Java’s Security Problems are Designed-in. Problems are Not Solvable. I Do NOT Use ROES.

What’s with the dangerous insistence on Java ?

Don't Allow Java on Your Computer

Don’t Allow Java on Your Computer

The programming language Java has a history of serious security problems, yet several major photography printing services not only use Java – they FORCE YOU to use Java with online ordering software called ROES.

Whats worse, they refuse to accept photograph files for printing sent any other way ! No email, No FTP, some won’t even accept them if you walk in with a CD or a flash drive. These clearly don’t need my business.

I recommend no photographer should ever order prints online using ROES because it requires you install Java on your computer While it is connected to the web, only after you DISable your anti-virus software !

Are they insane? Don’t they know it only takes seconds for your unprotected computer to get irreversibly infected?

Perhaps they don’t realize millions of Robotic programs are testing every computer connected to the web every few minutes, sometimes every few seconds. When it finds your computer available – zap ! Robots rapidly try to infect your computer so they can silently take control. (Any Bank IT Manager that allows a Java install should get the death penalty.)

Whatever the case, the photography printing companies are dangerously ignorant or just don’t give a hoot about your computer security.

(Don’t confuse JavaScript with Java. They are both programming languages – but they are wholly independent of each other.)

Here’s some recent examples of your potential danger if you merely have Java installed (you don’t even have to start up Java – lots of viruses will be happy to do that for you – secretly.) —

1. January 2013: US Homeland Security Recommends Disabling Java – warns of software ‘vulnerability.’

2. Oracle Issues Emergency Java Patch, Feb 9, 2011

3. “Oracle issues emergency Java security patch. Hackers exploiting zero day vulnerability, by Gregg Keizer, Computerworld, 16 April 2010”

4. Here’s an history of Java’s “serious” security issues: “Securing Java: Attack Applets: Exploiting Holes in the Security Model

5. And a historical perspective – Java is the most exploited Windows program.

The problem is the fundamental design of Java.

If you allow Java to run on your machine it can run any other program on your computer.

Think about that for a moment . . .

Java can run your Format program and erase everything, or it can allow a Trojan to install a Deadly Rootkit, or it can CHANGE your data in subtle ways or perhaps the most harmful – it can send a copy of your most valuable information (your client list, your financial data, your Bank passwords) to a hacker or your meanest competitor – anywhere in the world.

Now the “Java Security Manager” is intended to prevent improper and dangerous access. However, any program larger than 100 lines of code inherently has bugs and flaws. The bigger the program the more serious the bugs. And Java is a huge program — 30 megabytes in Fall 2012 (including some 166 packages with over six hundred classes with over six thousand methods).

To be fair, Java was intended to be a powerful programming language. So they put in very high-powered access to computer functions. The trouble is the authors didn’t, and simply can not, adequately protect computers actually connected to the web.

All it takes is one not very skilled cracker – and your system is toast, or your financial data and passwords are in Russia, China and Libya in seconds.

What to do ?

I disable and remove Java on all our machines that attach to the Web and pleasantly – we’ve never endured a successful attack using Java.

Update Oct 31, 2012: It gets worse. I tried to do a Java install for a client who had no other option. During install, Java Demanded we disable the anti-Virus guard software – and yet remain connected to the web — or it would not continue !

Are you kidding !

Again I advised the client not to continue and to find another option. We ended up finding a computer that wasn’t used for normal business and tried to install it on that one. This time Java’s install locked up. So the client gave up and sent the form Fed Express – and his computer security remained intact.

As for those “reason challenged” (or dangerously ignorant) photograph printing services that demand we use ROES/Java – I simply give my printing to businesses run by actual humans that allow us to send files FTP or by email – or OMG – bring them a CD or a flash drive.

Update Feb 2013:
Here’s a note from one of the offending Photography printing businesses :

“If you have experienced troubles launching ROES in the past 48 hours, this email is for you! We have just received an email from our ROES software provider that an unannounced Apple Java Security update is affecting certain users who are running specific Apple operating systems. We want to first apologize for any mishappenings that you may be experiencing from this unexpected Apple update and second we would like to alert you to our easy solutions, which we describe below.”

Surprise ? No. Not to any computer security professional.

Further reading “Why and How to Disable Java on Your Computer

Is Java the root of most internet security problems?,” by the Examiner, February 20, 2013

Wikipedia article “Criticism of Java”

 

*** To test your browser to see if Java is installed or not — click here

 

This entry was posted in Computers, Doing Evil, Education, Privacy and tagged , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply