Why You Can't Dump Java (Even Though You Want To) 402
snydeq writes "Since so many recent exploits have used Java as their attack vector, you might conclude Java should be shown the exit, but the reality is that Java is not the problem, writes Security Advisor's Roger Grimes. 'Sure, I could opt not to use those Java-enabled services or install Java and uninstall when I'm finished. But the core problem isn't necessarily Java's exploitability; nearly all software is exploitable. It's unpatched Java. Few successful Java-related attacks are related to zero-day exploits. Almost all are related to Java security bugs that have been patched for months (or longer),' Grimes writes. 'The bottom line is that we aren't addressing the real problems. It isn't a security bug here and there in a particular piece of software; that's a problem we'll never get rid of. Instead, we allow almost all cyber criminals to get away with their Internet crime without any penalty. They almost never get caught and punished. Until we solve the problem of accountability, we will never get rid of the underlying problem.'"
Re:The other problem (Score:3, Informative)
Nobody got sued for using Java. Microsoft got sued because they called something that wasn't Java Java. Google got sued because they used the elements of Java, but not Java itself.
Re:The other problem (Score:3, Informative)
Google got sued because they made a lot of money selling a Java platform to consumers.
Which Oracle/Sun failed horribly for years at doing. (Java ME anyone?)
Fuck Oracle!
Re:This is a stupid article (Score:5, Informative)
Re:less risk? (Score:5, Informative)
You can also not use windows and opt for linux. But is it worth it? For some, yes, I'd say that for most people it isn't.
Java runs some cool software that most have no idea it actually is Java (it can copy the look and feel of your OS). The only way to mostly fix java is to have chrome like updates. Silent, forced on you but safe.
Re:Invalid argument... (Score:2, Informative)
Actually, most crime is the result of opportunity, not poverty. It's not so much class psychology or class deprivation (in the Western world real deprivation is uncommon), but that lower income people tend to live in communities where crime is easier because of 1) underfunded enforcement and 2) cheaper targets. Crime is an evolutionary strategy, and there's no reason to think that the genes aren't evenly spread throughout the society, especially considering how the lower and upper classes mix so readily through the generations. Place groups of rich and poor people in a 7-11 with the understanding that there's no surveillance and in fact no repercussions whatsoever (not even peers) if they steal, and the same number of people from each group are likely to shop lift eventually. Others will never shop lift, because they're reciprocity instinct is just too strong, and still others will fall in between.
That's why punishment is ineffective. The supposition held by a perpetrator is that he would not get caught. You don't need harsher penalties (no matter what the economists say); you just need better policing and fewer opportunities (in the software case, safer software).
Re:Accountability (Score:5, Informative)
The whole idea of accountability is utterly stupid as long as you have a single data network that spans multiple countries. If someone in Nigeria sends you a virus or does something else illegal, WTF are you going to do about it? Nothing. There's absolutely no way you're going to make people entirely accountable for their actions as long as there's multiple governments, and worse different laws in different places. The only rational thing to do is to protect yourself.
Re:This is a stupid article (Score:4, Informative)
> Write once, run anywhere.. my ass...
Write once, write anywhere... that has Java 1.2.3.4.5 installed. Not 1.2.3.4.4 or 1.2.3.4.6. It *MUST* be 1.2.3.4.5.
That's Java's main problem. Back in the days of DOS, a BAT or COM or EXE file that worked on DOS 1 would work on DOS 2 and 3 and 4 and 5 and 6, unless it did some really braindead version checking. The vast majority of Windows apps survive service pack security updates. But many Java apps seem to break with each sub-minor version bump.
Re:less risk? (Score:3, Informative)
Package managers are not a silver bullet, because it still requires a diligent maintainer. There are plenty of software packages for the various distros, which are older versions. Running the update mechanism won't fix that.
Re:Accountability (Score:2, Informative)
You have all the facts wrong it looks like. Zimmerman didn't attack Martin, he was backing off, returning to his car when Martin attacked him. Zimmerman fell, Martin jumped over him beating Zimmerman's head against the ground, Zimmerman then shot him.
The cops who didn't throw Zimmerman into a holding cell right away obviously thought that it happened this way, that Zimmerman was protected with that 'Stand your ground' law, that it was self defence.
The media is being used though to create a narrative among the public that there is this splurge of white on black crime, when actually that is not the case in USA, and nobody makes a federal case out of crimes like this [nydailynews.com] for example.
Re:Accountability (Score:2, Informative)