I have seen too many articles full of FUD or wishful thinking over the
years trumpeting the impending death and/or irrelevance of Java, when
in fact Java has been getting more relevant every year -a success
other tried to match, with Microsot´s own .net, or Novell´s failed
´Mono´ clone- that one gets overly suspicious about hidden agendas
when you see another round of such articles....
...specially when reports about one security vulnerability in Java
gets disproportionatelly higher exposure than Microsoft´s own. (like I
said, ActiveX has been repeatedly exploited that´s why the latter gets
regularly updated via "ActiveX killbits" as part of WindowsUpdate)
Microsoft knew about IE bug for weeks before patching
"Microsoft knew of the IE zero-day for more than seven weeks before
Eric Romang, the researcher who announced finding an exploit on a
hacker-controlled server, disclosed his discovery Sept. 15. "
So why the different treatment between critical Windows components and
Java? Good question....
That Microsoft and its employees have engaged in the past in
disinformation campaigns is a known fact. Starting with the "barkto
incident" (Google it) to the fake grassroots campaign where dead
people wrote in support of the firm in its legal fight with the US
DOJ, and to the ***"fake security consultant"*** who turned out being
a ***MS employee***, writing to say AOL´s AIM had an ***AOL-installed
security hole*** that put users at risk.
Even dead people write in support of MS
Fake security consultant turns out being MS employee
BM outed as Microsoft´s sock puppet
So, does this mean that the Java bug did not exist?. No, the bug
was/is real. And it was dealt with both by Oracle by releasing an
update, and also preemptively by users, by disabling the Java plug-in,
or whitelisting it only for known sites that need it (via free add-ons
like NoScript), or with a single-click via other addons like
"Preferences Toolbar" http://prefbar.mozdev.org). And again, this was
related to the browser plug-in only, not the java runtime when used to
run Java apps.
What blew my mind was the tons of scaremongering articles telling
everyone to UNINSTALL JAVA completely, rather than advising to:
updating it to the latest version (on my system the auto-updater
kicked in all by itself the same day 1.7_07 was released and
downloaded and installed the latest), and, also as a precaution,
"disable the browser plug-in" to avoid further risks until all these
exploits are plugged.
A far more sensible recommendation than "you don´t need it, it´s
awful, time to get rid of it", without telling users that by doing so,
they would also cripple popular desktop apps installed on their
systems that use Java, like OpenOffice´s database module, or Intel´s
Give me the right to be suspicious about the motives behind such
extreme headlines and wide circulation of the news...
For instance HowtoGeek´s headline
"Java is insecure and awful, time to get rid of it"
Illustrated by this well-spirited image of the Java logo
or betanews "You don´t need Java"
compare with the media coverage of ActiveX holes as ´another fact of
life´ or ´gee, get used to it´:
Be prepared: ActiveX attacks will persist
call it just gut feeling. And no, I don´t have any actual videotaped
proof of any MSFT employee or independent ´citizen journalist´
rejoicing over the news and circulating the scaremongering headlines
so that the snowball grows...
Just my $0.02
Tech writer, Java user, Java advocate since Java 1.0 days.
On Thu, Sep 27, 2012 at 5:16 PM, Anthony Papillion <firstname.lastname@example.org> wrote:
think, more than anything, this shows that we should have some MAJOR
concerns around Java