Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Oct 22, 2011

Update Java — or just remove it

Oracle recently released an update to its Java software, fixing more than 20 critical security issues in the software. Krebs has a good post on the update, briefly discussing the vulnerabilities and the fact that Java vulnerabilities are exploited for real.

I have to say that in recent years I've installed Java more due to habit than because of an actual need for the software. So when I got the update bubble in the corner of my screen, I figured "of course". I knew they, among other things,  fixed the same-origin-policy bypass used in the BEAST attack (You'll find a straight forward explanation of the Java vulnerability here, and links to resources on BEAST here). So I started the update process, and this was one of the first screens I was presented.



Oracle is clearly working to improve the image of Java:
Java provides safe and secure access to the world of amazing Java content.
Does it now? And they go on to claim:
Java makes your internet experience come to life.
 We'll see about that. Why? Because clicking "Install" took me to the next screen:


This is an unwelcome blast from the past. Not only is this free add-on stuff an extra step that clutters the update process — the direct opposite of what e.g. the browser vendors are working towards these days. This step also changes your default search provider and installs new and unrelated software that probably needs to be updated too. Ten years ago I was used to click through two or three screens with "do you want this free and amazing add-on?" during a software installation. Now it feels more like malware.

Being asked to install the Ask browser add-on depleted my patience. I cancelled the update, went to the control panel and removed the Java installation. It'll be interesting to see how it goes the next couple of week since I now risk that my internet experience won't "come to life".

Even though I don't have Java installed anymore, many people have and many people actually need it installed. To keep these users safe I would urge Oracle to:

  • Keep fixing security vulnerabilities in Java
  • Work towards a smoother update process, like the rest of the big players do
  • Stop polluting browsers with "free add-ons" in the process
It should be hassle free for users to keep your software safe and secure.

25 comments:

  1. No Java, no Internet banking in Norway for you. (Unless you are using BankID on your mobile phone, something only a minority as access to). Please, prove me wrong. :-)

    ReplyDelete
  2. No Java means limited options for Internet banking in Norway, there we agree. And just for the record, my intention is not to start a mass "uninstall Java" movement with this post. :)

    Since many users actually need Java installed, because of e.g. online banking applications, I hope Oracle will put some effort into streamlining the update procedure. A natural first step would be to stop pushing the add-ons! :)

    ReplyDelete
  3. Oracle? Smooth install? You must be kidding..

    ReplyDelete
  4. First time I am visiting this blog. I found so many entertaining stuff in this blog, especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the leisure here! Keep up the excellent work. Check for essay writing service reviews

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Well, sometimes, you need earlier version of Java. For example, I neede some Java programming help and I visited some courses where we were passing old MIT tutorials. There was a great template for understand how algorythms work and it was builded on 6 Java. SO we neede to downgrade our machines to that version.

    ReplyDelete
  7. Thanks for this article. I think you should also see this post on cell phone spying app.

    ReplyDelete
  8. This good to use words with friends cheat.

    ReplyDelete
  9. I've wrote my first site's backend on Java https://narrativeessays.org/. Check it!

    ReplyDelete
  10. Thanks for writing such a quality write-up! I hope other people get much help from this writing piece as well. Students struggling to write their assignments can opt for our online assignment help and get their coursework written by qualified assignment experts.

    ReplyDelete
  11. Pocket Mortys is the role-playing game based on Rick and Morty theme. The game is also known as Rick and Morty: Pocket Mortys.

    Pocket Mortys Recipes

    ReplyDelete
  12. This is really very nice blog and so informative. Thanks a lot for sharing this article. www.hotmail.com

    ReplyDelete
  13. Thanks for this article. Kingroot is available free of cost on online site https://kingrootapkapp.com/

    ReplyDelete
  14. First time I am visiting this blog. I found so many entertaining stuff in this blog, especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the leisure here! Keep up the excellent work.

    ReplyDelete
  15. Assignment help service in usa for the student seeking help. We are provide the assignment help, writing service with the professional academic writer in minimal price.

    ReplyDelete
  16. I consider myself of being not a techsavvy at all. This technical issues look like big problems for me. I always ask my collegues from https://service-essaywriting.com for assistance.

    ReplyDelete
  17. Why you are waiting for the Dissertation statistics Help, don't waste more time and visit to the Students Assignment Help and make your way towards academic success. We are giving you timely delivery of all our work and students will not face any trouble.

    ReplyDelete
  18. WWE Summerslam 201829 July, 2018 14:04

    WWE Summerslam 2018 marks the 31st edition of the event after it was inaugurated in 1988. The event will take place on August 19, 2018, at the iconic Barclays Center in Brooklyn, New York.

    Summerslam 2018 live
    Summerslam live

    http://wwesummerslam2018.org/wwe-summerslam-2018-location-date-start-time-matches-live-stream/

    ReplyDelete
  19. The Government of Telangana has issued the e-pass Scholarships for the students who are belonging to the lower middle class and middle class students for 2018-19 academic year.

    TS ePASS
    telanganaepass.cgg.gov.in

    ReplyDelete
  20. The blog you have shared is very good. This is really interesting information for me. Thanks for sharing! I am offering dissertation help to students in UK at low price.

    ReplyDelete
  21. When I got an update bubble in the corner of my screen I usually ignored that. With this article you showed me that I shouldn't. Thanks a lot, I learned a lot of interesting details from your post. I am currently working on a research based on Roy Maclaughlin's article on Resume vs LinkedIn if anyone is interested feel free to contact me, I am open for conversation.

    ReplyDelete
  22. I am happy to find this post very useful for me, as it contains lot of information. I always prefer to read the quality content and this thing I found in you post. Thanks for sharing. Visit here: Assignment Help

    ReplyDelete
  23. This is an excellent post I seen thanks to share it. It is really what I wanted to see hope in future you will continue for sharing such a excellent post. Visit Us: My Assignment Help

    ReplyDelete

Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts