“Once again, flaws in Java are creating big holes that hackers exploit to victimize users and, even worse, sabotage or spy on many of the computers that run key business processes at utilities, banks, hospitals, and government agencies,” Galen Gruman reports for InfoWorld. “Enough already. Wake up and smell the coffee: Client-side Java needs to go, and fast. Even if the current bugs can be fixed, there will be more.”
“Apple’s response was to deprecate Java in OS X Lion so it was no longer installed as part of the operating system,” Gruman reports. “But when an app needs Java, users get a prompt to download and install it. And many popular apps do, such as Adobe’s Creative Suite and even Symantec Anti-Virus. Oh, the irony that an anti-malware app requires the use of one of the biggest malware conduits to function!”
Gruman reports, “Apple had the right idea but didn’t go far enough. It should prevent Java from ever running in OS X. And Microsoft should do the same in Windows. Apple did that from the get-go in iOS, and few people noticed. The Metro (aka Modern) part of Windows 8 also doesn’t support Java, which is a partial step in the right direction. Even the Java-based Android OS won’t run Java apps or Web plug-ins. Websites that still use Java, such as some banks, telcos, and airlines, will quickly adjust once more operating systems block it, just as websites have largely done after Apple blocked Flash in iOS.”
Read more in the full article here.
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]
Related articles:
Java 7 update 11 security patch fixes nothing; users advised to disable Java – January 14, 2013
Oracle releases Java Version 7 Update 11 – January 14, 2013
Oracle Corp to fix Java security flaw ‘shortly’ – January 12, 2013
Apple blocks OS X Java 7 plug-in as U.S. Department of Homeland Security warns of zero day threat – January 11, 2013
Apple makes OS X even more secure for Mac users by removing Java – October 19, 2012
Apple uninstalls Java applet plug-in from all web browsers – October 17, 2012
New zero-day Java exploit puts 1 billion PCs and Macs running OS X 10.6 or earlier at risk – September 26, 2012
Warning: New Java trojan targets Apple’s OS X along with Windows, Linux – July 11, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
OS X trojan variant preys on Mac users with unpatched Java – February 27, 2012
Jobs: Having Oracle, not Apple, release timely Java updates better for Mac users – October 22, 2010
Apple deprecates its release of Java for Mac OS X – October 21, 2010
“Oh, the irony that an anti-malware app requires the use of one of the biggest malware conduits to function!”
I wouldn’t call that mere “irony”. More like reason #213 not to buy anti-malware software.
Anyway, WebEx and GoToMeeting require Java. I hope they find an alternative.
Are you sure about GoToMeeting? I run it and don’t have Java installed / activated.
Our area wide credit union’s online banking was java based. It was frustrating, slow, sometimes loading sometimes not — horrible. They had a scheduled maintenance with the site down for a morning, and when I log in yesterday… new online banking with NO java. This is what it should have been all along.
If you go back to the original texts on Java for learning Java. They typically a collection of white papers on how to program the different parts of Java. In there they will describe to you that Java in the end was supposed be a iOS or Android type OS for appliances. That is why you cannot access memory registers in Java. Yes appliances…toasters, phones, refrigerators, washers, dryers…etc. Smart everything. So when you take a language so far away from its roots how can we complain with the result?
The moment that Apple prohibits java on Mac OS X people will scream that they are making a huge mistake like they supposedly did with Flash on IOS. (turns out Apple was correct) Flash Sucks. Java has some issues, but is far from sucking. What needs to happen is that it needs to become more secure and it needs to continue that trend. Everything thought secure today will be considered insecure tomorrow. For now just turn off java in your safari prefs.
If a newer more secure version comes out and is tested with the holes closed then turn it on. Don’t be a baby, read learn and protect thyself!
Secure your important data encrypt it, back it up store it elsewhere in a safe place. It does not take much to secure your info properly. I use Onesafe on iOS and encrypt and secure all my personal and financial data. Easy to back up and easy to use. You add that plus icloud remote wiping and you have a fortress.
Java sucks. Get over it.
=:~)
Well wait, which is it?
Either we need Java and Java needs to be secure, or we don’t need Java in which case it should be done with.
“Just turn it off” isn’t an answer if you’re then later confronted with “this needs Java to run”.
It seems to me, that given the history of Java, it needs to die. However, this requires a directed effort by Apple. Cook should meet with the top developers of critical apps and get them to transition off of Java.
Java sounds like it’s a lazy developer issue. Easier has a price.
Java itself isn’t a lazy developer issue. Like OpenGL, it’s almost all cross-platform, with all the pros and cons that come with that (e.g. near-simultaneous releases/updates to Java-based services instead of say Windows first, Mac months later; but can’t take full advantage of a specific platform’s capabilities, and system-level vulnerabilities can affect all platforms).
“Easier has a price”
As Apple users are well aware.
“Oh, the irony that an anti-malware app requires the use of one of the biggest malware conduits to function!”
It’s not irony, it’s good business 😛
Like I always say: TechTardiness is RAMPANT:
Apple had the right idea but didn’t go far enough. It should prevent Java from ever running in OS X.
This guy is ignoring enterprise companies, which is really odd because he writes for InfoWorld. Maybe this is just another stupid ‘August Effect’ in January article where he doesn’t give a rat’s what he writes.
Sorry Galen Gruman who reports for InfoWorld but many vital business apps REQUIRE Java. Many banks REQUIRE their customers run Java for account access. On and on. I would LOVE for Java to be tossed in the trash can of crap technology. It deserves it! I have at least 10 professional Java books including the massive code command libraries. I want to stack them on a funeral pyre! Friends of mine have asked me if they can bring their Java books over and JOIN IN!
