Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Java 7 and viruses

 
Ranch Hand
Posts: 137
4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there anything new about Java 7 that is contributing to the seeming increase of viruses or exploitable aspects and the many releases we've seen lately to combat them?

I'm concerned that a lot of folks are just turning off Java on their browsers. A big part of my initial attraction to Java was the fact that it seemed rather more virus and hacker resistant than other languages, due to structural elements like the lack of pointers. But lately, it seems there has been a lot of buzz about problems with Java exploits.

I am at a loss, as I don't understand the mechanisms being used to hack Java applets. Are the current problems related to new features in Java 7? Are there new provisions and requirements for securing Java applets?
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've turned off Java on one of my machines. The company I work for requires that all its machines have the latest patches on all their installed software, to avoid security issues. I've spent too much time on that lately, and (hopefully) temporarily turned off Java until things settle down.
 
author & internet detective
Posts: 40035
809
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I remember reading something about how Java 7 did support for dynamic languages opened the door to this. I wish I kept the link for the details.
 
Marshal
Posts: 67430
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Phil Freihofner wrote:I'm concerned that a lot of folks are just turning off Java on their browsers.



Why the concern? Applets are the vacuum tubes of the web, in my opinion; obsolete and not be used. I think that everyone should have Java turned off in their browsers.

 
Phil Freihofner
Ranch Hand
Posts: 137
4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear, what is it that makes Java Applets obsolete in your view? Some aspect of the technology? Is it the business--that they got outmaneuvered by Adobe? (Everyone "needs" Flash to watch You-Tube, after all.) Is it the susceptibility to hackers? (I heard second-hand you have a big thumbs-down on scriptlets, but I haven't heard the reasoning yet. Am wondering if the reasoning might be related.)

What do you suggest as a more current alternative to Applets?

There are things I have programmed and wish to continue to program, such as games, as utilities, that just couldn't happen with HTML5 or Flash. Maybe some of this is just not wanting to pay the $$ to use Flash, I'll admit. Some of the stuff I'm doing via applets: procedural FM Synthesis, procedural Perlin noise textures, both in service of a little browser game, some physics modeling (sound waves in cones).

But as interesting as this is (debating whether JApplet is obsolete), I'd also like to know just what it is about the updated Java that is making the hacking situation worse than it was previously. That was my original question. And whether or not there are things that a developer can do in coding to minimize risks.

(I was also wanting to take part in the Java 7 book raffle! )
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Phil Freihofner wrote:Bear, what is it that makes Java Applets obsolete in your view? Some aspect of the technology? Is it the business--that they got outmaneuvered by Adobe? (Everyone "needs" Flash to watch You-Tube, after all.) Is it the susceptibility to hackers? (I heard second-hand you have a big thumbs-down on scriptlets, but I haven't heard the reasoning yet. Am wondering if the reasoning might be related.)


Flash is, like Java applets, also quickly becoming a dinosaur of the web. Java applets and Flash have been supersided for the most part by HTML5 and JavaScript. Adobe stopped developing Flash for mobile platforms (phones and tablets), which is strange, since phones and tablets are taking over laptops and desktop computers. It looks like even Adobe doesn't really believe anymore in a bright future for Flash.

Scriptlets (I guess you mean pieces of Java code embedded in JSP pages) is a completely different story. The reason why you shouldn't use them is because it makes your code very messy. If you put for example code to do a JDBC query in a scriptlet in a JSP, you are severely mixing up the user interface layer of your application with the data access layer, which will quickly make your application an unmaintainable mess.

Phil Freihofner wrote:What do you suggest as a more current alternative to Applets?

There are things I have programmed and wish to continue to program, such as games, as utilities, that just couldn't happen with HTML5 or Flash. Maybe some of this is just not wanting to pay the $$ to use Flash, I'll admit. Some of the stuff I'm doing via applets: procedural FM Synthesis, procedural Perlin noise textures, both in service of a little browser game, some physics modeling (sound waves in cones).


HTML5 and JavaScript. In the last few years, JavaScript performance in browsers has improved dramatically. This started when Google added their V8 JavaScript engine to Chrome, a very sophisticated JavaScript engine that does JIT compilation and many other optimizations. Now other browsers also have similar JavaScript engines.

You can do much more with HTML5 and JavaScript than you think, it's easily good enough for games that used to be programmed in Flash previously. People build the craziest things in JavaScript, things that a few years ago you would think would be impossible. There's for example a version of Angry Birds that runs in browsers which is written in HTML5 and JavaScript, including all the animations, physics simulation etc.

Phil Freihofner wrote:But as interesting as this is (debating whether JApplet is obsolete), I'd also like to know just what it is about the updated Java that is making the hacking situation worse than it was previously. That was my original question. And whether or not there are things that a developer can do in coding to minimize risks.


The main problem is in the Java browser plug-in. I don't know about the details of the recent string of security problems, and I don't think that there's much that you as a Java developer can do besides not writing applets so that your clients don't need to have the Java browser plug-in installed.
 
Clowns were never meant to be THAT big! We must destroy it with this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic