Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Java disable control needed in browsers?

  1. #1

    Question Java disable control needed in browsers?

    I apologize in advance for being long winded.

    I don't know how many of you have heard about the KoobFace that was recently created for Macintosh (October 2010). It uses Java to do the install. I have news for you. That Java code also runs on Linux and Windows as long as Java is installed and plugged into your browser. I assumed I did not have Java on OpenSuse 11.3 because it never showed up as an option to turn off in Firefox prefs. I said nothing to get Java with the 11.3 install. OTOH, I had to install whois. If Firefox had a preferences control for Java I would have turned it off until it is needed. Imagine my surprise to be asked by multiup.org once I turned off ABP and my PAC filter because the rule I was testing "advertising\." blocked it to be staring at a request to install and run a Java app! It is the first one I have observed since installing OpenSuse 11.3 over six months ago. In fairness JRE did request my permission to run it and when I did ask for more information it told me the app was signed by a dubious and untrusted source. RUN DISALLOWED! Would some normal computer user know to do that and continue to disallow it until they knew more? I have more news for you - some Macintosh owners said yes to both the JRE query and then to the OS sudo query for Java KoobFace and were successfully infected. Java has more risk than people believe. Once hackers start to use Java you have a dandy multi-platform infection agent. Fortunately, I can't even get the binaries for my utility programs compiled on OpenSuse 11.3 to work on Ubuntu 10.04. I had to recompile the programs on Ubuntu 10.04. Until the hackers figure out one size doesn't fit all for Linux you have an extra edge of protection if you are a Linux user.

    Despite all of the whines I read in the forum abut Java not working, I do NOT want Java installed by default unless I have more control over it than just an interactive query. I consider the risk of whois much less than the risk for Java. Unless there is more control for Java in the browsers you may be better off without Java. Generally speaking, from a security standpoint JRE should never be enabled until you need it. Here is what I have using rpm (I used software control only to be staring at nothing familiar - thus why I used rpm):

    $ rpm -qa | grep -i java
    java-1_6_0-openjdk-1.6.0.0_b20.1.9.1-0.2.2.i586
    timezone-java-2010l-0.2.1.noarch
    java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.1-0.2.2.i586

    Question 1.
    Will control over when to be able to use Java ever be put back into Firefox? If not then I really don't want Java at all. I don't have the JRE plugged into any of the browsers on Ubuntu or the two versions of Windows that I have and have never missed it. There is another factor at play here. I produce filters to filter out bad stuff and I REALLY do not want Java enabled most or all of the time. I put up with flash because you always need it. In fact, when I am informed I have X viruses in my "Documents and Settings" folder on Linux you KNOW what you are looking at - a flash run. The host that did it is black-listed instantly. What ever it is leading to, no Windows user wants.

    Question 2:
    If number one cannot be done, would removing the openjdk-plugin package severely damage things or break something? Is that all that needs to be removed or do all three or even more things need to be removed? Unless I can control when I am seeing that JRE prompt I would rather not even see it. I might be tired or sick on next one I see 6+ months from now and stupidly click on "yes, run it!" Novice users would be perplexed by those pop-up requests to run because it did not say it was a Java app. I am concerned about removing Java though. All of the stuff showing up in OpenSuse's Software panel leads me to believe that if I remove Java I may break something.

    The main use I see for Java is companies internal house apps. On the Internet, my advice is to not let any distrusted Java app to run until you do some VERY THOROUGH checking. Has anybody actually observed a trusted (legitimately signed) Java app at all? I haven't.

  2. #2
    Join Date
    Mar 2010
    Location
    Austin - Texas
    Posts
    10,140
    Blog Entries
    48

    Smile Re: Java disable control needed in browsers?

    First off, I do share your concern over viruses and malware and want eveyrone to have control over their system. I claim to be no expert per say on Java, but I thought that if you use the Firefox command about:config, search on Java and change the following setting javascript.enabled;true to javascript.enabled;false, Java does not run. Am I missing something there?

    Believe it or not, I don't recommend you use the following files you show if you want full java compatability:

    Code:
    $ rpm -qa | grep -i java
    java-1_6_0-openjdk-1.6.0.0_b20.1.9.1-0.2.2.i586
    timezone-java-2010l-0.2.1.noarch
    java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.1-0.2.2.i586
    I normally use the files:

    Code:
    java-1_6_0-sun-1.6.0.u22-1.2.1-x86_64 -> openSUSE                                                                                                             
    java-1_6_0-sun-alsa-1.6.0.u22-1.2.1-x86_64 -> openSUSE                                                                                                        
    java-1_6_0-sun-plugin-1.6.0.u22-1.2.1-x86_64 -> openSUSE
    But perhaps these are more susceptible to problems. Sorry I did not exactly answer your questions.

