1
(other than "none")
My organization uses a necessary Java-based web app that will not be replaced in the near future, which runs on Java 1.4 and up. Should our (mostly Windows) users have Java 1.6, 1.7, or a different version on their PCs? Does the answer vary across OS versions, browsers, or other variables? Should they allow auto-updating?
Foo Bar
Posted 2012-12-06T16:09:53.743
Reputation: 390
3
the only reasonable answer to this question is "the most up-to-date one". always being up to date reduces the number of known exploits to its theoretical minimum.
Frank Thomas
Posted 2012-12-06T16:09:53.743
Reputation: 29 039
1+1, but this doesn't tell quite the whole story. Java 6, for example, is still maintained alongside Java 7 (at least for the moment), and therefore there are two different versions that can both be called "up-to-date". – Joel Coehoorn – 2012-12-06T16:44:46.523
be ready to update your JVM several times per month, to stay up-to-date with the very frequent security patches. – BorisHajduk – 2012-12-06T17:56:31.783
1
Safe solution would be, using separate browser with java plugin, restricted only to your webapp. And other one for accessing internet.
week
Posted 2012-12-06T16:09:53.743
Reputation: 3 128
This is a great question because there's indeed two or three "up-to-date" versions of Java. I would look at the update release notes ("security advisories") to see which versions they fix bugs in. Often, it's all three at once, but sometimes only the latest ones. Generally, Java adds features, it doesn't remove them, so the older versions may have a smaller attack surface. Regardless, though, the correct answer is, "find a way to block Java except on the webpage that needs it" through a browser plugin or other means. – Aleksandr Dubinsky – 2015-10-27T23:20:07.123
If the workstations are connected to the interent you should push any and all updates and use the current version of Java otherwise you will be vulernable to malware. – Ramhound – 2012-12-06T16:15:50.750
1Answers to this question might be rather localized in time. The answer may be different next week. – RedGrittyBrick – 2012-12-06T16:16:54.350
@RedGrittyBrick - Which is the reason only the "current version" is the only correct answer. – Ramhound – 2012-12-06T16:41:24.893