Is Java Safe

N

nikonuser

Suspended / Banned
Messages
2,537
Name
Dave
Edit My Images
Yes
I have bought gps4cam which is an iPhone app to log my images but when I go to install the desktop software it is asking me to download Java Runtime Environment 1.60_14.
Is it safe to do this or do I need to go back to the app creator
Thanks
Dave
 
java 7 can be a bit iffy for some apps
 
Thanks Guys, why do apps need Java??
Dave
 
nikonuser said:
Thanks Guys, why do apps need Java??
Dave
Click to expand...

What you download is something called JRE, Java Runtime Environment

Java is a programming language, it is platform independent, that means you can run java programs on windows and (for example) linux.
In order to make the programs you write work you need something to sit between your program and the operating system of the machine so you can do stuff like access disk drives and so on - thats what the JRE does.

Microsoft have something (sort of) similar in the .Net framework, you can use a .Net language (like C#) to write an application, when you run your app it uses the .Net framework to interact with the operating system. There are differences in the actual way .net and JRE work but technicalities aside it roughly does the same job.
The advantage that .Net has is its installed on pretty much every windows PC out there.

Java has been around since the mid 90s, originally it was aimed at large business solutions (we call this "enterprise" nowadays).

When you see a webpage using java its because the webpage has something called a java applet on it.
An applet is basically a small program. The problem with them is that they run outside of the browser process and use the JRE. This is dangerous because the applet might get full access to the machine - install software, scrape the hard disk for identity info - whatever.

Recently the JRE and applets especially have been found to have lots and lots of vulnerabilities, these duly get patched but applets are basically seen as bad news and should be avoided as much as possible.

The problems have started to affect the enterprise : http://www.computerweekly.com/news/2240181037/Enterprises-abandon-Java-due-to-security-holes do a search for "java security" or "java vulnerabilities" and you'll find a whole host of problems.

In short Java is becoming a bit old and creaky, its insecure and (imho) has had its time. It'll be around for a while because there are lots of legacy systems that are written in it. Oracle own java after they purchased sun microsystems - opinion on if this is a good thing or not is very divided.

If you must install the JRE I would disable it in your browser (see http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ for example), so nothing can run without your explicit permission to do so. This might be a pain in the backside but its safer.
Preferably avoid installing it completely.
 
Thanks Mark for the detailed explanation, really appreciate some insight into what I could be letting myself in for.
Since the gps4cam app was only a couple of quid I think I will pass on it and not put myself at risk through the installation of JRE.
May look at a proper gps unit when ready.
Thanks again
Dave
 
if that software is downloaded & installed on your machine and doesn't run in a browser I would be happy enough to install it.

For home users the real problems are when you run it via a browser.
 
OK thanks for that update.
 
I think that's all a bit scaremongering really. Like I said earlier as long as you keep your java up to date (and your av) and don't download junk software you should be fine.


Like I said earlier we have to run a really old version (in a web page) and none of our 250 or so users have had any java exploits.
 
neil_g said:
Like I said earlier as long as you keep your java up to date (and your av) and don't download junk software you should be fine.
Click to expand...

I don't generally subscribe to internet paranoia, especially over firewall / AV / security vunerability things, but in the case of java there is some reason to be cautious.

After all, it's only a few months since the last zero day exploit in the JRE forced Oracle to rush out a patch. I still keep the JRE on everything, but would not be surprised if further weaknesses are discovered. The source code for the run time library never used to be very good back in the Sun days (long before it was Oracle, or GPLed).
 
onomatopoeia said:
I don't generally subscribe to internet paranoia, especially over firewall / AV / security vunerability things, but in the case of java there is some reason to be cautious.

After all, it's only a few months since the last zero day exploit in the JRE forced Oracle to rush out a patch. I still keep the JRE on everything, but would not be surprised if further weaknesses are discovered. The source code for the run time library never used to be very good back in the Sun days (long before it was Oracle, or GPLed).
Click to expand...

cautious is fine, just don't be one of these people (like my missus) who keeps pressing NO when prompted to update Java and subsequently gets an exploit (although it never managed to do anything as avast kept blocking its attempt to download malicious packages).
 
I'm not very computer literate so for me it's better to be safe than sorry.
Thanks all for the detailed info. on Java really appreciate it
Dave
 
As long as you have your Java plugin set to prompt before running you should be OK...and don't run it unless you are on a legitimate site and there is a reason for doing so.

FYI 'If you keep Java up to date then you are fine' isn't true, the JRE is riddled with 0-day vulnerabilities that are being exploited in the wild.
 
You must log in or register to reply here.
Back
Top