[Tomdarkness]

I think that is a bit extreme. I'd suggest rather than not installing Java at all just to not install/disable the browser addons that allow java applets to execute. This way the only way you are going to be executing anything Java is by downloading the .jar (or a executable wrapper) and running it.

To me if you have to download the .jar and run it then that is no different to downloading an executable and running it and should take the appropriate precautions as you would with executables.

There are plenty of legitimate Java applications out there that are used by a wide spectrum of people from gamers (minecraft) to enterprise developers (JavaEE, java application servers, etc.).

[andyhmltn]

How is it extreme? The only time I've needed java is for minecraft. Luckily I'm not rocking windows so the chance of being hit by a 0-day is a bit lower (correct me if I'm wrong.)

But stopping the chance of having everything in your digital (and in the case of money, personal) life stolen because you clicked on a link FAR outweighs the benefit of playing minecraft imo.

[dragontamer]

http://krebsonsecurity.com/2012/04/urgent-fix-for-zero-day-m...

Macs get it too.

Linux theoretically can get these problems, but because every Linux machine is different, the malware would have to be written to be cross-distribution. (ie: One may work in Debian, but not in Fedora / Red Hat... depending on how things work out).

Nonetheless, some people write viruses for Debian specifically: http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1...

It won't work on Red Hat, but the x86-specific 64-bit Debian was an attractive enough target for whoever wrote that one... I'm sure I can find a Red Hat Virus, Fedora Virus, Ubuntu virus, etc. etc. But they become increasingly rarer and rarer the fewer people use that specific distribution / OS.

[Tomdarkness]

I think you need to go back and read what you replied to.

Having Java installed but with Java disabled in your browser, like I suggested, means Java applets won't run in your browser at all. You'd need to download and execute the .jar or wrapper (which would be a executable anyway) which is no different from downloading any normal executable and running it.

[andyhmltn]

Well yes I agree on that actually. Probably should've thought that through.

[namdnay]

Eclipse, Netbeans, IDEA, SoapUI, HermesJMS, Notes, SQLDeveloper, DB2 viewer. Chances are, if you're developing software you're going to use Java at some point

[andyhmltn]

Hmm yes I guess. Although saying that, I've never used any of those tools (Well Eclipse and Netbeans but not for anymore than a few days.)

[Intermernet]

"Luckily I'm not rocking windows so the chance of being hit by a 0-day is a bit lower (correct me if I'm wrong.)"

As far as I know, if you run it, and it's written intelligently enough, you're in trouble no matter what OS you're on.

It doesn't matter if you're on Windows, OSX, Linux or System i V7, if you approve the app to run, it'll run.

Java is a bit dangerous that way, but it's also a bit awesome that way :-)

[andyhmltn]

Oh of course. But the majority of virus' I've seen target windows specifically. So it is a bit lower when you're using something like Linux. But I just don't enable it :-)