1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is it dangerous to allow Java to run?

Discussion in 'Other Languages' started by xtopzi, Jun 9, 2013.

  1. xtopzi

    xtopzi Regular Member

    Joined:
    Sep 28, 2010
    Messages:
    291
    Likes Received:
    205
    Some sites asks you if it's OK to run Java (TM). Is it safe to click yes? Is it plausible that a worm or RAT is being installed silently when allowing Java?
    I got Microsoft Security Essentials + normal Windows Firewall active.
     
  2. xtopzi

    xtopzi Regular Member

    Joined:
    Sep 28, 2010
    Messages:
    291
    Likes Received:
    205
    Hmm, I Googled the question and most websites say it is safe to run, apart from unknown publishers.

    However, on hacker forums I read about Java driveby's all the time and even guys purchasing licences from Microsoft to be a trusted publisher so I'm still unclear on this. No one with a bit more knowledge on the subject or hacking here that can clarify?
     
  3. Aaric

    Aaric Elite Member

    Joined:
    Mar 7, 2010
    Messages:
    1,573
    Likes Received:
    1,120
    Gender:
    Male
    Location:
    USA
    yes; it is
     
    • Thanks Thanks x 1
  4. cricket1

    cricket1 Senior Member

    Joined:
    Jul 5, 2011
    Messages:
    1,086
    Likes Received:
    459
    As a general rule, run it if you trust the publisher.
    A few years ago my brother played online games, which required Java and got my computer infected with a keylogger. Since then I have been very careful when it comes to installing malicious software.

    By the way, what kind of site is it? Why does it need Java?
     
    • Thanks Thanks x 2
  5. OldSalt

    OldSalt Moderator Staff Member Moderator Jr. VIP Premium Member

    Joined:
    May 19, 2009
    Messages:
    1,279
    Likes Received:
    7,437
    Gender:
    Male
    Occupation:
    IT Sys Admin
    Location:
    US, East Coast
    You should read the paper I'm writing right now for my Information Assurance class. I'm literally writing about all kinds of browser vulnerabilities and which one offers more protection - but honestly, they all can be exploited by several methods. I'm not actually doing the testing, just compiling my info from other reports (mostly from the ACM - ACM.org). It's pretty dry stuff, but wow... what you see when you drill down below the surface.

    Yea... It's honestly safer to turn Java off by default and only run it on sites that you trust. Of course, even that isn't 100% safe - so make sure you are also have GOOD AV/Spyware protection as well.
     
    • Thanks Thanks x 3
  6. xtopzi

    xtopzi Regular Member

    Joined:
    Sep 28, 2010
    Messages:
    291
    Likes Received:
    205
    Thanks for the helpful answers guys.

    No specific website I'm referring to, just in general. It's not prompting for no reason so yes, games, livestreams etc.

    Do you reckon my AV is good that way or would you recommend an additional, paid AV?
    What setup do you recommend?
     
  7. OldSalt

    OldSalt Moderator Staff Member Moderator Jr. VIP Premium Member

    Joined:
    May 19, 2009
    Messages:
    1,279
    Likes Received:
    7,437
    Gender:
    Male
    Occupation:
    IT Sys Admin
    Location:
    US, East Coast
    There are several decent ones out there - anything that is rated high by CNet or PCMag would do well for you. Personally I now use Norton 360 although I know a lot of ppl are not fans of Symantec products. When my machines were slower, they did bog them down but since the time I've used faster machines, it doesn't slow them down at all.

    There are even some decent free ones out there - but I don't mind supporting a company that's providing good protection to my computers. :cool:
     
    • Thanks Thanks x 1
  8. bk071

    bk071 Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Nov 24, 2010
    Messages:
    3,104
    Likes Received:
    7,914
    Occupation:
    I don't have a job
    Location:
    .............
    I'd sign that paper for you, Oldsalt. Just send it over :p
     
  9. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    Just take a look here: http://java-0day.com - it 's a counter for how many days pass without a java exploit in the wild. Current record ... 49 days :D
     
    • Thanks Thanks x 3
  10. Sandr0G

    Sandr0G Junior Member

    Joined:
    Sep 8, 2013
    Messages:
    141
    Likes Received:
    52
    Location:
    Europe
    It can be very dangerous. Run if you trust the site, otherwise don't.
     
  11. Yildiz

    Yildiz Regular Member

    Joined:
    Mar 9, 2012
    Messages:
    354
    Likes Received:
    126
    Occupation:
    Pinterest Marketing
    Location:
    Pinterest.com
    There are these things known as Java drive bys. They can be very dangerous and for that reason you shouldn't allow these programs to run unless you're absolutely sure you can trust the author.
     
  12. reapV

    reapV Registered Member

    Joined:
    Jan 27, 2014
    Messages:
    56
    Likes Received:
    10
    I agree with OldSalt. Additionally consider that _most_ functionality in the web can be achieved without touching Java. Is the application the site is offering so heavy-weight that it really requires Java? If not, the developer may have little experience anyways because he may picked the wrong language for his cause and therefore may not have followed security best practices and could have introduced security issues by accident.

    If he selected Java nevertheless he may have something in mind with it ;)