This week there has been a lot of talk about Java. There was talk at the beginning of version 7 update 10. That it was very vulnerable. So vulnerable and critical was it, that many recommended the complete uninstallation of Java on their computers.
0-day Un zero-day attack (in English zero-day attack or 0-day attack) is an attack against an application or system that aims to execute malicious code thanks to the knowledge of vulnerabilities that, in general, are unknown to people and the manufacturer of the product. This assumes that they have not yet been fixed. This type of exploit it generally circulates among the ranks of potential attackers until it is finally posted on public forums. A zero-day attack is considered one of the most dangerous instruments of a computer warfare1
The vulnerability was quite serious since it allowed the execution and installation of Software on the system without the user knowing, this allowed information to be stolen, and to do practically anything.
In the last days the "genius" of Oracle have released their new version with a supposed patch for the 0-day called Java 7 update 11.
But many claim that the vulnerability still persists. Or rather, it has not been fully patched. According to experts, they say it could take Oracle up to 2 years to fully fix this vulnerability.
From Oracle they offer us to go to the Java control panel and adjust the security level and turn it from medium to high and this will make it more difficult to execute malicious code without our consent. But beware, "It will make it more difficult."
I personally say that Java time is over. Since I read blogs Java has always been shown to be very vulnerable and the truth is I never find out if I have Java installed or not. I mean I don't notice the difference. I personally uninstalled it a long time ago and my life remains the same. Safer of course 😀
I would recommend that if you are desktop users. Common and wild, don't install Java. We have enough with Flash.
I don't know why I get a small smile when I read this. Maybe it's me; D
We are already two lol
Not even openjdk?
If you do homebanking or use complex sites it is very likely that you need to have Java installed to use them - Java RTE, not OpenJDK where most of these sites do not work.
If msx is right, also in my case for example it is necessary to enter the system of grades and registration of courses of my university. By the way, do not take it the wrong way, but could you put the sources that claim that the vulnerability still continues after the update? I am interested in learning more since the use of java is a necessary evil.
I have always been the biggest detractor of Java in these parts. The truth is that these types of critical vulnerabilities always appear in this language and that is one of the many reasons why I decline the use of such a poor quality product.
Come on, it doesn't take long for one to get back to me answering that Java is this, Android is the other ... to shit Java.
A small correction: what is insecure is not the language (which with its classes and camel case is horrible, yes) but the virtual machine where Java is compiled on the fly.
Obviously my mistake for not specifying it, sometimes I tend to generalize it a lot.
But I don't like everything that has to do with Java.
Including the horrible, slow, archaic and painful dalvik engine that android uses.
Ugh, it's good to find people with an opinion and without fear of saying things as they are.
Fortunately, the future is promising with the large number of alternatives that are in their final stage of maturation: D: D
It's time to replace all of Java with Python ... I think. As the author said, the time of Java is over.
Totally agree.
In that if I agree python does not even need to be compiled, but how do I download without jdownloader ?, Tucan does not work for me and ratfat worse, who recommends a multi-protocol download program where depositfile links work ?.
plowshare
Hopefully my boss doesn't read this .. if I'm not going to sell handicrafts in the square… hehehe
Okay with the news; anyway, in the sites where I have read about this Java vulnerability, they only warn Windows and OS X users, I have not seen any mention of GNU / Linux, in any case, as with all things, the degree The danger that it represents will depend on our browsing and safety habits. On the other hand, I am not very clear about disabling and / or uninstalling Java completely, since it is not only used by browsers; if you look closely, the LibreOffice and OpenOffice suites install and use it by default, so I am not sure how effective the "uninstall" will be, if someone has a more precise idea of the matter, I would appreciate explaining it in detail.
Linux IS vulnerable:
http://erratasec.blogspot.mx/2012/08/new-java-0day.html
http://www.securityowned.com/noticias-seguridad/exploit-0-day-java-7-10/
And although you reduce the risk by not visiting pages of dubious security, the infection can be caused by the simple fact of visiting a compromised page (your school's website, a commercial store, etc.).
Although Linux is more secure, do not feed the myth that it is untouchable.
It is not like this.
GNU / Linux is safe, the insecure is Java.
Windows is insecure with or without Java.
If you leave an SSH server open on port 22 with root access and without a password, they will logically enter as Pancho at home.
There is no feed FUD.
And I add: the problem with Java is the low-level requirements of the virtual machine, in this new light it is evident that:
The virtual machine needs low-level access to the system to function, which in itself is a design error and an attack vector since the system (GNU / Linux in this case) has no way of acting or defending itself since it literally hands over the keys to Java.
Logically, if the virtual machine asks for unrestricted access to the system to function, this will be the weakest point of the system itself and the general security of the system will be marked by the security of the applications that need to run in kernel space or user space privileged.
Document yourself, read, understand and - please - don't spread FUD.
As far as I remember or understand there is no way that any application can access such a low level of action in the Kernel.
I've read it but right now I don't remember where and the truth is that I don't know enough to start arguing about it ... I'm not so irresponsible, but I wanted to comment on it anyway.
I have libreoffice and I have not installed java.
In the case of Windows, it affects XP and 7. Windows 8 and Explorer 10 without problems. On the Linux PC I already disabled it in the browsers, just in case.
Well, if you use Sun Java on Linux, that takes a while to update. Especially if you use Distros like Debian. Then usually the manual .deb is compiled or installed. Therefore they do not update themselves.
just disable plugins, no need to uninstall
What is the point of having a plugin installed and disabling it?
That when the problem is fixed you enable it, I imagine it will be updated with the patch.
that when they solve the problem and release a new version you enable them again, it is the same as Juan Carlos says except for the patches, since no matter how much they remove them it seems that the problem persists
@ Charlie-Brown
Libreoffice installs openjdk, it does not install java, on that side there is no problem, now as msx says, yes
Yupiiii, we are sure.
How about openjdk?
I am a minecrafter .. I am not willing to give up so easily 😛
See clarify one thing for me, does this error affect openjdk? because from what I know most of linux use openjdk, because from what I read is a bug or oracle java error