I have a Java app that I use on a regular basis that has stopped launching. The application is a Java program with a Mac GUI tied to it. I suspect that with a recent upgrade of Java on the Mac platform has caused the app to stop launching. I tried stepping back a version of Java installed on the system with no luck.
For Java versions 6 and below, Apple supplies their own version of Java. For Mac OS X 10.6 and below, use the Software Update feature (available on the Apple menu) to check that you have the most up-to-date version of Java 6 for your Mac. For issues related to Apple Java 6 on Mac, contact Apple Support.
How can I troubleshoot what is causing the Java program to stop launching? If troubleshooting doesn't work out, what steps do I need to take to try and use the program for the terminal? Some background info, Java installed was the most recent. Then I backtracked to Java SE 7 Update 80. At least tried to. This is on a Mac with OS X 10.9.5 installed.
The Java App is Thanks.
Distribution of 550,000 Flashback-infected Macs. Source: Dr.Web.com The, Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, sews up an extremely serious security vulnerability that miscreants designed to deploy malware to Windows users. But in the past few days, information has surfaced to suggest that the same flaw has been used with great success by the Flashback Trojan to infect large numbers of Mac computers with malware.
The revelations come from Russian security firm Dr.Web, which reports that the has successfully infected more than 550,000 Macs, most which it said were U.S. Based systems (hat tip to ).
Dr.Web’s post is available in its Google translated version. Flashback is an increasingly sophisticated malware strain that sniffs network traffic in search of user names and passwords. Early versions of it prompted Mac users to enter their password before it would run, but the most recent strains will happily infect vulnerable Mac systems without requiring a password, among others. F-Secure has additional useful information on this Trojan attack. As Ars notes, although Apple stopped bundling Java by default in OS X 10.7 (Lion), it offers instructions for downloading and installing the Oracle-developed software framework when users access webpages that use it.
If you need Java on your Mac only for a specific application (such as OpenOffice), you can unplug it from the browser by disabling its plugin. In Safari, this can be done by clicking Preferences, and then the Security tab (uncheck “Enable Java”).
In Google Chrome, open Preferences, and then type “Java” in the search box. Scroll down to the Plug-ins section, and click the link that says “Disable individual plug-ins.” If you have Java installed, you should see a “disable” link underneath its listing. In Mozilla Firefox for Mac, click Tools, Add-ons, and disable the Java plugin(s). I can’t stress this point strongly enough: If you don’t need Java, remove it from your system, whether you are a Mac or Windows user. If you need further convincing of my reasons for this recommendation, I’d encourage you to browse through some of my. Apple maintains its own version of Java, and as with this release, it has typically fallen unacceptably far behind Oracle in patching critical flaws in this heavily-targeted and cross-platform application.
In 2009, I examined Apple’s and found that the company patched Java flaws on average about six months after official releases were made available by then-Java maintainer Sun. The current custodian of Java – Oracle Corp. – first issued an update to plug this flaw and others back on Feb. I suppose Apple’s performance on this front has improved, but its lackadaisical (and often ) response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware attacks.
That’s silly! All you have to do is approve the scripts you like, and ignore the rest! Once set for favorite web-sites, you never had to reset anything, unless you change your mind. 75% of the time, I never open any scripts, I simply let NoScript block them all.
Most web pages are useful enough with absolutely no scripts allowed; or you can use Avast and hope the auto script blocker works. I’ve never had a problem with it, and I get full functionality from web sites, as long as the element or object on the page is not questionable. The few scripts that are malicious, usually become benign after a page refresh. The crooks usually don’t load their venom with every page download – it helps them hide from the web-master/administrator. I’ve said for years that the only reason Macs didn’t have more malware is because the market share wasn’t yet large enough yet for criminals to bother. I had my die-hard Mac-loving friends want to debate endlessly with me whenever I made that comment.
They went on and on about how the OS is inherently more secure than Windows, etc etc. Maybe it is, maybe it isn’t, but that’s not the point. The point is that it’s not about which OS is more secure. Anything that’s been programmed by humans can be broken by humans.
Some systems are harder to crack than others, but they will be broken. And if there’s money to be made in it then they’ll be broken even faster. Don’t take this as a trolling comment or an anti-Mac statement. I think Macs are great, and I have no interest in arguing about which of the many OSes out there is better (in reality they all have their pluses and minuses).
I’ve personally never seen the need to spend $2,000+ for features I can get for free with Linux, but I understand most people aren’t power users and Mac does have its appeal for them. I currently use Linux a lot and I like how I don’t have to worry about malware on it right now, but mark my words: If Ubuntu or any other Linux distro starts seeing a significant market share with desktop users then you’ll start seeing malware for it. As somebody who works in the IT field, I can say that they all do, but they’re rather irrelevant as far as the end user is concerned. Once end users buy their systems, the people they’re in the closest contact with are their ISPs (if they’re using their systems at home) or their local IT support personnel (if at work).
