AR15.Com Archives
 Screw Java!!!!!!!!!!!
svtfast  [Team Member]
12/30/2011 4:29:56 PM
Fucking POS insecure program wont update its damn self. I would do it but hell if I know when SUN POS Microshit systems releases an updated version.

Today Secunia said update Java. I did a manual update but POS Java told me that I had to close every fucking open program.







Sorry for the micro rant but Fuck Oracle and Fuck Java. POS insecure program!!!!
Paid Advertisement
--
Brian12  [Member]
12/30/2011 4:47:42 PM
You're better off without it: http://www.f-secure.com/weblog/archives/00002285.html
mak0  [Team Member]
12/30/2011 4:49:47 PM
Simply not having Java or any Adobe products installed goes a long way in preventing malware infections. They are both riddled with vulnerabilities.
steenkybastage  [Member]
12/30/2011 9:07:32 PM
Originally Posted By mak0:
Simply not having Java or any Adobe products installed goes a long way in preventing malware infections. They are both riddled with vulnerabilities.


Surely you mean flash, not "any Adobe products", right?

If not, I'd like to know about all the vulnerabilities associated with the rest, as I've never had a problem (flash included).

Then again, common sense and a bit of security that I use may have thwarted all the problems all these years...
mak0  [Team Member]
12/30/2011 9:19:40 PM
Originally Posted By steenkybastage:
Originally Posted By mak0:
Simply not having Java or any Adobe products installed goes a long way in preventing malware infections. They are both riddled with vulnerabilities.


Surely you mean flash, not "any Adobe products", right?

If not, I'd like to know about all the vulnerabilities associated with the rest, as I've never had a problem (flash included).

Then again, common sense and a bit of security that I use may have thwarted all the problems all these years...


Both Flash and Reader are pretty bad security wise. Although, the sandboxing in Reader mitigates a lot of vulnerabilities so it's not as bad as it used to be.

ETA: if you want to get an idea of how often vulnerabilites are discovered, just go to Packet Storm and search "adobe". Seems like there's a new one discovered almost every week.
steenkybastage  [Member]
12/30/2011 11:04:54 PM
Originally Posted By mak0:
Originally Posted By steenkybastage:
Originally Posted By mak0:
Simply not having Java or any Adobe products installed goes a long way in preventing malware infections. They are both riddled with vulnerabilities.


Surely you mean flash, not "any Adobe products", right?

If not, I'd like to know about all the vulnerabilities associated with the rest, as I've never had a problem (flash included).

Then again, common sense and a bit of security that I use may have thwarted all the problems all these years...


Both Flash and Reader are pretty bad security wise. Although, the sandboxing in Reader mitigates a lot of vulnerabilities so it's not as bad as it used to be.

ETA: if you want to get an idea of how often vulnerabilites are discovered, just go to Packet Storm and search "adobe". Seems like there's a new one discovered almost every week.


Yeah, but Adobe makes a ton of products, and only a few are used in the typical browsing experience.

When you said "any Adobe product" I think:
Photoshop
Premiere
Lightroom
Illustrator
Bridge
Story
Media Encoder
After Effects
Audition
Soundbooth
Dreamweaver
Indesign
Contribute
Flash (not flash player)
Encore
Coldfusion
Fireworks
Onlocation
(and any others I forgot to mention)

I was just trying to clarify whether you really meant "any" or if that just came across wrong. I know flash can be problematic (although avoiding questionable websites keeps me problem-free) and pdf files can technically be a problem (but so can just about any other type of document from untrusted source).

I just haven't ever heard any other complaints, but would be interested to know if there are problems, as I have tons of Adobe products on virtually every machine I use.
mak0  [Team Member]
12/30/2011 11:20:48 PM
Originally Posted By steenkybastage:
Originally Posted By mak0:
Originally Posted By steenkybastage:
Originally Posted By mak0:
Simply not having Java or any Adobe products installed goes a long way in preventing malware infections. They are both riddled with vulnerabilities.


Surely you mean flash, not "any Adobe products", right?

If not, I'd like to know about all the vulnerabilities associated with the rest, as I've never had a problem (flash included).

