only there. Only use that browser for the few places you need browser-based Java, and only for those sites that are actually trustworthy.

    Finally, Apple has a pre-release update of Java:
    http://lists.apple.com/archives/java-dev/2011/Feb/msg00068.html
     
  3. subsonix macrumors 68040

    Joined:
    Feb 2, 2008
    #3
    These updates seems to be available from here, the latest is referred to as update 24. If I'm not missing something here. :D

    http://openjdk.java.net/
     
  4. robm99x macrumors newbie

    Joined:
    Mar 13, 2011
    Location:
    Boston, MA
    #4
    I've been programming Java on Windows (primarily) and Linux for the past 10 years (the previous 12 years were all C/C++ and other technologies now dead) and now switching to Macintosh finally. Oracle/Sun will take care to keep Java alive and well for a long time. IMO, what I see in the enterprise, its the same old religious battle between dreaded Microsoft and entrepreneurial Apple. I used to program Macs way back in their hay-day (OS 4, 5, 6) and am very excited to use Eclipse on Mac with Apache/Tomcat, Spring, Hibernate, etc.

    So, I'm betting the farm on Apple and Java support being around for a long time.
     

Share This Page