The manufacturers of both the hardware and the OS don’t get thought of until there’s a warranty issue or upgrade involved. This isn’t to say that the hardware and OS manufacturers have zero impact. Rather, it’s to say that due to the way computers are used/deployed and how users operate, it’s not really worth it to worry about which manufacturer is the best at it. As long as they’re close, the really profound difference is made by the local support, whether it’s their work based IT department, or their ISP or local support companies/consultants at home (if they’re dealing with a non-warranty issue that manufacturers/resllers won’t touch). Or in short, it’s the local support that counts.
And worrying about.THAT. is far more productive than obsessing over which manufacturer is better at the security process. In the case of OpenBSD for example, the operating system is able to prevent many holes in third-party software from being exploitable. So while a 3rd-party software package may be exploitable on Linux, chances are good that it won’t be on OpenBSD.
When compiled from the same exact source code! Here’s a bulleted list of technologies used in OpenBSD. Look up equivalents (if they exist) for your system and investigate how to implement them. Where they exist for Windows or Linux, they’re usually not on by default.
Josh, you were safely in the non-trolling territory until you started spouting the “$2,000+ for features I can get for free with Linux” nonsense. Mac OS X costs $30. Linux doesn’t give you a free computer. It requires hardware to run. Such as the $600 Mac Mini or the $500 sort-of-almost-equivalent Dell or HP. Trying to pretend there’s some multi-thousand-dollar barrier to entry to Mac-land is willful, trollful lying.
Does Apple have a bargain-basement laptop like Dell and HP do? No, so if you must have the cheapest thing possible, Apple’s not an option for you. For anyone else, a Mac is a perfectly sensible choice. It’s not the Bugatti of computers—ostentatious and lacking any obvious real-life benefits in daily driving. It’s WAY more like the Honda of computers. When there is a price difference of a few percent, it’s generally due to the fact that PCs are usually spec’d with bigger hard drives and more RAM standard (the two easiest things for enthusiasts to upgrade anyway) but slower CPUs and skimping on a lot of things (no multitouch trackpad, poorer quality screen/keyboard/mouse/power adapter).
Can you beat a Honda in price by buying, say, a Mitsubishi? Will you have a better car at the same price?
Michael As Brian noted, since the release of Lion, Apple no longer installs Java on its computers. Since you didn’t say whether you are using Lion or Snow Leopard, I can’t be sure, but if you go up to the Apple icon on the left-hand side of the Menu, try clicking on “Software Update.” If it doesn’t pull it down for you, you don’t have Java on your system. Please note: I don’t have Java installed on my system.
I bought this computer with Snow Leopard installed, upgraded to Lion, and then did a clean install to rid myself of the unneeded parts of Snow Leopard. While I can safely say I don’t have Java on my system, I do see a Java folder in the system Library, but it’s only 48 bytes.
I don’t believe that is the whole program. Furthermore, I don’t believe you can’t safely uninstall Java if you are operating with Snow. Please note that, if you previously disabled Java in all your browsers, if you then update to a new Java version, that new version will install itself and (possibly) enable itself in your browsers.
In the Windows world this happens silently for Internet Explorer and Seamonkey while Firefox prompts for one of the two plug-ins when restarted. (The other seemed to be turned on automatically in Firefox last time I updated?) I suspect something similar happens in Mac — can anybody confirm? Anyway, after the Java update one may need to re-disable its browser plugin(s). Thanks for the usual excellent analysis, Brian.
The whole identify, report, patch, release cycle for keeping Windows systems functional over the last ten-twelve years still nets us an estimated 350,000,000 compromised systems and the number isn’t getting any smaller. I agree that Apple’s attitude isn’t optimal, but what we ultimately depend on in this whole process is the end user. Users must comply in a timely manner for the process to be effective. Unfortunately, to get users to comply, we must be able to communicate the need for prompt participation. We compete with overwhelming sources of misinformation and marketing hype and users, in confusion and frustration, end up just going down the path of least resistance.
Somehow, we need to construct a reliable, uncompromised method of communication to end uses that cannot be diluted by marketing and other sources. As for Java, this has turned into a love-hate thing. Companies are migrating old systems to new platforms and are using Java.
To work remotely, we must have Java installed. To keep secure, we must remove Java.
This is just not a good situation. I’m thinking the Java vendor may need to be held more accountable for the pervasive platform stability and security? Wish we had a silver bullet. Guy Pace is right. Regardless of whether a given manufacturer’s attitude is lackadaisical or not, the end user of the given computer holds the final responsibility for its security. Whether they like it or not, it unfortunately falls to them as the ones who, in the end, operates their systems for their own use. Because of that, it’s up to them to reach out to the appropriate professionals (either their workplace’s support structure, or whoever they can lean on – Geek Squad, cable internet/DSL/FIOS tech support, etc.) to get the info they need to operate securely.
