Adobe: Click-to-Play Would Have Avoided Flood of Java Zero-days

mask.of.sanity writes: Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button to enable Java.

also applies to flash and acrobat

[slashdice]

how's them apples?

Re:also applies to flash and acrobat

I miss the days when browser vendors weren't afraid to rapidly innovate and take bold, important steps.

That's crazy talk. Browser vendors *are* innovating. Why just yesterday my computer automatically upgraded to Firefox ESR 31. I was surprised to discover in this new version that Mozilla has rearranged the browser display and hidden more options and buttons behind a single menu button. If you thought it was easy to get to a button with a single click, just wait until you have to make several more clicks to do the same thing. Now that's innovation and forward thinking!

And I can't forget to mention that the browser tabs now have rounded edges. Browser vendors are at the cutting edge of innovation, bringing the public the things they need most. You just weren't paying attention.

Pot, This is Kettle

Adobe isn't exactly in the best position to be lobbing stones at others' houses of security.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Click-to-Play Would Improve Flash, Too

If you think Java is JavaScript then you're wrong. And on the other hand, if you think JavaScript on Slashdot is "code that doesn't await the user's consent before running", I'd say you give consent for Slashdot to run JavaScript when you visit the site. Any third party JavaScript, however, is quite often pretty close to spyware/malware, but there are tools such as NoScript and Ghostery to limit when and how these scripts are run if they're even run at all.