I totally understand your risk vs reward scenario. We are in the same boat.
Yea, in Feb this is all a moot point. -----Original Message----- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 1:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust >>>Does the reward outweigh the risk? The reward is we get to stay in business :) We have a major partner that requires us to run it for a B2B app. So, we have to use it. But I've made it so just one user uses that app. That and the occasional WebEx stuff, but I uninstall it from people's PCs right afterwards. So looks like 6 is now the flavor of the month. Hard to keep track. Speaking of months, v6 is EOL in FEB. We'll no longer have the options between 6 and 7 going forward to sidestep all these issues :( Sam -----Original Message----- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, January 15, 2013 12:10 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -----Original Message----- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -----Original Message----- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f law-7000009713/ ________________________________________ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - > - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmanager@lyris.sunbeltsoftwa re.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin