Running java safely

Tahir2

Veteran
Supporter
I was wondering if there is a way to install a local portable version of Java on a portable browser and running it in a sandbox if that makes sense.

I suppose could setup a VM and run it in there... but that seems a lot of effort for basically wanting to use a corporation's remote access. Problem is that I have no intention of installing Java on my system whilst it still has issues with its security model.
 
A VM (which resets itself back to default state each time you start it) should be the only "safe" way to use java right now it would seem.
 
If you run a browser in a sandbox and the browser uses java is java also sandboxed ?

ps: how about a batch file ?

rename c:\program files\java\java.bak java.exe
remote access
rename c:\program files\java\java.exe java.bak

(you can see what im trying to do above)
 
I went on this thread to say "just run Java in a VM!" as a joke.
Java is a VM already. Is it that the malicious code escape that VM and attacks your OS? :)

I saw something about Firefox blocking Java (for the security issue) but still allowing to use it, "just this time and on the site" if you ask it nicely.

Else I would install something lightweight in a Virtualbox VM.
The way I'd do it is getting Ubuntu 12.10's mini.iso, do a bare install (no desktop environment), apt-get install xorg-xserver lxde leafpad firefox whatever, and try to install java.
Should run in 256MB ram and not take too much disk space.
 
Last edited by a moderator:
Do live cd's support java if so you could boot with one while accessing work

Unless you use live cd on a HDD-less computer, otherwise I think that is not very secure (in theory a malware could mount your HDD and write really bad things into it, if the security hole is large enough).
 
Linux Mint live CDs do support both flash and java. (there could be others but I don't know them)

This doesn't really solve the security issue, as you would be using a vulnerable java plugin again, so technically you could be targetted by malware, who could even very easily gain root access (on the live CD, a passwordless sudo su gives you root terminal) and then mount the Windows partition and put crap in it.

But really I'm writing this because computer security is about a nutty paranoid mindset.
If you do this you'll be using a blank firefox profile, go to your work-related site and do your stuff, few chance of running a rogue java applet and malware would be more likely to target Windows than Linux or a Linux live CD.
 
Needs to be compatible with Mac OS X 10.6 or above or XP SP3 and above unfortunately.

Run a VM in a VM... sounds like this guy:

big.jpg


Sad state of affairs really... :(
 
I've ran Java in a VM exclusively for 4-5 years now. I would get rid of the thing but we still use it to teach OOP.

If a VM sounds like too much hassle realise it can run more than just Java. I use mine to try any new or dubious apps. Depending on your host hardware and guest OS it doesn't have to be a painful experience.
 
Yes, especially if you have over 2GB ram it's damn easy, Virtualbox is clicky-clicky (very easy to disable usb, sound, change the networking model, modify storage) and you have a large choice of easy drop-in OSes : lubuntu 12.04, mint 13 xfce, the new debian stable in the near future - I really wonder when it's released - or even the current debian stable which should be fine.

That's only touching the debian/ubuntu family but these are well known. You could even use XP if you have the time to let it do hundreds updates.
 
I like to keep my java on one of those kids leashes when I go out running with it, that way it can't get too far ahead of me. (I can't run as fast as I used to)
 
I copied the plug-ins to the plug-ins folder for my tor application but java still does not work. It show up in the tor firefox plug-ins menu of the browser and it shows it to be permitted. Any proposal? Thank you in advanced.
 
I've ran Java in a VM exclusively for 4-5 years now. I would get rid of the thing but we still use it to teach OOP

pascal/delphi ?

I copied the plug-ins to the plug-ins folder for my tor application but java still does not work. It show up in the tor firefox plug-ins menu of the browser and it shows it to be permitted. Any proposal? Thank you in advanced.

Is that the right way ? dont you just install java ???
 
Back
Top