Java, wth (on windows, any version)

[Guest]

I once read a book that said Java was secure

since they have released update 10, I have never seen so many people complain.

that said, it has always had problems as far as I recall, the worst being
denial of service attacks via direct memory hacks or loop hacks that lock
your pc up.

I have tried communicating with the makers but havent had time to dig deeper
into them to get a response.

What say you ?

 

[Robert Moir]

I once read a book that said Java was secure

since they have released update 10, I have never seen so many people
complain.

that said, it has always had problems as far as I recall, the worst
being denial of service attacks via direct memory hacks or loop hacks
that lock your pc up.

I have tried communicating with the makers but havent had time to dig
deeper into them to get a response.

What say you ?

I once read a book that said Elvis was still alive. I didn't believe that
either.

Being a bit more serious for a moment (though I was making a serious point
of my opinion of the book you mention), Java adheres to a model which should
*in theory* make it more secure against certain kinds of attacks contained
in Java code you download and run inside the Java Virtual Machine.

It is very good at doing what it does, but *it isn't perfect* and it isn't
magically immune to other kinds of attack.

 

[Guest]

Hello its 4am,

Considering Java is Open Source Code, that alone allows not-desired
intruders.

Too many Web Sites that use Sun's servers, software, and Java have
experienced enormous hostile attacks, the criminal attackers extracted and
downloaded personal confidential data from their Sites. Three examples from
last September, E-Trade, TDAmeritrade, hum, at this moment can't recall the
third.

E-Trade reported losing hundreds of millions $$$, TDAmeritrade would not
fully disclose their data and financial loss.

A few months later, SEC located one of the criminal attackers operating from
Russia using local and off-shore ISPs.

Sometimes using Open Source Code software can be a very costly experience !!

 

[Gerry Hickman]

Hi FireWall2,

Considering Java is Open Source Code,

Are you sure it's open source? It didn't used to be, but maybe they saw
the light?

Too many Web Sites that use Sun's servers, software, and Java have
experienced enormous hostile attacks,

Sometimes using Open Source Code software can be a very costly experience !!

Are you sure Sun Solaris is open source?

I've found (to date) that open source software is MORE secure, mainly
because I can freely ask hackers to test it without any fear of legal
issues.

An example is the Mozilla internet browser. It has as many patches as
IE, but throw them into a hostile environment at the same patch level,
and Mozilla is 100 times more secure. It's also faster and better
designed, better standards compliance, less intrusive security, easier
to install, uninstall and upgrade and does NOT require a reboot unlike
IE. It also is not tied into the core of the Windows o/s, so again much
safer, you can also turn off annoying animations without silly dialogs
popping up and the email and news is much faster and more feature packed
than anything Microsoft has yet to design.

 

[Guest]

Hello Gerry,

Respect your Post, Sun’s Web Site discusses their Open Source Codes,
referred to within the IT world as a “hacker happy†OS.

Have experimented with Firefox and Mozilla, the greatest trouble results
when users include those Browsers with, specifically, Vista, also IE 7
running XP .

One of these days, slowly, folks will fully comprehend the designed inherent
Security within Vista.

Slowly realizing including third party Add Ons does nothing other than
create conflicts within Vista by weakening Vista’s Security, and then
complain by assigning blame toward Vista, instead of accepting blame from
user induced conflict issues.

Historically, beginning with Windows 3.1 each new OS Upgrade was a very
simple tasks for installing and self-learning the new OS Features.

Today, Vista is so technically advanced that Vista does not accept or easily
allow OS modifications. Hence, a **new learning curve** that never have we
experienced while Upgrading a Microsoft OS (old habits are difficult for
breaking).

Seemingly, we are too accustomed to being spoon fed by Microsoft, during an
Upgrade process.

Never before was it entirely necessary for experienced users reading the
Install Instructions and the Help Files, as we do for properly Installing
Vista. The end result, an OS (Vista & IE 7) that performs flawless !!!

 

[Gerry Hickman]

Hi FireWall2,

Respect your Post, Sun’s Web Site discusses their Open Source Codes,
referred to within the IT world as a “hacker happy†OS.

Your original claim was that Java and Solaris were "open source". There
was TALK of making Java open source, but as far as I know this is NOT
the case right now. I don't know which "IT world" said it was hacker
happy, but they probably mean ability to alter the code (hacking as in
coding).

In general open source is better for security; this claim was made
recently in a report by Homeland Security in the US. The reason it's
better, is that you can openly invite hackers (as in penetration
testers) to fire shots at it and find out the weaknesses. It can also be
fixed within minutes whereas you have to wait weeks for Microsoft to
patch things, and you don't know if it's been done properly because you
can't see the code. In 2006 we saw a number of Microsoft patches having
to be re-released because they either didn't fix the problem properly,
or they created some new problem. With open source, you get thousands of
people testing new code as soon as it goes into CVS.

One downside of open source (in the context of security), is that
there's no central place to get all security patches, you have to check
every piece of software separately and they all have their own
procedures (or no procedure at all!)

Have experimented with Firefox and Mozilla, the greatest trouble results
when users include those Browsers with, specifically, Vista, also IE 7
running XP .

What trouble exactly? Fiefox and Mozilla are both superior to
Microsoft's IE when it comes to security. The reason is simple; they run
on top of the o/s, they do not hook directly into the o/s. Most SpyWare
in the days of XP entered via IE, and that's why so many people switched
to the Mozilla/Firefox browser. Rule #8 of security is not to mix and
match o/s with applications; there's supposed to be an abstraction,
unfortunately this is missing in Windows.

Slowly realizing including third party Add Ons does nothing other than
create conflicts within Vista by weakening Vista’s Security,

I'm not sure how? Do you have an example?