Java, wth (on windows, any version)

01-08-2007

I once read a book that said Java was secure

since they have released update 10, I have never seen so many people complain.

that said, it has always had problems as far as I recall, the worst being
denial of service attacks via direct memory hacks or loop hacks that lock
your pc up.

I have tried communicating with the makers but havent had time to dig deeper
into them to get a response.

What say you ?

01-09-2007

its 4am wrote:
> I once read a book that said Java was secure
>
> since they have released update 10, I have never seen so many people
> complain.
>
> that said, it has always had problems as far as I recall, the worst
> being denial of service attacks via direct memory hacks or loop hacks
> that lock your pc up.
>
> I have tried communicating with the makers but havent had time to dig
> deeper into them to get a response.
>
> What say you ?

I once read a book that said Elvis was still alive. I didn't believe that
either.

Being a bit more serious for a moment (though I was making a serious point
of my opinion of the book you mention), Java adheres to a model which should
*in theory* make it more secure against certain kinds of attacks contained
in Java code you download and run inside the Java Virtual Machine.

It is very good at doing what it does, but *it isn't perfect* and it isn't
magically immune to other kinds of attack.

01-11-2007

Hello its 4am,

Considering Java is Open Source Code, that alone allows not-desired
intruders.

Too many Web Sites that use Sun's servers, software, and Java have
experienced enormous hostile attacks, the criminal attackers extracted and
downloaded personal confidential data from their Sites. Three examples from
last September, E-Trade, TDAmeritrade, hum, at this moment can't recall the
third.

E-Trade reported losing hundreds of millions $$$, TDAmeritrade would not
fully disclose their data and financial loss.

A few months later, SEC located one of the criminal attackers operating from
Russia using local and off-shore ISPs.

Sometimes using Open Source Code software can be a very costly experience !!

--
Firewall

"its 4am" wrote:

> I once read a book that said Java was secure
>
> since they have released update 10, I have never seen so many people complain.
>
> that said, it has always had problems as far as I recall, the worst being
> denial of service attacks via direct memory hacks or loop hacks that lock
> your pc up.
>
> I have tried communicating with the makers but havent had time to dig deeper
> into them to get a response.
>
> What say you ?

01-11-2007

Hi FireWall2,

> Considering Java is Open Source Code,

Are you sure it's open source? It didn't used to be, but maybe they saw
the light?

> Too many Web Sites that use Sun's servers, software, and Java have
> experienced enormous hostile attacks,

> Sometimes using Open Source Code software can be a very costly experience !!

Are you sure Sun Solaris is open source?

I've found (to date) that open source software is MORE secure, mainly
because I can freely ask hackers to test it without any fear of legal
issues.

An example is the Mozilla internet browser. It has as many patches as
IE, but throw them into a hostile environment at the same patch level,
and Mozilla is 100 times more secure. It's also faster and better
designed, better standards compliance, less intrusive security, easier
to install, uninstall and upgrade and does NOT require a reboot unlike
IE. It also is not tied into the core of the Windows o/s, so again much
safer, you can also turn off annoying animations without silly dialogs
popping up and the email and news is much faster and more feature packed
than anything Microsoft has yet to design.

--
Gerry Hickman (London UK)

01-11-2007

Hello Gerry,

Respect your Post, Sunâ€™s Web Site discusses their Open Source Codes,
referred to within the IT world as a â€œhacker happyâ€ OS.

Have experimented with Firefox and Mozilla, the greatest trouble results
when users include those Browsers with, specifically, Vista, also IE 7
running XP .

One of these days, slowly, folks will fully comprehend the designed inherent
Security within Vista.

Slowly realizing including third party Add Ons does nothing other than
create conflicts within Vista by weakening Vistaâ€™s Security, and then
complain by assigning blame toward Vista, instead of accepting blame from
user induced conflict issues.

Historically, beginning with Windows 3.1 each new OS Upgrade was a very
simple tasks for installing and self-learning the new OS Features.

Today, Vista is so technically advanced that Vista does not accept or easily
allow OS modifications. Hence, a **new learning curve** that never have we
experienced while Upgrading a Microsoft OS (old habits are difficult for
breaking).

Seemingly, we are too accustomed to being spoon fed by Microsoft, during an
Upgrade process.

Never before was it entirely necessary for experienced users reading the
Install Instructions and the Help Files, as we do for properly Installing
Vista. The end result, an OS (Vista & IE 7) that performs flawless !!!

--
Firewall

"Gerry Hickman" wrote:

> Hi FireWall2,
>
> > Considering Java is Open Source Code,
>
> Are you sure it's open source? It didn't used to be, but maybe they saw
> the light?
>
> > Too many Web Sites that use Sun's servers, software, and Java have
> > experienced enormous hostile attacks,
>
> > Sometimes using Open Source Code software can be a very costly experience !!
>
> Are you sure Sun Solaris is open source?
>
> I've found (to date) that open source software is MORE secure, mainly
> because I can freely ask hackers to test it without any fear of legal
> issues.
>
> An example is the Mozilla internet browser. It has as many patches as
> IE, but throw them into a hostile environment at the same patch level,
> and Mozilla is 100 times more secure. It's also faster and better
> designed, better standards compliance, less intrusive security, easier
> to install, uninstall and upgrade and does NOT require a reboot unlike
> IE. It also is not tied into the core of the Windows o/s, so again much
> safer, you can also turn off annoying animations without silly dialogs
> popping up and the email and news is much faster and more feature packed
> than anything Microsoft has yet to design.
>
> --
> Gerry Hickman (London UK)
>

02-04-2007

Hi FireWall2,

> Respect your Post, Sunâ€™s Web Site discusses their Open Source Codes,
> referred to within the IT world as a â€œhacker happyâ€ OS.

Your original claim was that Java and Solaris were "open source". There
was TALK of making Java open source, but as far as I know this is NOT
the case right now. I don't know which "IT world" said it was hacker
happy, but they probably mean ability to alter the code (hacking as in
coding).

In general open source is better for security; this claim was made
recently in a report by Homeland Security in the US. The reason it's
better, is that you can openly invite hackers (as in penetration
testers) to fire shots at it and find out the weaknesses. It can also be
fixed within minutes whereas you have to wait weeks for Microsoft to
patch things, and you don't know if it's been done properly because you
can't see the code. In 2006 we saw a number of Microsoft patches having
to be re-released because they either didn't fix the problem properly,
or they created some new problem. With open source, you get thousands of
people testing new code as soon as it goes into CVS.

One downside of open source (in the context of security), is that
there's no central place to get all security patches, you have to check
every piece of software separately and they all have their own
procedures (or no procedure at all!)

> Have experimented with Firefox and Mozilla, the greatest trouble results
> when users include those Browsers with, specifically, Vista, also IE 7
> running XP .

What trouble exactly? Fiefox and Mozilla are both superior to
Microsoft's IE when it comes to security. The reason is simple; they run
on top of the o/s, they do not hook directly into the o/s. Most SpyWare
in the days of XP entered via IE, and that's why so many people switched
to the Mozilla/Firefox browser. Rule #8 of security is not to mix and
match o/s with applications; there's supposed to be an abstraction,
unfortunately this is missing in Windows.

> Slowly realizing including third party Add Ons does nothing other than
> create conflicts within Vista by weakening Vistaâ€™s Security,

I'm not sure how? Do you have an example?

