Does anyone know anything about Java security

[wolf_bluejay]

No, java does not have huge security holes... Adobe Acrobat, adobe flash, MS outlook are HUGE security problems. Java might have some, but a little common sense goes a long way. For a java program to get to the underlying system, you will almost always get a little pop-up that states java is trying to access you system (sometimes needed for printing, etc). If it shouldn't be doing it, they say no.

PS. I work every single day with a massive government system that has a lot of FOIPPA legals to go with it, it runs on java, and only works with older versions. No significant security issues so with it. You are MUCH more likely to get problems from someone who opened the wrong e-mail or read a nasty PDF, (even worse, opened a nasty PDF inside outlook) and has a trojan that logs keystrokes to record password and draw info out of the system that way, rather than a problem with java directly.

All in, if the software you NEED is java, and it can't run on never version -- what would be the solution? One of the best things you can do is what I do on a regular basis for the "really, really secure stuff" is to use Vmware, or vitualbox and install (linux/xp/whatever) into it, and then run the program from there. it can't touch the computer that is hosting it, thus protecting the data. And as a bonus, if you keep basic copies of the VM, you get throw away machine to play with software you don't trust.


Disclaimer: I AM a computer security expert (Degree to go with it and everything).

Quote:

Originally Posted by trilinearmipmap

I am not a computer whiz but I have been advised that Java has got some serious security issues and I have some questions for those who know more about this. Specifically I have heard that the older versions of Java had huge security flaws that would make your computer vulnerable to hacking. As I understand there were updates to Java to try and cover these security flaws.

The issue came up today at work. I work with a big organization that has hundreds or thousands of computers. The organization deals with critical data that has important safety and privacy aspects and a security breach would be devastating. One of their programs would not work on my computer and when I called tech support I was told "our program is not compatible with the latest version of Java, you need to un-install Java and then re-install the earlier version of Java". When I called the tech support guy on this he admitted that it made no sense but said that he doesn't make the decisions, upper management does.

My understanding is if I do this I am exposing my computer to hacking etc. Not only that but if the hundreds to thousands of computers in this organization are running the older version of Java then they have got a serious security problem.

Anyway I need some feedback from someone who knows more about this before I take the issue up with someone in management. I don't want to raise this as a serious security issue if it really is not.