|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
01-17-2013, 04:48 AM
|
#1 |
|
Member (10 bit)
Join Date: May 2007
Location: USA, New Jersey
Posts: 534
|
Time to boycott JAVA?
With all the recent concern about JAVA security issues, and the endless updates that include useless software of other vendors, it might be time to begin a JAVA BOYCOTT.
As PC techs, perhaps we should begin a campaign of permanently removing JAVA from all our customer's computers and advising them to quit using any service or app that requires JAVA, making it known that, as consumers, we no longer support anything that requires JAVA. JAVA deserves go extinct due to it's endless security flaws, it's need for constant updates, and for having the audacity to piggyback other vendor's crappy useless software onto the update process. If we can successfully eliminate JAVA it would send a strong message to the entire software developer community that we demand security and we won't tolerate unethical or deceptive marketing practices. It all starts here... LIKE this if you agree. . Last edited by Petef56; 01-17-2013 at 04:58 AM. |
|
|
|
01-17-2013, 04:52 AM
|
#2 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
I am very interested to see other peoples opinions on this.
ForceFlow. what are your thoughts on this?
__________________
Niwa no niwa ni wa, niwa no niwatori wa niwaka ni wani o tabeta. |
|
|
|
01-17-2013, 05:11 AM
|
#3 | |
|
Member (10 bit)
Join Date: May 2007
Location: USA, New Jersey
Posts: 534
|
Quote:
So what's your opinion? ---pete--- |
|
|
|
|
|
01-17-2013, 06:09 AM
|
#4 |
|
Ride 'em Cowboy
Staff
Premium Member
Join Date: Dec 1999
Location: Dallas, Tx
Posts: 9,472
|
Pete - did you write this thread with a browser You developed on an OS you developed
 Does anyone know anyone that has been directly affected by the security issues  Does anyone think the developers created the flaws on purpose I'm in my fifteenth year of doing tech support for software companies. Hardly a month goes by that we don't find a bug that's been around for a while. Sometimes its amazing some of the things we find... Can't help but wonder why our clients don't notice them... Even simple type-o's on reports that have been viewed thousands of times go unreported... As a tech community, it'd make more sense to me if we installed the latest patched version of JAVA to test it and reported any flaws we found 
|
|
|
|
|
01-17-2013, 08:03 AM
|
#5 |
|
Moderator
Staff
Premium Member
Join Date: Nov 2008
Location: Detroit, MI
Posts: 5,221
|
Boycott it? I wouldn't. There's quite a few places on the web where it's employed, rather seamlessly most times. A lot of my customers that have it disabled are finding out they use it more than they realize. Additionally, Java is a program language that supports multiple platforms and saves a great deal of time in the programming process. At the end of the day, one door may close and another will be opened. I just remind customers on the importance of keeping it updated.
Why an outdated Java Plugin is so serious | Mozilla Security Blog |
|
|
|
|
01-17-2013, 08:44 AM
|
#6 | |
|
Barefoot on the Moon!
Staff
Premium Member
Join Date: Aug 2002
Location: Northeastern USA
Posts: 13,802
|
The Java browser plugin has *always* been insecure. It's foolish to think otherwise. The media simply glommed onto this all of a sudden for some reason, when in fact, this is nothing new.
Java used in too many places (especially in a a business environment) to simply drop. All you can do is make sure it's kept up-to-date and that you have adequate antivirus and anti-malware protection in place. But, you're perfectly free to stop using on your own accord. There's obviously nothing preventing you from doing that. Most home users probably wouldn't even notice it was missing if it were disabled in the browser or uninstalled completely. Quote:
In any case, Oracle is in charge of Java, not the software development community. Oracle has always done its own thing (unfortunately), which has been leading to its decline over the past few years.
__________________
There are two secrets to staying young, being happy, and achieving success. You have to laugh and find humor every day, and you have to have a dream.
|
|
|
|
|
|
01-17-2013, 09:03 AM
|
#7 | |||
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
Quote:
Quote:
Quote:
|
|||
|
|
|
|
01-17-2013, 11:43 AM
|
#8 |
|
Saved by grace
Join Date: Sep 2002
Location: Indiana
Posts: 1,549
|
What software did you use to see they were Java exploits?
