Security pros advise users to ditch Java

[JMH]

Security firms are being none too gentle with Oracle's Java following the revelation this week that attackers are using two unpatched Java vulnerabilities to compromise selected targets. The most common advice: Uninstall the Java plug-in in your browser and don't use services that require the software.

On Monday, security firm FireEye revealed that a customer had been attacked with a previously unknown vulnerability. Yet Oracle already knew about the security issue and apparently had an update at the ready to be released on its regularly scheduled patch day in October. With reliable exploits for the vulnerabilities rapidly being adopted by security researchers and cyber criminals alike, the company rushed out a fix for the flaw on Thursday.

http://www.infoworld.com/t/web-secu...e-users-ditch-java-201457?source=rss_security

 

[zigzag3143]

Second source

http://www.pcworld.com/article/2617...erability_in_java_7_patch_hours_after_release.

 

[AceInfinity]

Java is usually a big risk online. Java and Javascript actually. I know many many ways people can utilize them to do harmful things, so with that knowledge when I visit an untrusted site I usually turn them off.

 

[Britton30]

This latest Java exploit makes me wonder why doesn't Oracle hire people from the independent security firms to help write their code?

 

[zigzag3143]

Noscript to the rescue

 

[jcgriff2]

One of the many reasons NO JAVA INSTALLED HERE!

 

[Corrine]

Most people don't need Java installed on their home computers unless they use OpenOffice or play online games.