Go Back   DreamTeamDownloads1, FTP Help, Movies, Bollywood, Applications, etc. & Mature Sex Forum, Rapidshare, Filefactory, Freakshare, Rapidgator, Turbobit, & More MULTI Filehosts > Computer/MAC Help/Info. & New Technology > How To - (Tips and Tricks) & Computer Fun

How To - (Tips and Tricks) & Computer Fun All the Help You Need and Tips & Tricks for your PC & some Humourous Stuff. If You Need Computer Help, Start a New Thread in the Computer Help Section Above

Season's Greetings
IMPORTANT ANNOUNCEMENT
Hallo to All Members. As you can see we regularly Upgrade our Servers, (Sorry for any Downtime during this). We also have added more Forums to help you with many things and for you to enjoy. We now need you to help us to keep this site up and running. This site works at a loss every month and we appeal to you to donate what you can. If you would like to help us, then please just send a message to any Member of Staff for info on how to do this,,,, & Thank You for Being Members of this site.
Post New ThreadClosed Thread
 
LinkBack Thread Tools Display Modes
Old 15-10-14, 03:01   #1
 
Ladybbird's Avatar
 
Join Date: Feb 2011
Posts: 33,065
Thanks: 22,301
Thanked 12,528 Times in 8,389 Posts
Ladybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond repute

Awards Showcase
Best Admin Best Admin Gold Medal Gold Medal 
Total Awards: 6

Update JavaScript Isn't Java &#8212-It's Much Safer & Much More Useful

Oracle Can't Secure the Java Plug-in, So Why Is It Still Enabled By Default?



Java was responsible for 91 percent of all computer compromises in 2013. Most people not only have the Java browser plug-in enabled — they’re using an out-of-date, vulnerable version. Hey, Oracle — it’s time to disable that plug-in by default.

Oracle knows the situation is a disaster. They’ve given up on the Java plug-in’s security sandbox, originally designed to protect you from malicious Java applets. Java applets on the web get complete access to your system with the default settings.

The Java Browser Plug-in is a Complete Disaster

Defenders of Java tend to complain whenever sites like ours write that Java is extremely insecure. “That’s just the browser plug-in,” they say — acknowledging how broken it is. But that insecure browser plug-in is enabled by default in every single installation of Java out there. The statistics speak for themselves. Even here at HTG, 95 percent of our non-mobile visitors have the Java plug-in enabled. And we’re a website that keeps telling our readers to;

uninstall Java or at least disable the plug-in.



Internet-wide, studies keep showing that the majority of computers with Java installed have an out-of-date Java browser plug-in available for malicious websites to ravage. In 2013, a study by Websense Security Labs showed that 80 percent of computers had out-of-date, vulnerable versions of Java. Even the most charitable studies are scary — they tend to claim more than 50 percent of Java plug-ins are out-of-date.
In 2014, Cisco’s annual security report said 91 percent of all attacks in 2013 were against Java. Oracle even tries to take advantage of this problem by bundling the terrible Ask Toolbar and other junkware with Java updates — stay classy, Oracle.





Oracle Gave Up on the Java Plug-in’s Sandboxing


The Java plug-in runs a Java program — or “Java applet” — embedded on a web page, similar to how Adobe Flash works. Because Java is a complex language used for everything from desktop applications to server software, the plug-in was originally designed to run these Java programs in a secure sandbox. This would prevent them from doing nasty things to your system, even if they tried.
That’s the theory, anyway. In practice, there’s a seemingly never-ending stream of vulnerabilities that allow Java applets to escape the sandbox and run roughshod over your system.

Oracle realizes the sandbox is now basically broken, so the sandbox is now basically dead. They’ve given up on it. By default, Java will no longer run “unsigned” applets. Running unsigned applets shouldn’t be a problem if the security sandbox was trustworthy — that’s why it’s generally not a problem to run any Adobe Flash content you find on the web. Even if there are vulnerabilities in Flash, they’re fixed and Adobe doesn’t give up on Flash’s sandboxing.





By default, Java will only load signed applets. That sounds fine, like a good security improvement. However, there’s a serious consequence here. When a Java applet is signed, it’s considered “trusted” and it doesn’t use the sandbox. As Java’s warning message puts it:
“This application will run with unrestricted access which may put your computer and personal information at risk.”
Even Oracle’s own Java version check applet — a simple little applet that runs Java to check your installed version and tells you if you need to update — requires this full system access. That’s completely insane.





In other words, Java really has given up on the sandbox. By default, you can either not run a Java applet or run it with full access to your system. There’s no way to use the sandbox unless you tweak Java’s security settings. The sandbox is so untrustworthy that every bit of Java code you encounter online needs full access to your system. You might as well just download a Java program and run it rather than relying on the browser plug-in, which doesn’t offer the additional security it was originally designed to provide.

As one Java developer explained: “Oracle is intentionally killing off the Java security sandbox under the pretense of improving security.”

Web Browsers Are Disabling It On Their Own

Thankfully, web browsers are stepping in to fix Oracle’s inaction. Even if you have the Java browser plug-in installed and enabled, Chrome and Firefox won’t load Java content by default. They use “click-to-play” for Java content.

Internet Explorer still automatically loads Java content. Internet Explorer has improved somewhat – it finally began blocking out-of-date, vulnerable ActiveX controls along with the “Windows 8.1 August Update” (aka Windows 8.1 Update 2) in August, 2014. Chrome and Firefox have been doing this for much longer. Internet Explorer is behind other browsers here — again.





How to Disable the Java Plug-in


Everyone who needs Java installed should at least disable the plug-in from the java Control Panel. With recent versions of Java, you can tap the Windows key once to open the Start menu or Start screen, type “Java,” and then click the “Configure Java” shortcut. On the Security tab, uncheck the “Enable Java content in the browser” option.
Even after you disable the plug-in, Minecraft and any other desktop application that depends on Java will run just fine. This will only block Java applets embedded on web pages.





Yes, Java applets still exist in the wild. You’ll probably find them most frequently on internal sites where some company has an ancient application written as a Java applet. But Java applets are a dead technology and they’re vanishing from the consumer web. They were supposed to compete with Flash, but they lost. Even if you need Java, you probably don’t need the plug-in.

The occasional company or user that does need the Java browser plug-in should have to go into Java’s Control Panel and choose to enable it. The plug-in should be considered a legacy compatibility option.
__________________
Nil Carborundum Illegitemi ..My Advice is Free..My Friendship is Priceless!

... ...

...


& THANK YOU
For Becoming a Member of ... 1...
Ladybbird is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Old 21-10-14, 18:49   #2
 
Ladybbird's Avatar
 
Join Date: Feb 2011
Posts: 33,065
Thanks: 22,301
Thanked 12,528 Times in 8,389 Posts
Ladybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond repute

Awards Showcase
Best Admin Best Admin Gold Medal Gold Medal 
Total Awards: 6

Computers Re: JavaScript Isn't Java &#8212-It's Much Safer & Much More Useful




You’ve probably heard all about how the Java browser plug-in is insecure. 91% of system compromises in 2013 were against that insecure Java plug-in. But Java isn’t the same thing as JavaScript — in fact, they’re not really related.


HTG, 21 October 2014


Most of our readers probably understand the difference, but not everyone knows it. Any confusion isn’t accidental — JavaScript was originally named JavaScript just to associate it with Java in people’s minds.

Java Basics


Java is a popular programming language used for everything from server software to desktop applications and even Android apps. You’ve probably heard of Minecraft, which is written in Java. Running a Java application requires Oracle’s Java runtime on your computer. It was previously developed by Sun, but Oracle purchased Sun — so it’s now Oracle Java instead of Sun Java.

