The Latest On Java And Oracle's Response To Exploits
Feeling around in the dark
It is with great trepidation that one will venture to use Java in a browser environment. Currently little to no comforting actions are coming from Oracle and to make matters worse the effort put forth by the software giant so far leaves one in the dark concerning security improvements. To use Java or not to use Java; that is the question. Oracle only seems slightly bothered by it all and is offering only a minute amount of information.
Go to Oracle and try to find any useful information on the fact that the Department of Homeland Security has suggested everyone stop using Java. The lack of useful information on this is somewhat disquieting, especially if you consider that the only response so far is an update around Mid-January that most security experts describe as a feeble attempt to fix the issues. Most computer security companies are suggesting the same thing that the Department of Homeland Security is suggesting. Short of using a browser plug-in that prompts you to allow the Java plug-in to run, there is little else that the average user can do to protect themselves.
Too little action is the same as no action
The main problem is there are a number of sites programmed with Java in either a portion of their site or in some cases their entire site. Aside from that, many programs depend on Java and Java plug-ins to operate. For a programmer it is not too difficult to strap together some protection methods to allow Java to run locally and squelch the Java plug-ins from running independently in the browser. For the average user an 'allow to run' prompt is just another annoyance to quickly click through and most users will not heed the security warning and will haplessly click away down the rabbit hole of the Internet. As long as Facebook comes up, they can send emails, and search for that rad T-shirt, most will not pay attention to the fact that their connection is somewhat slower. Few will understand that their Internet connection, in part, is a part of a larger collective in the latest Cyber-attack on a financial, government, or news, website.
I have often likened this to a prompt that comes up and says, "going to this site is bad", then after a quick click, "click here to download a nice trogan for your collection", then another click and the screen goes black. Truly, the messages aren't that overt but the clicks are made with little to no thought. We depend on virus software, firewalls, and other measures to keep our traverse of the Internet safe. The companies that develop this protection depends on the user to use discretion in where and what they click on; mistake. Actually, most security companies and developers of security software factor in user complacency but Oracle is taking the approach that most users actually care about the latest exploit and will take active measures to protect their computers from exploits. It's only when the connection is down to a crawl or that a user cannot see what Angela posted in reply to Nick's status that there is an interest.
Oracle is too large of a company and too well respected to be so mealymouthed and subdued about this matter. Wake up Oracle and don't let the bad guys win.
by Jim Atkins 'thedosmann'