How is security offered through Java different from Anti-virus and OS updates in Windows PC?

Dr.sunil V June 14, 2014
Pinterest Stumbleupon Whatsapp

How is security offered through Java different from Anti-virus and OS updates in Windows PC?

  1. Dalsan M
    June 14, 2014 at 9:04 pm

    Java updates their software, like most other software developers and companies, to fix known issues and patch security holes. These are very important to install, especially since Java is known to be very lacking in the security department.

    Antivirus and antimalware products help protect the computer in a supportive and active way; if a software product is lacking in security, antivirus and antimalware software can help to protect the system to a point. The software in question (Java) needs to be up to date to ensure highest level of security, aside from not installing and using the software at all. Security software should not be solely relied upon as keeping the computer secure.

    Lastly, nothing will fully protect a system from user error or unsafe browsing and user habits, except for maybe sandboxed virtual environments or Microsoft Deep Freeze. Care should be taken regardless of how knowledgeable (or lack thereof) a person may be on security or habits on web browsing and computer usage.

  2. Hovsep A
    June 14, 2014 at 1:33 pm

    well if there is a vulnerability then java and browser exploit will be updated to fight it, your antivirus through web reputation will block or notify you regarding the danger.

    Java security
    http://en.wikipedia.org/wiki/Java_security

    How do I use Java with the Google Chrome browser?
    https://www.java.com/en/download/faq/chrome.xml

    How do I control when an untrusted applet or application runs in my web browser?
    http://www.java.com/en/download/help/jcp_security.xml
    http://www.java.com/en/download/help/win_controlpanel.xml

    What should I do when I see a security prompt from Java?
    http://www.java.com/en/download/help/appsecuritydialogs.xml

    Package java.security
    http://docs.oracle.com/javase/7/docs/api/java/security/package-summary.html

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463

    Java 6 Zero-Day Exploit Pushes Users to Shift to Latest Java Version
    http://blog.trendmicro.com/trendlabs-security-intelligence/java-6-zero-day-exploit-pushes-users-to-shift-to-latest-java-version/

  3. Oron J
    June 14, 2014 at 12:11 pm

    I don't think there's such as thing as "security offered through Java". Java is mostly a platform for lack of security through a large number of vulnerabilities and unwise design decisions. Many people don't actually use Java and for them, the best security measure is to uninstall Java from their computer. They won't notice the difference, and their computer will be a lot safer.

    Java updates mostly plug the latest discovered vulnerabilities in Java so they are analogous to Windows Security Updates and other application updates. Neither can be compared directly with what an Antivirus or other security software do, which is to actively identify and block malicious software activity (antivirus, antimalware) or to block attempts to attack a computer (firewall etc).

  4. Jan F
    June 14, 2014 at 12:07 pm

    Please elaborate on what you mean by security offered by Java?

    In general Java doesn't add any security. In contrary, it introduces another vulnerability since Java code can be distributed via websites and is executed on the local computer.