--
Gerry Hickman (London UK)

01-08-2007	#1 (permalink)
its 4am Guest n/a posts	Java, wth (on windows, any version) I once read a book that said Java was secure since they have released update 10, I have never seen so many people complain. that said, it has always had problems as far as I recall, the worst being denial of service attacks via direct memory hacks or loop hacks that lock your pc up. I have tried communicating with the makers but havent had time to dig deeper into them to get a response. What say you ?
My System Specs

01-09-2007	#2 (permalink)
Robert Moir Guest n/a posts	Re: Java, wth (on windows, any version) its 4am wrote: > I once read a book that said Java was secure > > since they have released update 10, I have never seen so many people > complain. > > that said, it has always had problems as far as I recall, the worst > being denial of service attacks via direct memory hacks or loop hacks > that lock your pc up. > > I have tried communicating with the makers but havent had time to dig > deeper into them to get a response. > > What say you ? I once read a book that said Elvis was still alive. I didn't believe that either. Being a bit more serious for a moment (though I was making a serious point of my opinion of the book you mention), Java adheres to a model which should in theory make it more secure against certain kinds of attacks contained in Java code you download and run inside the Java Virtual Machine. It is very good at doing what it does, but it isn't perfect and it isn't magically immune to other kinds of attack.
My System Specs

01-11-2007	#3 (permalink)
FireWall2 Guest n/a posts	RE: Java, wth (on windows, any version) Hello its 4am, Considering Java is Open Source Code, that alone allows not-desired intruders. Too many Web Sites that use Sun's servers, software, and Java have experienced enormous hostile attacks, the criminal attackers extracted and downloaded personal confidential data from their Sites. Three examples from last September, E-Trade, TDAmeritrade, hum, at this moment can't recall the third. E-Trade reported losing hundreds of millions $$$, TDAmeritrade would not fully disclose their data and financial loss. A few months later, SEC located one of the criminal attackers operating from Russia using local and off-shore ISPs. Sometimes using Open Source Code software can be a very costly experience !! -- Firewall "its 4am" wrote: > I once read a book that said Java was secure > > since they have released update 10, I have never seen so many people complain. > > that said, it has always had problems as far as I recall, the worst being > denial of service attacks via direct memory hacks or loop hacks that lock > your pc up. > > I have tried communicating with the makers but havent had time to dig deeper > into them to get a response. > > What say you ?
My System Specs

01-11-2007	#4 (permalink)
Gerry Hickman Guest n/a posts	Re: Java, wth (on windows, any version) Hi FireWall2, > Considering Java is Open Source Code, Are you sure it's open source? It didn't used to be, but maybe they saw the light? > Too many Web Sites that use Sun's servers, software, and Java have > experienced enormous hostile attacks, > Sometimes using Open Source Code software can be a very costly experience !! Are you sure Sun Solaris is open source? I've found (to date) that open source software is MORE secure, mainly because I can freely ask hackers to test it without any fear of legal issues. An example is the Mozilla internet browser. It has as many patches as IE, but throw them into a hostile environment at the same patch level, and Mozilla is 100 times more secure. It's also faster and better designed, better standards compliance, less intrusive security, easier to install, uninstall and upgrade and does NOT require a reboot unlike IE. It also is not tied into the core of the Windows o/s, so again much safer, you can also turn off annoying animations without silly dialogs popping up and the email and news is much faster and more feature packed than anything Microsoft has yet to design. -- Gerry Hickman (London UK)
My System Specs