But we are STUCK with fracking Java. We are STUCK with lazy lousy Oracle and their shite support for Java. The best we can do is minimize the risk and damage.
Just Turn Java Off.
And if you’re an administrator of Macs with potential LUSER Factor problems:
1) Always force your users to have Standard accounts, never Admin accounts.
2) Lock the Java settings to the minimum required to run the Java crapware required.
3) Keep your potential LUSER machines up-to-date. No slacking allowed on your part.
…Symantec Anti-Virus. Oh, the irony that an anti-malware app requires the use of one of the biggest malware conduits to function!
Yeah, but it’s Symantec. Why would you expect anything sane from Symantec?
As a Java Developer I would add that Oracle is the problem with Java not the Java Language itself. If you take the language and the JVM it is a brilliant piece of work. The problem with Java is the entire J2EE stack that has gotten so big and out of control, and Oracle’s neglect to fix the most important things with the JVM.
I use Java everyday, and I can see it’s great potential, but at the same time, I don’t think its future looks bright as long as Oracle is in the picture. Oracle hires too many incompetent people to ever realize Java’s full potential. It’s sad. — but I agree, turning it off won’t work either.
So now the dilemma. We can’t live without it, and Oracle is too incompetent to fix it. Open JDK ?
If Java is to become functional again, it MUST go open source IMHO. I would like Java to go the way of OpenOffice, another Oracle frack-up. The LibreOffice developers tried to show Oracle the way, they got booted out of the project, they thrived on their own and LibreOffice surpassed OpenOffice. Oracle were shamed and now Apache rules OpenOffice.
GET ORACLE OUT OF THE PICTURE. I hate you Oracle.
http://Mac-Security.blogspot.com
I Agree. The real problem is ORACLE. They are ruining Java!
Oracle has to let go of Java. They fracked it up. The open source community is ready and willing to clean up their catastrophe.
Exactly right.
There are many companies that use server-side Java to write their web applications. Netflix, Twitter, Apple, and Square to name a few. Turning off Java wholesale would probably cost billions of dollars. But I think turning off Client-side Java is prudent.
Author is being irresponsible to an extreme by suggesting that manufacturers dump java without a second thought. Such action should be part of a coordinated effort that involves other companies such as banks. Right now most banks rely on java for providing online banking services, are we all supposed to stop online banking while the banks spend 5 years developing an alternative ?
In Finland I think it’s just one bank Unfortunately it happens to be my bank. I now do all my banking on their iPad app, which is really good, nothing like the broken mess the website system is.
I don’t have it installed and don’t even notice. If an archaic site requires it, then I just wouldn’t use that site.
There is a fundamental problem with the suggestion to dump / disable Java. I’m sure we can all agree that Java as technology used to hold promise fifteen years ago, but the promise was never really realised, and we’ve patiently waited long enough that by now, we’re ready for our “money back” (i.e. giving up on it). The problem is, what alternative does anyone suggest for replacing java with?
This situation is very similar to Flash. While 95% of Flash content out there is frivolous, superficial eye candy, there is the sizeable 5% that actually uses flash for its ActionSript and other abilities unavailable in any other technology (such as often suggested HTML5, which is nowhere near Flash in programability). Exactly the same thing with Java; so many web sites use Java code for things that could easily (and probably more efficiently) be done with PHP or similar scripting language. There are probably even fewer Java-based solutions out there that couldn’t be implemented in any alternative, less complex platform. Still, there is NO realistic solution for the sizable percentage of applications that actually do need Java, unless they are re-written from the ground up in another programming language.
We have ClickToFlash to prevent loading Flash unnecessarily on websites. Why not ClickToJava?
“Click to Java” is not feasible since there is only Javascript in the browser and web pages. Generally, there is no issue with Javascript, so it is not going to be demoted.
Java — not Javascript — is different beast. It is way to run software that is written in this language on almost any number of hardware platform thanks to Java environment engine, which compiles/interprets the bytecode into your PC’s CPU’s code.
This engine has serious security holes. But it is not really related to web browsing.
“It should prevent Java from ever running in OS X.”
No. The day Apple starts telling me what software I can and can’t run (I mean real software, not things designed specifically to be malware) is the day I start using Linux. I’m intelligent enough to make my own decisions about what I run on my computer, and if that means running Java every once in awhile when it’s absolutely necessary, then that’s ultimately my decision, not Apple’s. They are free to advise me on the matter with tools like Gatekeeper, but it ultimately has to be the user’s decision when it comes to computers.
And yet I own an iPad. How do I account for this? Well, I don’t consider the iPad to be the same type of tool that my computer is. My iPad is an extension of my computer, in that I could live without it, but not with it exclusively. In my ecosystem, the iPad is a limited tool that performs several things very well, and my Mac does everything else.
Too many enterprise systems use java.
You should have the option of loading it yourself on OS X just don’t ship it with the OS.
I don’t need another reason to have to use windows at work. Please.
If Steve Jobs was still around today I would have been interested in hearing his remarks to today’s Java fiasco!
The phone would ring in Larry Ellison’s office
“Hi Larry this is Steve, we have to to do something about f*cking java!”
And what about MineCraft???
“Websites that still use Java, such as some banks, telcos, and airlines, will quickly adjust once more operating systems block it, just as websites have largely done after Apple blocked Flash in iOS.”
I keep on reading this, but have not yet experienced it on the web. My most recent two Macs shipped without Flash, and I have chosen not to install it, but I constantly have to launch Chrome, which has Flash sandboxes within, to visit many, many sites. And I’m not even talking about Those Sites. 🙂