    Thank You,
    My Blog: https://forums.opensuse.org/blogs/jdmcdaniel3/

    Software efficiency halves every 18 months, thus compensating for Moore's Law

    Its James again from Austin, Texas

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Java disable control needed in browsers?

    This is really a Firefox question and a quick search gave the answer:

    How to turn off Java applets

    I don't have the Java plugin package installed anyway and I haven't missed it. As you say, it's mostly internal apps that use Java applets. It never was very popular and websites have turned to other technologies for client side execution.

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Java disable control needed in browsers?

    Quote Originally Posted by jdmcdaniel3 View Post
    First off, I do share your concern over viruses and malware and want eveyrone to have control over their system. I claim to be no expert per say on Java, but I thought that if you use the Firefox command about:config, search on Java and change the following setting javascript.enabled;true to javascript.enabled;false, Java does not run. Am I missing something there?
    Java and Javascript are different languages.

  5. #5
    Join Date
    Mar 2010
    Location
    Austin - Texas
    Posts
    10,140
    Blog Entries
    48

    Smile Re: Java disable control needed in browsers?

    ken_yap
    This is really a Firefox question and a quick search gave the answer:

    How to turn off Java applets

    I don't have the Java plugin package installed anyway and I haven't missed it. As you say, it's mostly internal apps that use Java applets. It never was very popular and websites have turned to other technologies for client side execution.

    Java and Javascript are different languages.
    Hello there ken_yap. So I do now remember you can Disable any plugin such as Java. What would you be able to do with Java if the Java plugin is enabled and javascript is disabled? Now I am just asking as an already declared non-expert on Java.

    Thank You,
    My Blog: https://forums.opensuse.org/blogs/jdmcdaniel3/

    Software efficiency halves every 18 months, thus compensating for Moore's Law

    Its James again from Austin, Texas

  6. #6
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Java disable control needed in browsers?

    Lack of Java applet execution will affect very few websites. Most people will not even miss it. As I said, I don't.

    Lack of Javascript will disable many modern features. A lot of pages are written assuming Javascript is available and the poorly written ones don't have fallback to work without Javascript.

  7. #7
    Join Date
    Mar 2010
    Location
    Austin - Texas
    Posts
    10,140
    Blog Entries
    48

    Smile Re: Java disable control needed in browsers?

    Lack of Java applet execution will affect very few websites. Most people will not even miss it. As I said, I don't.

    Lack of Javascript will disable many modern features. A lot of pages are written assuming Javascript is available and the poorly written ones don't have fallback to work without Javascript.
    So I was right in my thinking that if you did not want to get a problem from Java, you would disable Javascript, right? Now that does not mean using the internet would be all of that fun without Java of course. What course of action do you take with Java, if your concern in malicious java code running, being asked by someone that does not claim to understand it all.

    Thank You,
    My Blog: https://forums.opensuse.org/blogs/jdmcdaniel3/

    Software efficiency halves every 18 months, thus compensating for Moore's Law

    Its James again from Austin, Texas

  8. #8
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Java disable control needed in browsers?

    Quote Originally Posted by jdmcdaniel3 View Post
    So I was right in my thinking that if you did not want to get a problem from Java, you would disable Javascript, right?
    No, you still don't get it. Java and Javascript are separate things. The control for one doesn't affect the other.

  9. #9
    Join Date
    Mar 2010
    Location
    Austin - Texas
    Posts
    10,140
    Blog Entries
    48

    Smile Re: Java disable control needed in browsers?

    No, you still don't get it. Java and Javascript are separate things. The control for one doesn't affect the other.
    For the fear of not making you mad, I might ask, if you were concerned about Viruses and Malware, which claimed to use Java, what would you do to your Java settings, any of them?

    Thank You,
    My Blog: https://forums.opensuse.org/blogs/jdmcdaniel3/

    Software efficiency halves every 18 months, thus compensating for Moore's Law

    Its James again from Austin, Texas

  10. #10
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Java disable control needed in browsers?

    Disable Java from the Plugins dialog, or if more paranoid, not install the Java plugin package.

    Again, Java and Javascript are different languages with different syntax and semantics. They have some superficial similarities. Java is executed via a Java plugin that contains a Java interpreter to execute JVM bytecode that is sent from the website. Javascript is nearly always associated with and embedded in a webpage and executes in the context of the web document.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •