Macworld suggests removing Java from Macs - No JMRI?

Good Morning!!

According to this article:

http://www.macworld.com/article/2028900/how-to-disable-java-on-your-mac.html#tk.nl_mwbest

I guess I could run a Virtual Machine in my Mac and install Java on that.[}:)]

The article is by one guy recommending disabling Java. It’s not an indication that Apple is even considering such a step. As written, you would have to take steps to NOT allow Java to run on your machine, so nothing needs to be done to keep it.

He does recommend makng sure you’ve got the latest version of Java installed, which presumeably would include the most recent security patches. That seems like a good idea to me, along with running anti-virus software.

Did you see the related article?

Apple confirms cyber attack, releases Java update and malware removal…

Phooey on chicken little, the sky is not falling, it’s just a little cloudy out.[:P]

As the title said Macworld not Apple. Personally I do not run antivirus software on a UNIX system.

…I will let you know when the sky is falling! [:P]

My recommendation? Pay attention what you click on and what you open up, and you won’t fall victim to these attacks.

Keep your computer behind a firewall, do NOT plug it directly into a cable or DSL modem. That way, someone fromt he outside cannot access your computer. Unless you first click on a malicious web site to open such a conduit.

–Randy

Good advice Randy! (as usual) [8D]

Just FYI: That is about a security breach in the safari browser, apple has disabled java applets in the web browser from running. Though java itself still runs on the machine. I would highly advise installing the patch for security, I did and can still run JMRI just fine. No, you don’t need anti-virus software. The breach was not a virus it was a hole in the version of java that runs in browser applets that allows a person to hack into your machine without you knowing until after the fact. Firewall or not, wifi or hardwire, it created a hole that anyone could go through.

Email me if you have any questions.

Carry on

I drink a lot of Java [C][C]

Java 7 Update 15 addresses most of the issues. You can also disable the SSVHelper class in Internet Explorer (which helps launch JAVA apps) Tools->Manage Add-Ons.

Yes Java is full of security holes. So is Apple’s OS (Way More then MS-Windows 7/8) So don’t sweat it so much. Right now Abobe, Oracle/JAVA, and Apple are about where Microsoft was when they released XP SP2. (In otherwords, their security holes are starting to catch up to them as hackers start to notice they make juicy targets)

So you’re pretty much doomed anyway. lol

Yes, the safe thing to do is create a virtual environment. Run Ubuntu from it. JMRI runs well on Linux Distros. The odds of breaking the Linux sandbox and the Apple memory model at the same time is pretty darn low.

You can also run JMRI on Raspberry Pi ($35 computer about the size of a cell phone) I’m tinkering with running JMRI on Raspberry Pi Wheeze Image (Ubuntu) using my digitrax PR3. So far it works!

Sadly not entirely true on two fronts:

  1. There’s a series of Zero Day Vulnerabilities (Security Holes) in the Intel Plug and Play network standard. They have been there for years. Since most people don’t know what Plug and Play is they will probably ignore all the dire security warning that just went out.

These series of exploits allow the attacker to send milicious commands directly to computers behind the router.

  1. China is intentionally making cheap knock off products and selling them to US markets. These routers are intentionally riddled with security holes which they know about.

A Router/Firewall is still a good defense to have. But I’m using a secondary firewall filter through a second Raspberry Pi I own. Firewall software for Linux is free and commonly available. At least you know it’s not tampered with.

The Raspberry reminds me of the old ZX80 & XZ81 also sold in the USA under Timex/Sinclair and writing machine code for graphics. (30+ years ago)

As far as Windows vs Mac - really old and boring [|)]

I heard that all Java was supposed to be disabled because it could be hacked and used to attack your computer. This applies to web browser add-ons though, so a JMRI might still be safe as long as it doesn’t access the internet you you don’t disable your antivirus/firewall.

I’d do some more research, but I’d feel fine using one on my computer - provided it doesn’t run as a browser plug-in.

Me thinks the biggest security holes in any OS is the link between the monitor and keyboard.[banghead]