Java is in fact the devil.

[Lias]

http://www.cisco.com/web/offers/lp/2014-annual-security-report/index.html

tl;dr :Cisco 2014 Annual Security Report says 91% of web exploits target Java.

[Apostrophe Spacemonkey]

I agree/disagree (delete one) with the above statement.

[Xenolightning]

http://www.cisco.com/web/offers/lp/2014-annual-security-report/index.html

tl;dr :Cisco 2014 Annual Security Report says 91% of web exploits target Java.

TLDR;

But do "they" only TARGET Java and not AFFECT Java? Targeting and actually doing anything malicious, are two different things.

[Codex]

TLDR;

But do "they" only TARGET Java and not AFFECT Java? Targeting and actually doing anything malicious, are two different things.

Java fanboy detected

[Xenolightning]

TLDR;

But do "they" only TARGET Java and not AFFECT Java? Targeting and actually doing anything malicious, are two different things.

Java fanboy detected

OH GOD NO, quite the opposite.

But I detect potential marketing rubbish pretty quickly

[Codex]

OH GOD NO, quite the opposite.

But I detect potential marketing rubbish pretty quickly

Java fanboy imminent

[Apostrophe Spacemonkey]

Tiwa incoming in 3... 2... 1...

[Lias]

But do "they" only TARGET Java and not AFFECT Java? Targeting and actually doing anything malicious, are two different things.

In short, 91% of infected PC's monitored were compromised via Java vulnerabilities.

[Xenolightning]

But do "they" only TARGET Java and not AFFECT Java? Targeting and actually doing anything malicious, are two different things.

In short, 91% of infected PC's monitored were compromised via Java vulnerabilities.

TROOLOLLOLOLO.

Any numbers on what versions?

[Lias]

But do "they" only TARGET Java and not AFFECT Java? Targeting and actually doing anything malicious, are two different things.

In short, 91% of infected PC's monitored were compromised via Java vulnerabilities.

TROOLOLLOLOLO.

Any numbers on what versions?

No hard numbers, other than "However, Cisco TRAC/SIO research also shows that 76 percent of enterprises using Cisco solutions are also using the Java 6 Runtime Environment, in addition to Java 7" and goes off on a big long rant on why people who still have the Java 6 JRE installed are babykilling spawns of satan.

Also at it's peak last year Java Malware made up 14% of all malware on the entire internets.

[Apostrophe Spacemonkey]

No hard numbers, other than "However, Cisco TRAC/SIO research also shows that 76 percent of enterprises using Cisco solutions are also using the Java 6 Runtime Environment, in addition to Java 7" and goes off on a big long rant on why people who still have the Java 6 JRE installed are babykilling spawns of satan.

A better option to updating Java from 6 to 7 is to just uninstall Java completely.

[Lias]

A better option to updating Java from 6 to 7 is to just uninstall Java completely.

Shut up and have my babies?

[Tiwaking!]

No hard numbers, other than "However, Cisco TRAC/SIO research also shows that 76 percent of enterprises using Cisco solutions are also using the Java 6 Runtime Environment, in addition to Java 7" and goes off on a big long rant on why people who still have the Java 6 JRE installed are babykilling spawns of satan.

Also at it's peak last year Java Malware made up 14% of all malware on the entire internets.

Why would someone still be using Java 6 Runtime Environment? Their network administrators shouldnt be allowed near computers

[Xenolightning]

Yeah, the joys of large Enterprise Systems that use environment specific functions cause upgrades to be horrendously painful, and require a large amount of redevelopment.

Muppets. Use version indifferent functions! :B

[Lias]

Why would someone still be using Java 6 Runtime Environment? Their network administrators shouldnt be allowed near computers

Nothing to do with network admins.. I can hand on heart say that if most sysadmins had their way,  the Java JRE and any app that required it would be banned. But sadly business needs etc.

It's to do with software devs writing shitty apps, that are hardcoded to use specific versions of Java, or that forcibly install said versions of java during install, etc. Same thing happens to a degree with Flash, Quicktime, etc but Java is the worst offender by far.

Pretty much every software dev should write their apps, and package their installers in such a way that everything can be installed silently, all options can be configured silently, all pre-reqs can be overwritten, and uninstalls are also silent and clean. But no the world is full of retard devs, who make life living hell for app packager and sys admins everywhere.

[RightHandOnly]

java is painful and the newer versions now expire as well...forcing you to update....for security reasons, so watch out if you are installing new versions

Unfortunately many 3rd party vendors including cisco require certain versions of Java to run the GUI's to admin their devices...for exmaple cisco PIX and cisco ASA.

you update the version of java the PIX admin tool uses and you wont be able to get in....

its not new that java is the big threat..it has been for ages.

[Lias]

java is painful and the newer versions now expire as well...forcing you to update....for security reasons, so watch out if you are installing new versions

Unfortunately many 3rd party vendors including cisco require certain versions of Java to run the GUI's to admin their devices...for exmaple cisco PIX and cisco ASA.

you update the version of java the PIX admin tool uses and you wont be able to get in....

its not new that java is the big threat..it has been for ages.

Cisco make some truly truly shite software. Had to package Cisco Configuration Professional recently.. jesus wept at having to build Auto-IT scripts to install software from a major vendor like Cisco.

I swear app packaging makes me nearly as grumpy as Helldesk did many years ago when your constantly bombarded with poorly written apps.

[Craigor]

I swear app packaging makes me nearly as grumpy as Helldesk did many years ago when your constantly bombarded with poorly written apps.

^ I feel your pain.

[Ping]

No hard numbers, other than "However, Cisco TRAC/SIO research also shows that 76 percent of enterprises using Cisco solutions are also using the Java 6 Runtime Environment, in addition to Java 7" and goes off on a big long rant on why people who still have the Java 6 JRE installed are babykilling spawns of satan.

Also at it's peak last year Java Malware made up 14% of all malware on the entire internets.

Why would someone still be using Java 6 Runtime Environment? Their network administrators shouldnt be allowed near computers

Because you have crappy old applications/hardware that break unless you use an older version of Java... e.g. for me, SDM software for Cisco [ironic this is a Cisco article] ASA Firewalls (my case can be solved with an update, but that's not the point... sometimes it's impossible to upgrade).


For me best practice is to not install Java unless you need it... If you "do" need to run an old version then only run it on locked environment. I think more browsers should take the stance that Apple took, if Java isn't used within "X" days, the browser plugin is disabled.


Java can be very powerful, I cut my teeth on it... but its also a pain in the ass. I agree with OP for the most Part

[RightHandOnly]

java is painful and the newer versions now expire as well...forcing you to update....for security reasons, so watch out if you are installing new versions

Unfortunately many 3rd party vendors including cisco require certain versions of Java to run the GUI's to admin their devices...for exmaple cisco PIX and cisco ASA.

you update the version of java the PIX admin tool uses and you wont be able to get in....

its not new that java is the big threat..it has been for ages.

Cisco make some truly truly shite software. Had to package Cisco Configuration Professional recently.. jesus wept at having to build Auto-IT scripts to install software from a major vendor like Cisco.

I swear app packaging makes me nearly as grumpy as Helldesk did many years ago when your constantly bombarded with poorly written apps.

aaarrggh...Autoit...when everything else has failed....used Autoit to script Orcale financila Apps for a large coampany...so funny watching mouse move around screen...lol

[Growler]

hey guys, where can i download Java 6 runtime environment?

[Apostrophe Spacemonkey]

hey guys, where can i download Java 6 runtime environment?

In hell.

[RightHandOnly]

sorry G, thought I had it in my old packaged apps but I dont sorry

[Tiwaking!]

hey guys, where can i download Java 6 runtime environment?

I have it, but you better be bloody joking me

I made a midi keyboard in Java but for some reason, some undocumented and unknown reason the last Java Runtime Environment that supports it is 6_0_23. The error it throws is "Yeah, Nah" "Mark Not Supported for I/O Type". And there is nothing anywhere about it. And its a bullshit error anyway because it works perfectly fine before 6_0_24

The very last Java 6 update is:
jre-6u45-windows-i586

[Pyromanik]

It worries me how prolific it is, and no one cares. Like when you visit a BANK's website and

Error 500: java.lang.NullPointerException