The Motley Fool Discussion Boards

Previous Page

Computers, Phones & Internet / Help with this STUPID computer!

URL:  http://boards.fool.com/then-as-a-web-surfer-its-not-much-different-30298480.aspx

Subject:  Re: Yet another Java flaw Date:  10/3/2012  8:14 PM
Author:  mmrmnhrm Number:  182050 of 189504

Then as a web surfer, it's not much different than visiting a deliberately malicious web site. In one case, the Bad Guys really are the web masters. In the other case, lazy web masters have effectively lost control of their web site to the Bad Guys. In either case, to cause me problems the Bad Guys have to take advantage of some weakness in my web browser. So I'm depending on some combination of my web browser, an anti-malware program, and my wits to defend me against the Bad Guys.
Exactly :) The trouble is that browsers (or more often, their plug-ins) are security disasters.

That would be a bit different from Java (where this all started). To defend against attacks coming through Java, I still can use an anti-malware program and my wits, but my web browser no longer is any help nor is it the source of the vulnerability. But I can completely eliminate the threat by simply refusing to install Java and accepting the loss of functionality Java provided.
The best defense against Java-based attacks is, as you advocate, to simply not install it in the first place. For the vast majority of people, this is exactly what should be done. When I try to think of something that absolutely requires client-side Java through the browser, I come up empty. Interactive weather radar or real estate searches, games... it can all be done via server-side calls (JS+JSON+AJAX being the most common for the former, I believe, while Flash is more popular for the latter). I can't see why online banking would need any sort of client-side scripting... server-side generation of static HTML is all that's required, yet those pages are riddled with JavaScript. Video has a whole bunch of choices, with Flash being most common, though HTML5 will probably become a lot more common as browsers begin supporting it.

Java has its place, but like any tool used inappropriately, Bad Things(tm) usually follow when that happens.
Copyright 1996-2014 trademark and the "Fool" logo is a trademark of The Motley Fool, Inc. Contact Us