__________________
My custom work system: ASUS P7P55D-E LGA 1156 / Intel Core i5-750 / CORSAIR XMS3 4GB (2 x 2GB) / Windows XP SP3 / SAPPHIRE 100292L Radeon HD 5450 / 2 LITE-ON 24X DVD Writers SATA Model iHAS424-98 / 2 W.D. Caviars Black WD1001FALS 1TB SATA 3.0Gb/s / Antec Sonata III 500 Black with 500W Power Supply / Rosewill RCR-IC002 74-in-1 USB 2.0 3.5" Internal Card Reader w/ USB port |
|
|
|
|
01-17-2013, 11:46 AM
|
#9 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
MSE and Malwarebytes both reported Java exploits that were allowing a trojan infection.
|
|
|
|
|
01-17-2013, 02:48 PM
|
#10 |
|
Member (10 bit)
Premium Member
Join Date: Jun 2008
Location: Northern Wisconsin
Posts: 697
|
You could say the same thing about Flash, seems like a weekly update for some security issue, HTML5 is chugging along but what can one do. I guess the only safe computer is one that's unplugged from the power grid and no battery.
|
|
|
|
|
01-17-2013, 04:34 PM
|
#11 |
|
Techphile.
Join Date: Nov 2003
Location: San Francisco Bay
Posts: 6,546
|
Boycotts never work and Java is never 100% secure. What a dilemma.
What would substitute for Java? I don't drink tea. 
__________________
Asus P8P67 WS Revolution | Intel 2600K @ 4.7 GHz | Win 7 Pro 64 |8 gigs Corsair 1600 | Two Diamond 6990's in Crossfire| Corsair AX1200 | Thermalright Silver Arrow | Western Digital Black 2TB 64 meg cache | Lian-Li PC-A71B | Logitec Z-5500 | Three Asus 26" VW266H monitors running under Eyefinity | Last edited by David M; 01-17-2013 at 08:44 PM. |
|
|
|
|
01-17-2013, 04:52 PM
|
#12 |
|
Member (10 bit)
Join Date: May 2007
Location: USA, New Jersey
Posts: 534
|
Everone,
Thank you all for your comments and opinions. Everyone seems to agree that JAVA poses a security risk, but to what degree? There also seems to be conflicting opinions regarding whether most people can simply remove JAVA from their computer. =============== Allow me to quote 2 excerpts from 2 different articles... Security Experts: Java Should Be Disabled Unless Necessary - Dark Reading Excerpt... "As it happens, very few websites rely on Java for dynamic content," says Tod Beardsley, Metasploit engineering manager at Rapid7. "Java isn't relied on nearly as much as Javascript and Flash. Most people can disable their Java browser plug-in and not really notice the difference. Java security update - Chicago Tribune Excerpt... Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky Lab. ================ Ok everyone, so at least according to these sources above, most people don't need JAVA for browsing and disabling JAVA in the browser will reduce a person's risk of ALL CYBER ATTACKS by 50%. FIFTY PERCENT!!! That's a huge improvement. I can't find the other article I read recently, but it basically said that JAVA is becoming obsolete for use on websites. In summary, it seems the best overall solution is to run 2 browsers; one with JAVA disabled, and one with JAVA enabled. Then use the "JAVA disabled" browser for all but when JAVA is needed. As for a boycott, I was just testing the waters here and I see now there is no support for that. Too bad. Too bad that most people here don't see that JAVA selling out to companies like ASK or McAfee to piggyback their software onto the JAVA updates is an unethical practice worth boycotting. ---pete--- Last edited by Petef56; 01-17-2013 at 04:55 PM. |
|
|
|
|
01-17-2013, 05:13 PM
|
#13 | |
|
Member (10 bit)
Join Date: May 2007
Location: USA, New Jersey
Posts: 534
|
Quote:
JAVA just happens to be the better target to go after for a boycott because most people don't need it anyway. Who's going to boycott Adobe??? Answer: NOBODY. To anyone who thinks boycotts are a waste of time, it took me all of 2 minutes to find this site below that lists many major successful boycotts. I'm sure I could find more. It's just sad how people are unwilling to stand up for something anymore. We have the ability to cause change but most people have lost their ability to buck the system.  Successful Consumer Boycotts: Ethical Consumer ---pete--- |
|
|
|
|
|
01-17-2013, 05:32 PM
|
#14 | |
|
Member (10 bit)
Join Date: May 2007
Location: USA, New Jersey
Posts: 534
|
Quote:
The reason you go after JAVA is that it's feasible to get people to boycott something they hardly need anyway. Who's going join a boycott against some Apple or Microsoft??? Answer: NOBODY ---pete--- |
|
|
|
|
|
01-17-2013, 07:27 PM
|
#15 |
|
Mondsreitersmann
Join Date: Jul 1999
Location: Skingrad
Posts: 8,969
|
Try it. Start removing it from customers' computers. Whenever they hit a site that requires it and offers the download they will just click, click, click and install it again— along with all the bundled junk.