Then again, common sense and a bit of security that I use may have thwarted all the problems all these years...


Both Flash and Reader are pretty bad security wise. Although, the sandboxing in Reader mitigates a lot of vulnerabilities so it's not as bad as it used to be.

ETA: if you want to get an idea of how often vulnerabilites are discovered, just go to Packet Storm and search "adobe". Seems like there's a new one discovered almost every week.


Yeah, but Adobe makes a ton of products, and only a few are used in the typical browsing experience.

When you said "any Adobe product" I think:
Photoshop
Premiere
Lightroom
Illustrator
Bridge
Story
Media Encoder
After Effects
Audition
Soundbooth
Dreamweaver
Indesign
Contribute
Flash (not flash player)
Encore
Coldfusion
Fireworks
Onlocation
(and any others I forgot to mention)

I was just trying to clarify whether you really meant "any" or if that just came across wrong. I know flash can be problematic (although avoiding questionable websites keeps me problem-free) and pdf files can technically be a problem (but so can just about any other type of document from untrusted source).

I just haven't ever heard any other complaints, but would be interested to know if there are problems, as I have tons of Adobe products on virtually every machine I use.


I've seen exploits for many of the apps you've listed as well. They're just not targeted anywhere near as much as Flash Player and Reader for obvious reasons.
svtfast  [Team Member]
12/31/2011 4:41:54 AM
Originally Posted By Brian12:
You're better off without it: http://www.f-secure.com/weblog/archives/00002285.html


For PDF I use Foxit reader without the firefox and opera plugins. I cant find anything to replace flash so it stays on my comp, if someone can tell me how I can use my comp without it, please tell me.


Can I uninstall Java runtime without fing something on my comp?
NimmerMehr  [Team Member]
12/31/2011 12:20:37 PM
I like java.

also, there is a way to have flash install on just your profile if you run as limited user, but it is a manual process.


Sumatra for pdf viewing
Brian12  [Member]
12/31/2011 12:59:45 PM
Originally Posted By svtfast:

I cant find anything to replace flash so it stays on my comp, if someone can tell me how I can use my comp without it, please tell me.


Use Google Chrome. It includes Flash Player built-in, which means you do not need to download Flash Player separately. It also puts Flash inside a sandbox.

http://blog.chromium.org/2010/12/rolling-out-sandbox-for-adobe-flash.html

steenkybastage  [Member]
12/31/2011 1:37:43 PM
Originally Posted By mak0:
Originally Posted By steenkybastage:
::snip::


I've seen exploits for many of the apps you've listed as well. They're just not targeted anywhere near as much as Flash Player and Reader for obvious reasons.


So essentially they're just like any other widely used program: at some point there has been a potential problem, but most likely fixed/patched long ago and virtually no potential problems at all.

We shouldn't lump IE, Firefox, Word, Excel, MacOS, WindowsOS, LinuxOS, etc all into the same category as flash, so we shouldn't lump "any Adobe product" in either, right?
schizrade  [Team Member]
12/31/2011 2:02:46 PM
All 200 workstations i lord over just passed a stringent security audir and the are all riddled with java and adobe products. I guess you have to be smarter than a 15 year old.

Posted Via AR15.Com Mobile
tucansam  [Team Member]
1/1/2012 1:12:17 PM
I've run JRE, applets, and full-on apps on everything from 8-CPU Sun and IBM workstations with gigs and gigs of RAM to the latest multi-core i5s and Phenom II's, and everything in between, on about a half dozen different operating systems.

Every single time I have ever used Java, ever, it has turned each system into a 16MHz 80286.

GlutealCleft  [Member]
1/1/2012 1:34:18 PM
Originally Posted By mak0:
Both Flash and Reader are pretty bad security wise. Although, the sandboxing in Reader mitigates a lot of vulnerabilities so it's not as bad as it used to be.


Not long ago, I saw a breakdown of the sources of actual infected machines. Java, Flash, and Reader combined accounted for somewhere around 80%, with Java being the #1 by a small margin.
Paid Advertisement
--