Java7

[soldier1st]

There is a site that recommends you to install jdk 7 & icedtea-7-plugin, and remove icedtea-6-plugin. Would the default installed java be enough, or should you install it for say security reasons? here is the site https://sites.google.com/site/easylinux ... e-Sun-Java as far as i know, i don't use any java apps. This on Linux Mint 13 Mate LTS. Thanks

[xenopeek]

If you don't use any Java applications, and no websites that use Java, I think you will be a lot more secure already by just removing Iced Tea from your system. That's the plugin that runs Java in your browser--and it's there that the major security risk is (some malicious website could have some Java applet to do something on your computer, but without Iced Tea install your browser won't have a way to run Java code [JavaScript is something else] and so you'd be safe from that threat).

You could do so with this command from the terminal:

Code: Select all

sudo apt-get purge icedtea-*

Type your password as requested and note that on the terminal you do not get any visual feedback while typing a password. Before you then answer "Y" to the question asked, confirm that it will only be removing packages whose name starts with "icedtea-".

Alternatively, open Synaptic Package Manager from your menu, search for "icedtea-", then click the header above the first column in the table to sort on status so that only the installed packages show up on the top, and then mark all of those for removal and finally pres apply to remove them all.

Restart your browser afterwards.

[Tejas_0]

the major security risk is (some malicious website could have some Java applet to do something on your computer, but without Iced Tea install your browser won't have a way to run Java code [JavaScript is something else]

Trouble is, as I just found out recently, a site I thought was just only using JavaScript, suddenly demanded Java. So would it not, as a precautionary measure, be advisable to just disable Iced Tea from Addon manager, just to make sure no site you need is invoking Java from JavaScript at some point?

[xenopeek]

Tejas_0, if you need Java in your browser then yes. If you don't need it, get rid of it. Side note: Firefox 26 (which you may already have upgraded to through Update Manager) blocks Java by default and requires your intervention before loading Java on a website: http://www.theregister.co.uk/2013/12/10/firefox_26_blocks_java/

[robert-e]

Hi,
Just a possible further update on this (firefox/java) situation:
In your link:

Beginning with the version of Firefox that shipped on Tuesday, whenever the browser encounters a Java applet or a Java Web Start launcher, it first displays a dialog box asking for authorization before allowing the plugin to launch.

I do not get any prompt to click to authorize. I found this with icedtea version of java 7, so I purged it, and installed Oracle's .deb...same problem/no joy. I had uninstalled the noscript, adblock-edge, and ghostery, and had no luck. I tried to downgrade to firefox 25, but synaptics did not have that as a forced package install. Downloading the firefox 25 .deb package from ubuntu did not intall with gdebi because of dependencies...one specifically was libc6 wanting (I think) version 2.7.
I have given up for now, and will await a bit of time for a fix. If that does not come along in the next few days, I will ghost a previous image of mint 13 back to the hard drive, lock any further updates, and carry on. Oh yes, the specific site I have problems with is mydlink.com, which I use to monitor my home remotely.

Best regards,
Bob