Oracle Chastised by FTC over Java Patches

[Temmu 1,931]

basically, the ftc said, 'oracle, your handling of java security updates inhales vigorously.'

- this, of course, because java has always patched by simply providing the entire new java se and never deleting the old

- which, of course, leaves the previous security flaws available on your pc since the beginning of time.

 

so... with 3 billion (10^9) copies of java floating around - that's a lot of security holes.

 

because java is so important to banking and e-commerce, will the internet community ever find or adopt a more secure replacement?

 

what do you think??

[securitybreach 11,264]

Openjdk works beautifully and it is what linux distros use since java is proprietary.

 

https://stackoverflo...bage-collection

 

That said, I am sure your thinking of javascript for websites, not java the language.

[Temmu 1,931]

indeed. they are separate, similar in name only.

 

while one may wish for linux and whatever runs on it, we live in the world of multiple copies of java se on millions of pcs.

[securitybreach 11,264]

Speaking of... Google confirms next Android version will use Oracle’s open-source OpenJDK for Java APIs

[Temmu 1,931]

wow. cool!

evil tho google is (from my view) they do seem to be somewhat security conscious. (what with the recent spanking of AVG, and the probability that AVG will be removed from the google app store.)

[Peachy 162]

One way to avoid this is to download the latest version manually. After the install you are taken to an Oracle page where it asks you if you wish to remove older versions of Java.

[V.T. Eric Layton 6,648]

I haven't installed any version of Java on my machines for years. I don't miss it or even notice it's gone. I can't tell you the last time I ran across a website that required Java.

[Temmu 1,931]

java now says, after installing the new version, o, i found older versions, can i uninstall them?

 

so, oracle must have finally got off its security duff and got with the program.

[securitybreach 11,264]

so, oracle must have finally got off its security duff and got with the program.

 

I wouldn't bet on that....

[Temmu 1,931]

i know. but some progress is better than none. and since version 7 something (?) java does security with certs.

 

no, i'm not a fan-boy of java, or the unrelated flash, but sadly, both are required in so, so many business situations.

[securitybreach 11,264]

Very true.

[goretsky 1,173]

Hello,

 

I wonder if one reason that Oracle had been so against removing old versions of Java is that it was counting each installation of the software on the same device multiple times as part of their 3 billion install base?

 

Regards,

 

Aryeh Goretsky

[securitybreach 11,264]

Hello,

 

I wonder if one reason that Oracle had been so against removing old versions of Java is that it was counting each installation of the software on the same device multiple times as part of their 3 billion install base?

 

Regards,

 

Aryeh Goretsky

 

I wouldn't doubt it any.

[Temmu 1,931]

ha ha! wow, i wouldn't put it past 'em!

 

but i know some business (over the internet) apps won't work with newer versions, so sometimes you have to leave a decrepit version on the pc, as well as a newer version to run with the newer stuff.

 

yes, ha-uge security hole.