But Java isn’t just used for traditional applications. Back in the 90′s, Sun developed a browser plug-in that allowed you to run Java programs –or “Java applets” — inside web browsers. The Java plug-in isn’t widely used anymore, and it’s been a source of endless security problems. You do not want to run Java applets inside your browser if possible. The Java plug-in — and Java content in web browsers — has proven insecure and bad.

There’s just one Java plug-in, and it’s created by Oracle and bundled along with the Java runtime. There’s a problem with it, you have to wait for Oracle to fix it. There’s no competition to improve it.






JavaScript Basics

JavaScript is a programming language used by web pages. HTML is the layout language that defines how web pages are laid and and JavaScript is the language that lets web pages be more dynamic. JavaScript is what enables web applications like Gmail to function, and JavaScript is used by practically every website at this point.
JavaScript was originally designed to be a lightweight scripting language to run in web browsers. It isn’t a separate browser plug-in that comes from one company — every browser includes its own different JavaScript engine. Browsers natively run JavaScript code without relying on a third-party plug-in. There’s been much competition among browser vendors to make JavaScript faster and better.





Why Is It Called JavaScript, Then?

JavaScript really has nothing to do with Java; it isn’t just a simplified subset of Java. JavaScript was developed under the name “Mocha” and was named “LiveScript” when it appeared in a beta release of the Netscape Navigator web browser back in 1995.
In 1995, Netscape announced the language would be named “JavaScript” in a joint announcement with Sun. This happened around the time Netscape added support for Sun’s Java applets. We can look back at the announcement today:
Quote:
“The JavaScript language complements Java, Sun’s industry-leading object-oriented, cross-platform programming language…
JavaScript is an easy-to-use object scripting language designed for creating live online applications that link together objects and resources on both clients and servers. While Java is used by programmers to create new objects and applets, JavaScript is designed for use by HTML page authors and enterprise application developers to dynamically script the behavior of objects running on either the client or the server.”

The announcement goes on and on like this, talking about both Java and JavaScript. This is usually seen as an attempt by Sun and Netscape to associate the new language — JavaScript — with the Java language that was popular at the time. The name made people a bit confused and caused them to associate the new language with Java, giving JavaScript some instant respect. If it’s called JavaScript and was announced by Sun in an announcement that talked about Java a lot, surely it was related to Java — right? Nope.
In 1998, Brendan Eich, who invented JavaScript, claimed that JavaScript was intended “look like Java, but be a scripting language” for lightweight usage. It might look a bit like Java, but it’s very different.






JavaScript is Practically Mandatory for the Modern Web

We’ve moved away from Java content in the browser over the years. While Java is still widely used, it’s become a dirty name when associated with web browsers. Java has also become an increasingly disliked piece of consumer software known for bundling junkware with security updates.

Where the Java name was originally intended to add credibility to JavaScript, the Java association is now tarnishing its name. It’s easy for JavaScript to come to mind when you see apocalyptic headlines about Java plug-in vulnerabilities. That was the whole point of the name — to make them seem related.

Some people go out of their way to disable JavaScript in their web browsers with add-ons like NoScript. But JavaScript isn’t insecure like Java is in the browser. Yes, there’s an occasional security vulnerability in a web browser that can be exploited via JavaScript, but the hole is patched up and we move on. This isn’t unique to JavaScript — there could be a security vulnerability in a web browser that could be exploited via HTML, CSS, or other technologies, too.


There’s no way to completely protect yourself against possible future browser vulnerabilities. Just keep your browser and its plug-ins updated.





JavaScript powers the modern web, whether you’re using a browser on your computer or smartphone. Disabling it would make many websites unusable.

On the other hand, the Java browser plug-in is used on very, very few websites. If you disable the Java browser plug-in, the web will continue working normally. You’ll probably never notice you don’t have it.
__________________
Nil Carborundum Illegitemi ..My Advice is Free..My Friendship is Priceless!

... ...

...


& THANK YOU
For Becoming a Member of ... 1...
Ladybbird is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Post New ThreadClosed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
SEO by vBSEO 3.5.2
Designed by: vBSkinworks