Oracle said that it will finally kill its Java browser plug-in. This move does not come as soon as possible — in the past years, the Java browser plug-in was a easy target for hackers and malware authors. A 2014 report from Cisco said that a whopping 91% of all attacks were targeted at Java.
The situation has improved afterwards ; Cisco’s mid-year 2015 report revealed that for sometime Java was a serious course for concern,the company had made strides on mitigating its attack profile and enhancing total security. As of last year, attacks against Flash were increasing alarmingly, while that of Java declined overall.
Even after these improvements, Oracle is still scaling down the Java plug in when it releases Java 9, and removing it totally at some point after that date. Both Edge and Chrome have already nuked browser support for Java from orbit; Firefox announced plans to do so late last year. Historically, Oracle has been slow to respond to vulnerabilities in Java, and its sandboxing was never as foolproof as the company advertised.
Oracle’s stated reasons for killing the browser plug-ins doesn’t mention the broken sandbox model or the lack of an automatic security update process. Instead, it reads:
In other words, Java was a cool, cutting-edge technology, until pesky browser companies decided to kill it.As Java evolved to become one of the leading mainstream development platforms, so did the applet’s hosts – the web browsers. The rise of web usage on mobile device browsers, typically without support for plugins, increasingly led browser makers to want to restrict and remove standards based plug in support from their products, as they tried to combine the set of features available across desktop and mobile versions. The Oracle JRE can only support applets on browsers for as long as browser vendors provide the requisite cross-browser standards based plugin API (e.g. NPAPI) support.
If you don’t specifically need Java, we recommend uninstalling it. It’s the kind of application that you’ll know if you need (and won’t miss, if you don’t). IE11 still supports Java from within the browser if you need to use it, but Chrome has phased it out and Mozilla is in the process of doing so. Oracle’s migration document suggests that firms which rely on Java’s browser plug-ins should begin investigating “plug-in-free alternatives.”
Computer security is, by its nature, a moving target. Every now and then, however, Team White Hat scores a genuine victory. With Adobe Flash rapidly fading and Java plug-ins facing a near-term expiration date, the Internet should be genuinely safer — at least, for a little while.
No comments:
Post a Comment