Re: Article: Why you can't dump Java (even though you want to)
On 5/8/2012 11:51 AM, Gene Wirchenko wrote:
This was in the morning's trade articles:
www.infoworld.com/d/security/why-you-cant-dump-java-even-though-you-want-192622
InfoWorld Home / Security / Security Adviser
May 08, 2012
Why you can't dump Java (even though you want to)
So many recent exploits have used Java as their attack vector, you
might conclude Java should be shown the exit
By Roger A. Grimes | InfoWorld
Comments?
The article is true but still completely BS.
There is a need for code running client side in web
solutions.
That code runs sandboxed and in theory does not have access
to anything on the client PC.
In practice there are some security bugs in the sandbox that
allows malicious code to gain access that it was not supposed
to have.
Same story whether it is Java applet, Flash, Silverlight,
JavaScript/HTML5 or even to some extent JavaScript/oldHTML.
As long as there is a need for code running client side
then the problem will exist.
Whether it is Java or something else does not matter.
So suggesting disabling Java in the browser is BS.
On can suggest disabling Java, Flash, JavaScript etc.
and see if one can live with the 1996 feeling.
Arne