Still not talking about coffee
Oracle’s Java and Adobe’s Flash have led a long and fruitful life having served a valuable purpose to one and all. However, now is the time for them to retire gracefully, move to a nice quite village, let the young up and comers take over, and live out their days playing shuffle board followed by brunch with the retirement crowd at the local diner. Java. Flash. Your days are numbered.
I’ve stated numerous times that I believe Java and Flash are the two biggest risks to online security. Relics of an Age if I’m being nice. Complete crap if I’m being honest. My position is bolstered almost daily by news of new vulnerabilities found or identified in both programs. “Why don’t I read about these possible exploits on Daves Computer Tips?”, I hear you asking yourself. If we covered all vulnerabilities in both programs to any great extent we would need a team of 10 and it would be almost all we could cover with any depth. Heck, we would have to rename the site to Flashy Dave’s Java News (FDJN is not nearly as easy to type as DCT).
It’s a Dark Dark World out There
So we know that Java and Flash have problems – we all should – but it’s OK because good companies always release timely updates to address exploits. Unfortunately that has simply not been the case in the past. Both companies have a reputation for having outstanding vulnerabilities in their software and not patching all known exploits. Often letting vulnerabilities languish for months on end – I’m not exaggerating.
OK. OK. Someone will jump in now and say I’m spinning a non-issue and scare mongering. Am I? Today’s technology world is much different that just a few years ago when in 2011 I originally suggested you should stay far away from Java. More people have access to high speed internet, more financial activity is conducted online, and more people communicate electronically. All important facts, but no one had hacked Target, no one hacked the Federal Office of Personnel Management, and Snowden hadn’t leaked the secret NSA documents at that time.
The bad guys are getting smarter. In fact, there is an entire dark under side to the internet which is comprised of script kiddies, criminal organizations, and even our very own governments, focusing on the theft or collection of financial and personal information. They operate and collaborate in groups in the dark corners of the internet. This list of adversaries grows daily and they quite often look to Flash and Java as their key to unlock your computer or device.
In the “good old days” a vulnerability was discovered either by a researcher or by reverse engineering a know exploit and a patch was published thereby graciously saving the populous from compromise. This is no longer the case as the bad guys find vulnerabilities and guard them because a vulnerability that isn’t know publicly is as good as gold – and often worth more than gold either financially or in information value. To protect their bounty the bad guys don’t go after mass infections with their new found discoveries, but use targeted attacks on smaller subsets of users to glean specific data.
It’s definitely a shot over the bow of the Flash ship. Maybe a similar fate will befall Java. Apple took a reasonable step in 2013 by blocking Java and I hope that is a precursor to future actions by other browser vendors.
Make the move
Actual programs that require Java are few and far between in the consumer world, but if there is a program that you absolutely can’t live without which requires Java now may be the time to look at alternatives or contact the author about updating their program. If you must have Java installed for a program at least disable Java from within your browsers. If no other option is available my personal preference would be to run Java on a virtual machine.