UnThreaded | Threaded | Whole Thread (31) | Ignore Thread Prev Thread | Prev | Next | Next Thread
Author: mmrmnhrm Big red star, 1000 posts Old School Fool Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: of 190784  
Subject: Re: Yet another Java flaw Date: 10/3/2012 8:14 PM
Post New | Post Reply | Reply Later | Create Poll Report this Post | Recommend it!
Recommendations: 0
Then as a web surfer, it's not much different than visiting a deliberately malicious web site. In one case, the Bad Guys really are the web masters. In the other case, lazy web masters have effectively lost control of their web site to the Bad Guys. In either case, to cause me problems the Bad Guys have to take advantage of some weakness in my web browser. So I'm depending on some combination of my web browser, an anti-malware program, and my wits to defend me against the Bad Guys.
Exactly :) The trouble is that browsers (or more often, their plug-ins) are security disasters.

That would be a bit different from Java (where this all started). To defend against attacks coming through Java, I still can use an anti-malware program and my wits, but my web browser no longer is any help nor is it the source of the vulnerability. But I can completely eliminate the threat by simply refusing to install Java and accepting the loss of functionality Java provided.
The best defense against Java-based attacks is, as you advocate, to simply not install it in the first place. For the vast majority of people, this is exactly what should be done. When I try to think of something that absolutely requires client-side Java through the browser, I come up empty. Interactive weather radar or real estate searches, games... it can all be done via server-side calls (JS+JSON+AJAX being the most common for the former, I believe, while Flash is more popular for the latter). I can't see why online banking would need any sort of client-side scripting... server-side generation of static HTML is all that's required, yet those pages are riddled with JavaScript. Video has a whole bunch of choices, with Flash being most common, though HTML5 will probably become a lot more common as browsers begin supporting it.

Java has its place, but like any tool used inappropriately, Bad Things(tm) usually follow when that happens.
Post New | Post Reply | Reply Later | Create Poll Report this Post | Recommend it!
Print the post  
UnThreaded | Threaded | Whole Thread (31) | Ignore Thread Prev Thread | Prev | Next | Next Thread

Announcements

Pencils of Promise - Back to School Drive
"Pencils of Promise works with communities across the globe to build schools and create programs that provide education opportunities for children."
Post of the Day:
Macro Economics

Russia Collapsing Again?
What was Your Dumbest Investment?
Share it with us -- and learn from others' stories of flubs.
When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Community Home
Speak Your Mind, Start Your Blog, Rate Your Stocks

Community Team Fools - who are those TMF's?
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and "#1 Media Company to Work For" (BusinessInsider 2011)! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.
Advertisement