So I happened to be switching to a new computer two weekends ago. Going into it I was dead set on not installing Flash and Java.
And I was all good until @alexhutton posted a link to a video about the Beetles "happy birthday" song and I just had to check it out.
Over to Adobe.com I headed and in no time I was enjoying my Beetles song (followed by an unplanned hour of pointless YouTube surfing).
The next snag in my plan arose when I was unable to access one of the corporate networks I regularly use. They have the typical web portal interface that you log into and with the simple press of a button the VPN starts.
Unfortunately, the button didn't work this time as the VPN client is written in Java. The web portal kindly offered to install Java for me but I declined as I'd rather install it myself so I know I have the most recent update.
So over to Java.com and a few minutes later and I was ready to go again. To my dismay after logging in I still received the same error message. This time I conceded and accepted their offer to install Java.
The odd thing was that the installer seemed to go through the entire setup process... yet again. Anyway, after they installed the "correct" version the VPN finally worked.
As you can tell my goal of not installing Flash and Java didn't last more than a few hours. And yet as infosec professionals, following the "disable unnecessary services" philosophy, we often advise people to avoid installing these types of applications for security reasons.
Of course by taking high road users loose the convenience of easily watching YouTube videos or logging into their corporate VPNs. I'd prefer to see websites not use Flash and more and more this is happening (except for a few restaurant sites... hopefully, even they will abandon Flash soon).
Java, on the other hand, is a bit more complex. With the recent rise of clientless VPNs and conferencing software (e.g., Goto Meeting and WebEx), client-side Java use actually seems to be on the rise.
Still, I'd prefer to see these products and services offer native apps, even if just for performance reasons. I know creating separate applications for each OS is a pain but it would be nice if these services at least provided native Windows and Mac versions and then only used Java as a backup.
I think Apple has taken a pretty good approach with Java. The latest version of Mac OS X automatically disables Java if it hasn't been used after a period of time. And when you need Java for that WebEx session, the OS will happy ask if you want to temporarily enable it.
How long have you been able to live without Flash and Java on your primary computer? Let us know in the comments below. Today's post pic is from JavaSimples.com.br. See ya!
Cross-posted from NovaInfosec.com