Saw this randomly going through youtube (ad): https://www.bit9.com/forms/adwords-java-vulnerable-report/
https://www.youtube.com/watch?v=LVCA6B65Ggg
What do you think?
What about the CLR? .Net apps can be cracked as well. I think it became easier to hackers to hack java or .net apps due to the existing of complete file format of the class files or .net modules. If you open a .class file in notepad, you can see text like ‘Ljava.lang.String’ which contains almost all the data you have. This eases in decompiling and the existance of several decompilers. The same applies to .net apps as well, open a .net exe in notepad and you can see method calls of library classes.
I can’t watch the video, but if by security you mean from malware…
Java in theory is secure - individual JREs have security exploits though.
‘Java’ has a poor reputation about the security community because it is poorly maintained by large JRE distributors. I.e, Apple let a known exploit linger in there JRE for a while resulted in mass spreading of the (I think it was called) 'The Flashback Malware.
Applet’s are also a big cause for it. People assume that, just because it runs inside the browser they’re safe. The difference between an applet and a flash application is very dramatic and that isn’t appreciated enough. Even yet, unsigned Java Applets that run in a sandboxed environment have managed to break out of that sandboxed environment too many times to count and they’re just simply not worth trusting anymore.
I think that article you were linking to is talking about people lacking appreciation for the security threats imposed by obsolete JREs
This is why we can’t have nice things.
HEY EVERYONE! .EXES ARE NOT SECURE! IF SOMEONE RUNS AN EXE ON YOUR COMPUTER, IT CAN INSTALL A VIRUS! DELETE ALL .EXES FROM YOU COMPUTER NOW!
Although apart from the idiots, Oracle has had a part to play in ruining Java’s reputation.
I had better start learning other OOP languages and their APIs.
Just don’t listen to any security “specialists” - especially if they are from big companies or companies related with with these corporations. Treat their “reports” as a source of fun. :
Java (and all JRE-based languages) position is currently unchallenged - it simply does not have any noticeable competitor in its field.
Oracle’s been a lot better than Microsoft in patching security holes if you ask me.
The fact is, the JVM coupled to a browser was a fundamentally stupid, flawed idea in the first place. It’s like the genius of housing petrol and matches next to each other in a child’s bedroom. OS = petrol, Java = matches, child = browser operator. What’s the worst that could happen?
Cas
It’s known from the beginning, since C# came out. Microsoft designed C# after getting bailed for using Java in the name of J#
java is secure in a sense its just as secure as an exe or a c# document which have all had some sort of similar publicity like this in the past