Better if you install it and make sure the bundled garbage is never installed.
__________________
Darum still, füg' ich mich, wie Gott es will. Nun, so will ich wacker streiten, und sollt' ich den Tod erleiden, stirbt ein braver Reitersmann. |
|
|
|
|
01-18-2013, 09:10 AM
|
#16 | ||
|
Barefoot on the Moon!
Staff
Premium Member
Join Date: Aug 2002
Location: Northeastern USA
Posts: 13,802
|
Quote:
 Remember, you don't actually pay anything for Java. You're perfectly free to use it or free not to. Using it or not using it isn't going to have much of an effect as far as Oracle is concerned, as there isn't an impact on their bottom line. Quote:
|
||
|
|
|
|
01-18-2013, 10:17 AM
|
#17 | |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,162
|
Quote:
|
|
|
|
|
|
01-18-2013, 10:56 AM
|
#18 |
|
Techphile.
Join Date: Nov 2003
Location: San Francisco Bay
Posts: 6,546
|
I just deleted Java off of mine and my wife's computers. It will be interesting to see just how easy or difficult it is to live without it.
|
|
|
|
|
01-18-2013, 12:04 PM
|
#19 | |
|
Mondsreitersmann
Join Date: Jul 1999
Location: Skingrad
Posts: 8,969
|
Quote:
|
|
|
|
|
|
01-18-2013, 12:51 PM
|
#20 |
|
Techphile.
Join Date: Nov 2003
Location: San Francisco Bay
Posts: 6,546
|
In the digital age it is easy to copy something and then for many to think that if something physical was not copied then it is not stealing. It is stealing because it is an opportunity cost to the creator of the content. Basically, that future income will never be realized because the product was stolen. It is the loss of income that a creator never sees.
It is real alright. Economics: Opportunity Costs, Explicit Costs and Implicit costs Opportunity cost - Wikipedia, the free encyclopedia Last edited by David M; 01-18-2013 at 12:54 PM. |
|
|
|
|
01-18-2013, 01:49 PM
|
#21 | |
|
Member (10 bit)
Join Date: May 2007
Location: USA, New Jersey
Posts: 534
|
Quote:
So there's nothing wrong with offering something as an opt-in option, but if you have to resort to trickery get the optional software installed, I consider that unethical. I'm absolutely amazed how you are defending these actions by JAVA. Is that how you treat people? Somehow I don't think so. ---pete--- |
|
|
|
|
|
01-18-2013, 01:57 PM
|
#22 |
|
Member (8 bit)
Join Date: Oct 2008
Location: KY, USA
Posts: 234
|
Last time I checked, there is specifically one whole section of the Java downloader that explicitly asks if one would like to install the "piggybacked" software. I just updated my Java, and there was even a banner at the top that explicitly said "McAfee." It's not vague, and it's not ambiguous. They don't have it hidden in their terms of use or anything of that nature to hide it from the user. And they give the option right in the middle of the page to uncheck the box to not install that software.
I honestly don't see it as being tricked. Perhaps the customers you are dealing with are just clicking the little "Next" button without actually reading what is on the installation dialogues.
__________________
ASUS P7P55D-E | Intel I5-760 @ 2.8GHz | Corsair XMS3 8Gb @ 1333MHz | WD Caviar Black 1TB | HIS Radeon 6850 | Corsair 750TX 750W | ASUS 24x DVD Burner | Antec Nine Hundred | ASUS VW246H 24" | Windows 7 Home Premium 64-bit |
|
|
|
|
01-18-2013, 01:59 PM
|
#23 | |
|
Member (10 bit)
Join Date: May 2007
Location: USA, New Jersey
Posts: 534
|
Quote:
I post my finding here or in a new thread. ---pete--- |
|
|
|
|
|
01-18-2013, 02:13 PM
|
#24 | |
|
Member (10 bit)
Join Date: May 2007
Location: USA, New Jersey
Posts: 534
|
Quote:
The honest way is to have people take action to opt-in. I can't believe I'm having to explain this. Is this what our society has come to. No one has any sense of fair practice and honesty anymore? I see it time and time again, it's the elderly and the young kids that don't know any better that get tricked by these deceptive marketing strategies. That's who I 'm mostly trying to protect. ---pete--- |
|
|
|
|
|
01-18-2013, 02:25 PM
|
#25 |
|
Member (8 bit)
Join Date: Oct 2008
Location: KY, USA
Posts: 234
|
How young is a young kid? I'm quite young, but I don't see myself getting deceived by it. And if I can recall, Java (or Oracle) has had that checkbox for other software to install for quite some time. Why is it only relevant now?