This is not to say that computer manufacturers or OS developers have no role. On the contrary, they do have a role in providing a good base level, plus the tools to improve from there. At the same time, there’s as much need to get the user security conscious as there is for the manufacturing/developing end to close the holes. This current Java vulnerability is not a good thing, not by any means, but at the same time I wouldn’t expect an average user to know they should suspect Java of all things, to be the one thing on their computer they should be concerned about. It’s so blasted common, after all, that users will simply take it for granted and not think about it.
But regardless, the point is that for every technical or code vulnerability that’s identified and being put to use in the wild, there’s probably a dozen user practices that are every bit as exploitable. Think simple usernames and guessable passwords being used across both insecure (IMDB, for example) and secure (i.e. Their bank, their credit cards, etc.) sites around the ‘net. Or a failure to patch (or worse yet, a belief that a security update can “screw up their computer”, therefore they’ll hold off on applying it). Or, if we want to get more technical, leaving unnecessary services running, opening up a home firewall’s router to too much things like that.
![Dr Java For Mac Troubleshooting Dr Java For Mac Troubleshooting](http://coweb.cc.gatech.edu/ice-gt/uploads/127/addMemory.jpg)
I’m the first to admit that an average user can not fix a Java code vulnerability by themselves. Nor should they be expected to. So there is indeed a very important role for developers and the like to be security conscious.
But my ultimate point is that the end users themselves also have to take up some of the burden as the cost of operating their equipment. They can’t develop the Java patch, for instance, but if they’re not using it, they can disable/uninstall Java.
If they are using it, they can make blasted well sure they are patched. They can run behind router firewalls and the like that make incoming compromise attempts difficult to succeed. Mere ownership gives the end user responsibility for security.
No, it’s not fair to them, but it doesn’t change the fact it’s their responsibility. We in the IT field can help with recommendations, best practices, good code development, security conscious infrastructures for them to connect to, and so on, but in the end, they have to run securely themselves. You can build the safest road possible with few ditches, huge run-offs, wide and smooth lanes with little to upset a car, but if the end user doesn’t do his/her part and drives recklessly, it’s unavoidable that it’s their fault for wrecking. Sry, but in terms of consumer protection and product liability you may be wrong (and I’m happy at least some vendors started to take this serious. Although microsoft and others still have to learn that they’re also responsible for their pirated software and insufficient usability). @Guy Pace: I doubt your “estimated 350,000,000 compromised systems”.
Seems someone just added suspicious dynamic IPs of all time? (If we do not care about multiple infections and cleaned up machines by simply adding up estimated no.
Of bots that are just about 60+ millions? My recent update to Firefox 11.0 (on XP) disabled Java (1.6.26) – the reason was stated to be security/stability related. I need Java for LibreOffice.
As Firefox can disable Java it raised the question in my mind – if the generaltiy of internet users do not require Java (NB. I am excluding java script from the question) can Mozilla permanently disable it leaving those who require Java in Firefox to install it themselves? I am assuming that those who require Java within Firefox are doing specialised work and, almost by definition, they will have the skill to do the install themselves. We can niggle on the details (and thanks for that, Brian) or whine about responsibility. However, as a computer programmer, I (and I don’t think security expert Mr Krebs can either) be completely or even reasonably sure my computers aren’t doing something they should not. This is in spite of having the latest patches, some of which DO break things, running up-to-date antivirus, and keeping backups.
All of this, like the photoelectric effect and the ultraviolet catastrophe of physics in 1900, points to the existence of a fundamental problem requiring fundamental changes. Minix is moving in the right direction with it’s non-priveleged drivers. Android is moving in the right direction with applications that aren’t allowed access to the file system and its sandboxing. What is needed is for me, as a user, to be able to conveniently, reliably, and absolutely control the code I run, giving each bit of it no more trust than required to do the job I think it is supposed to be doing, and the ability to prove it did what it said it did whenever possible. Without that fundamental step, we will remain in the virus/worm/trojan quagmire permanently. (“And furthermore, it is my opinion that Carthage must be destroyed”). Pretty sure Apple’s tried to give the baby back to Oracle qua Sun.
If you check Apple’s java-dev mailing list, I’m pretty sure you’ll find that Apple’s essentially killing in-house support as soon as Oracle can take the baby back, partly because of the second-rate experience Apple Java users had been getting at times, but also because of the company’s move away from Java in general (OS X server used to have a good deal of Java config apps, and WebObjects (now dead), iirc, was also Java, as examples). That would help explain “its lackadaisical (and often plain puzzling) response”: Apple’s essentially doing Oracle a favor. Why shouldn’t Oracle provide a VM like it does on Windows, without officially involving Apple? That’s where we’re headed.