Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe: Click-to-Play Would Have Avoided Flood of Java Zero-days

Posted by Soulskill on from the of-pots-and-kettles dept.

mask.of.sanity writes: Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button to enable Java.

4 of 111 comments (clear)

  1. also applies to flash and acrobat by slashdice · · Score: 5, Insightful

    how's them apples?

    --
    Copyright (c) 1990 - 2014 Dice. All rights reserved. Use of this comment is subject to certain Terms and Conditions.
  2. Pot, This is Kettle by Anonymous Coward · · Score: 5, Insightful

    Adobe isn't exactly in the best position to be lobbing stones at others' houses of security.

  3. Click-to-Play Would Improve Flash, Too by Lilith's+Heart-shape · · Score: 5, Interesting

    Click-to-Play makes flash videos better by making them less useful as advertisements. Content like Flash and Java should always, always require the user's consent before running. There's no excuse for doing otherwise. Any code that doesn't await the user's consent before running is malware, and should be handled as such by any means available.

    --

    I write sci-fi for metalheads

    1. Re:Click-to-Play Would Improve Flash, Too by Anonymous Coward · · Score: 5, Insightful

      If you think Java is JavaScript then you're wrong. And on the other hand, if you think JavaScript on Slashdot is "code that doesn't await the user's consent before running", I'd say you give consent for Slashdot to run JavaScript when you visit the site. Any third party JavaScript, however, is quite often pretty close to spyware/malware, but there are tools such as NoScript and Ghostery to limit when and how these scripts are run if they're even run at all.