Which is the java version that does not allow the malware to to automatically install from a webpage? [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

Closed 8 years ago.

• This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
• Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.

Improve this question

I have seen that if you have a 'new' version of java in your browser, then you are not in danger of having a malware capable of installing into your computer automatically from seeing a web page, by using a java ... flaw.

Can you please tell me which is the java 'safe' version, that does not allow the malware to automatically install on computer?

(I really need to know if I was exposed to infection yesterday... is java 6 a 'good' choice)

The thing is that I want to be sure that I am 'safe'.

Answer 1

I want to be sure that I am 'safe'

The only way to be sure you are safe from malware from Java exploits is to uninstall it completely. The best that can be said of the latest, most secure Java version is that it has no known security bugs.

Java has reached 1.7, so just about any 1.6 version should be considered unsafe.

the thing is that I have used yahoo and there seems to be a problem Malicious advertisements served via Yahoo

That page notes:

The investigation showed that the earliest signs of infection were at December 30, 2013. Other reports suggest it might have started even earlier.

Now let us look at Release Dates for Java 6. The last publicly available Java 6 version is:

Java SE 6 Update 45[76]     2013-04-16  42 security fixes;[77] other changes;[76] final public update[78]

Or April 16th, last year. Some 8 months before that security alert.

Like I have been saying. Every publicly available version of Java 6 should be considered suspect.
Every - single - one.

You should run a Malware checker on your machine.

But your answers & comments indicate to me something more. You don't really need to run Java applets in the browser, and probably do not need it for any other reason, so also uninstall Java completely.

And I do mean uninstall it, I do not mean not disable it, I do not mean not keep it up to date. You do not seem to need it on your PC, so don't take the risk.

Answer 2

Java is actually one of the most secure languages since it has a built-in security manager that can be used to sandbox applications and does a lot of built-in array out of bounds checks to prevent things like buffer overruns.

However, there have been a lot of problems in recent years regarding the security in Java applets. These are Java programs that can be run from a webbrowser. Applets have an even stricter sandbox to prevent the applet (or the website) from accessing your filesystem etc but there have been bugs found that can allow malicious code to escape the sandbox. These bugs are patched as quickly as possible so it is important to update Java (and keep up to date) on a regular basis.

If you don't need to run applets in your browser, the best thing to do to avoid these problems is to disable applets in your browser. This link can be used to learn how to disable applets in your browser of choice