So you're saying I'm getting tricked by Microsoft every time I buy and install a new version of Windows? Because honestly, I would love it if I could just get a clean install of Windows, without having all those stupid links to internet games and games like freecell, solitaire, etc. Just give me the operating system and nothing else. But you don't see me boycotting Microsoft. |
|
|
|
|
01-18-2013, 02:51 PM
|
#26 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,162
|
Pete, in my opinion you are being very unreasonable. You are entitled to your opinion but in MY opinion you are making a mountain out of a molehill.
Look at it this way - nothing I've ever seen coming in with a legitimate download will HARM a person's computer, it's only an annoyance. |
|
|
|
|
01-18-2013, 05:55 PM
|
#27 | |
|
Member (10 bit)
Join Date: May 2007
Location: USA, New Jersey
Posts: 534
|
Quote:
You are putting words in my mouth in an attempt to win your point. That's how weak your argument is. What I said is that people wind up with software on their computers that they don't want or need. All because they don't realize they need to UNCHECK a tiny checkbox. Answer me this question, why doesn't JAVA simply perform the update offering the piggybacked software by having the person opt-in by checking the box? This would be the ethical method to use. I can't believe I have to point this out. ---pete--- |
|
|
|
|
|
01-18-2013, 08:39 PM
|
#28 |
|
the DUKE!
Join Date: Mar 2006
Location: Cocoa, Florida
Posts: 1,596
|
Pete it's not unethical. It's comes down to marketing tactics. I don't like it either, but when you look at it from the other side, it's just a business move.
How many people will say that they 'don't want' or 'want' somethng if they've never tried it? Yes, the little box to uncheck is overlooked by many downloaders that want the originally offered software, but not the additional software. But it is not hidden from view, it is just already preselected. Why?; because the softeare company wants us to try it. And they (the software company) has a better chance of it being tried if it gets installled even if it was done by someone overlooking the little check box. Pete, it is expected that the average user will install the additonal software accidentally; and of those that do, they will have never done so if it was not bundled in; Of that same goup a percentage of people will try the new software and keep it. It is the 'backhand' of good business. You will understand this - only if you've been following along... We know and they know. And they know we know-but they also know, that not 'everybody knows'. You're just mad because you know they know and they're using the 'know' to thier advantage. Okay, so let's be honest here....  Raise your hands, Please! How many of us have 'ever' accidentally installed pre-selected software? I'll go first. Aye
__________________
Gigabyte 880GA-ud3h / 3.1 Phenom II x2 550 BE Callisto(4 cores and OC to 3.4) / Corsair Vengence 2x4gb DDR3 1600 / 640gb WD Black 2ea./HIS 6870/ 650 EarthWatts / Win 7 64bit Last edited by rwest; 01-18-2013 at 08:53 PM. |
|
|
|
|
01-18-2013, 11:13 PM
|
#29 | |
|
Member (10 bit)
Join Date: May 2007
Location: USA, New Jersey
Posts: 534
|
Quote:
Honestly, I don't recall ever being tricked into installling preselected software. I'm a professional and I get paid to teach others how to avoid that kind of thing. About "they know we know".. I say, they can fool most of the people (lemmings & sheeple) most of the time, but they can't fool me. LOL But here's what they are really thinking.. People who will not use their intelligence are no better than animals who do not have intelligence. Such people are beasts of burden and steaks on the table by choice and consent. Hey, I'm not mad. I just see an opportunity here for the consumer to counteract some of these marketing strategies that trick many people and are constant annoyances to most others. If we act like sheep and never buck back, things will only get worse in the future. In fact, I already see it happening with some online software vendors. For example, an online software company has 2 products for sale, one being considerably higher priced. What they do is offer each product simultaniously, but the more expensive product has colorful buttons to click versus the lower priced one which only has drab text links to click on. Most consumers get tricked into buying the more expensive product all due to the manipulative design of choices, not paying close enough attention, and being drawn to the more expensive option. This is just an extension of the opt-out marketing technique that JAVA uses with it's updates. This is the future if consumers act like sheep do nothing now to stop it. ---pete--- Last edited by Petef56; 01-18-2013 at 11:18 PM. |
|
|
|
|
|
01-19-2013, 12:46 AM
|
#30 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,162
|
Pete, I'd advise you to stop pushing me. You have complained in the past about not being respected and it's my turn to turn the tables. I'm not putting words in anyone's mouth and I'm not trying to win any points. I'm simply rebutting what I see as an unreasonable opinion and you are jumping down my throat. Shall I close this thread?
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