01-11-2007	#5 (permalink)
FireWall2 Guest n/a posts	Re: Java, wth (on windows, any version) Hello Gerry, Respect your Post, Sunâ€™s Web Site discusses their Open Source Codes, referred to within the IT world as a â€œhacker happyâ€ OS. Have experimented with Firefox and Mozilla, the greatest trouble results when users include those Browsers with, specifically, Vista, also IE 7 running XP . One of these days, slowly, folks will fully comprehend the designed inherent Security within Vista. Slowly realizing including third party Add Ons does nothing other than create conflicts within Vista by weakening Vistaâ€™s Security, and then complain by assigning blame toward Vista, instead of accepting blame from user induced conflict issues. Historically, beginning with Windows 3.1 each new OS Upgrade was a very simple tasks for installing and self-learning the new OS Features. Today, Vista is so technically advanced that Vista does not accept or easily allow OS modifications. Hence, a new learning curve that never have we experienced while Upgrading a Microsoft OS (old habits are difficult for breaking). Seemingly, we are too accustomed to being spoon fed by Microsoft, during an Upgrade process. Never before was it entirely necessary for experienced users reading the Install Instructions and the Help Files, as we do for properly Installing Vista. The end result, an OS (Vista & IE 7) that performs flawless !!! -- Firewall "Gerry Hickman" wrote: > Hi FireWall2, > > > Considering Java is Open Source Code, > > Are you sure it's open source? It didn't used to be, but maybe they saw > the light? > > > Too many Web Sites that use Sun's servers, software, and Java have > > experienced enormous hostile attacks, > > > Sometimes using Open Source Code software can be a very costly experience !! > > Are you sure Sun Solaris is open source? > > I've found (to date) that open source software is MORE secure, mainly > because I can freely ask hackers to test it without any fear of legal > issues. > > An example is the Mozilla internet browser. It has as many patches as > IE, but throw them into a hostile environment at the same patch level, > and Mozilla is 100 times more secure. It's also faster and better > designed, better standards compliance, less intrusive security, easier > to install, uninstall and upgrade and does NOT require a reboot unlike > IE. It also is not tied into the core of the Windows o/s, so again much > safer, you can also turn off annoying animations without silly dialogs > popping up and the email and news is much faster and more feature packed > than anything Microsoft has yet to design. > > -- > Gerry Hickman (London UK) >
My System Specs

02-04-2007	#6 (permalink)
Gerry Hickman Guest n/a posts	Re: Java, wth (on windows, any version) Hi FireWall2, > Respect your Post, Sunâ€™s Web Site discusses their Open Source Codes, > referred to within the IT world as a â€œhacker happyâ€ OS. Your original claim was that Java and Solaris were "open source". There was TALK of making Java open source, but as far as I know this is NOT the case right now. I don't know which "IT world" said it was hacker happy, but they probably mean ability to alter the code (hacking as in coding). In general open source is better for security; this claim was made recently in a report by Homeland Security in the US. The reason it's better, is that you can openly invite hackers (as in penetration testers) to fire shots at it and find out the weaknesses. It can also be fixed within minutes whereas you have to wait weeks for Microsoft to patch things, and you don't know if it's been done properly because you can't see the code. In 2006 we saw a number of Microsoft patches having to be re-released because they either didn't fix the problem properly, or they created some new problem. With open source, you get thousands of people testing new code as soon as it goes into CVS. One downside of open source (in the context of security), is that there's no central place to get all security patches, you have to check every piece of software separately and they all have their own procedures (or no procedure at all!) > Have experimented with Firefox and Mozilla, the greatest trouble results > when users include those Browsers with, specifically, Vista, also IE 7 > running XP . What trouble exactly? Fiefox and Mozilla are both superior to Microsoft's IE when it comes to security. The reason is simple; they run on top of the o/s, they do not hook directly into the o/s. Most SpyWare in the days of XP entered via IE, and that's why so many people switched to the Mozilla/Firefox browser. Rule #8 of security is not to mix and match o/s with applications; there's supposed to be an abstraction, unfortunately this is missing in Windows. > Slowly realizing including third party Add Ons does nothing other than > create conflicts within Vista by weakening Vistaâ€™s Security, I'm not sure how? Do you have an example? -- Gerry Hickman (London UK)
My System Specs

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Problem with Tomcat server on windows Vista when used with c++ and java	gamiravi.d	Vista General	2	10-05-2007 06:39 PM
Microsoft Java? Is it available in Vista? (not sun java!)	Jacob2000	Vista General	13	04-29-2007 02:44 PM
uninstalled Java but wont reinstall Java	m j o	Vista security	3	04-11-2007 02:34 AM
Java and Windows Vista won't install	Valerie Hebert	Vista installation & setup	3	02-20-2007 05:23 PM
security settings and many java windows	m j o	Vista security	0	02-07-2007 07:31 AM