All these Java exploits --both client and server-side-- are really bad. I'm (mostly) a Java dev and I'm really sad at all this (probably deserved) bad rep Java is getting.
I run Java on Linux and my setup is simple: I install Java in my "dev" account from the .tar.gz. There's no way I'll ever ever login as "root" to install Java on a Linux machine and there's no way Java ever gets installed in something else than my "dev" user account. I surf the net from another account which, of course, has no Java installed.
I also admin two Java webapp servers and closely follow all the security issues: had to patch them twice "recently". First the DoS SNAFU related to predictable hashmap hashes where anyone could remotely DoS any Java webapp server (quite bad) and then the "infinite looping" when parsing I don't remember which HTTP header triggering a bug in floating-point code. Both bugs where known since more than ten years and Sun/Oracle never acted.
I run Java on Linux and my setup is simple: I install Java in my "dev" account from the .tar.gz. There's no way I'll ever ever login as "root" to install Java on a Linux machine and there's no way Java ever gets installed in something else than my "dev" user account. I surf the net from another account which, of course, has no Java installed.
I also admin two Java webapp servers and closely follow all the security issues: had to patch them twice "recently". First the DoS SNAFU related to predictable hashmap hashes where anyone could remotely DoS any Java webapp server (quite bad) and then the "infinite looping" when parsing I don't remember which HTTP header triggering a bug in floating-point code. Both bugs where known since more than ten years and Sun/Oracle never acted.
It's really a quite sad state of affair.