[SeekAndFind]

STRICTLY FOR TECHIES ONLY....

[SeekAndFind]

The author then (in the interest of being "fair and balanced"), writes another article excoriating Java's rival -- .NET.

---

See here

It's time to run .Net out of town

I don't know what it is about Microsoft and .Net Framework patches, but it seems that every time we have a sizable .Net patch, it doesn't work on enormous numbers of PCs.

So it was again this week. For reasons unknown and unexplained, Microsoft pushed three .Net patches -- KB 2518864 (MS11-044, June 2011), KB 2572073 (MS11-078, October 2011), and KB 2633880 (MS12-016, February 2012) -- out the Windows Update chute. If you happen to be running Windows XP or Windows Server 2003, with .Net Framework 2.0 SP2 or 3.5 SP 1, and if you're naive enough to leave Automatic Updates turned on, you probably got nailed with a yellow alert icon that says, "Some updates could not be installed." Click through the alert and you see that Automatic Update couldn't install any of the three patches.

I know some admins who have hundreds of customers with yellow alert icons.

Microsoft has assiduously avoided explaining why so many PCs and servers were affected, and only recently have users been able to piece together a workaround. Support forums all over the world are ablaze with complaints and questions.

Yesterday, Microsoft yanked the patches. If you're staring at a yellow warning icon (or if you have scores of customers who are so bedeviled), having the patch yanked may or may not solve your problems. With a lot of help from afflicted Windows XP users and one Microsoft tech, I've come up with five possible remedies for the nagging yellow icon on my AskWoody site, ranging from easy to drastic.

If this is starting to sound like last month's .Net Framework patching debacle, where many people couldn't print their TurboTax forms over the tax weekend, the similarities are uncanny. But they're par for the course with .Net Framework patches. In the past year, I've seen problems with all these .Net patches:

• May 2012: MS12-025/KB 26563638 .Net 4 patch, released via Automatic Update, pulled by Microsoft.
• May 2012: MS12-025/KB 2656373 .Net 3.5.1 patch, released via Automatic Update, pulled by Microsoft.
• February 2012: MS12-016/KB 2651026 .Net 2, 3.5.1, and 4 patches, multiple problems on XP systems, including ATI card control panel software Blue Screen of Death, widespread installer failures.
• August 2011: MS11-069/KB2533523 .Net 4 patch, released via Automatic Updates, pulled by Microsoft.
• August 2011: MS11-066/KB2487367 .Net 2 patch, released via Automatic Updates, pulled by Microsoft. Keeps reinstalling.
• June 2011: MS11-039 and MS11-044, many kilobytes. Enormous array of problems, many of which can't be undone, require removing and reinstalling .Net.

Now we get to add the three new ones, which have been pulled by Microsoft.

I can't even figure out why Microsoft pushed the patches. Microsoft did release a security notification that details changes to three Security Bulletins, MS11-100, MS12-034, and MS12-035. None of those cover the patches that went haywire yesterday, but the revisions mention, "This is a detection change only." Whether the notification has anything to do with the botched patches remains to be seen, but it's the only patch notification that's come out in recent days. If the security notification isn't related to the repushed updates, why did Microsoft push them? They appeared completely unannounced, with no warning whatsoever. And they're buggy as can be -- as befits .Net patches.

Last month, I brought down a firestorm of complaints for saying that it's time to run Java out of town. Sun's (and then Oracle's) inability to keep the Java Runtime Environment patched has driven Java to the top of the infection vector list for Windows systems. Recently, it made the Mac vulnerable. Java deserves to go.

Well, Microsoft, it's time to run .Net out of town, too -- at least the older versions. Why on earth did you make your versions so backwardly incompatible that many Windows customers are forced to run multiple copies of .Net? Right now, almost any well-worn Windows PC sports a copy of .Net Framework 4, .Net Framework 3.5, and .Net Framework 2.0. Some of them also have .Net Framework 3.0 and 1.1. What's wrong with this picture?

If Microsoft can't clean up the .Net mess, it's time to move on to a better technology.

[IronJack]

STRICTLY FOR TECHIES Java-hating doofi ONLY....

Fixed.

[the invisib1e hand]

The first time I ever saw it I said, "java sucks" and I've been saying it since.

however, I don't think it will ever go away until the gods of information (oracle) abandon it. Don't know what it will take to make that happen -- some real competition, I suppose.

[Lady Lucky]

“STRICTLY FOR TECHIES ONLY....”

Unless/until someone posts on how to remove Java (and what we’ll be missing without it and what to use instead....)

I bookmark and await. :)

[Carriage Hill]

Is Java the same as JavaScript? I use Opera v11.64 and now have JS turned-off. Thanks for the article, SAF.

[econjack]

...disable Java in the browser you use...

Of course, virtually everything uses Java on the web but you really don't need to use the web. Oh...wait...let's toss out Java and use Mumps. I don't think I've every heard of a Mumps virus. Of course, a bazillion people use Java and only seven people use Mumps, but that couldn't possibly explain why Java has more viruses.

[SoDak]

YES...java sucks

[dfwgator]

Why don’t we just stop writing programs altogether, that’ll solve it!

[upchuck]

Java exploits top all other infection vectors, on any platform, year after year.

Larry Ellison is deeply saddened.

[DaxtonBrown]

Like I’m going to port 50,000 lines of Java code so I can be forced to buy Visual Studio and probably SQL Server till I die. I’ll take my chances.

[Lazamataz]

dot Net is remarkably secure, and it is the top pick for federal and state programming efforts -- in which security is obviously a huge concern.

I never knew Java was as insecure as this, but I have my concerns about Javascript that connects to SQL. I don't employ any such code. It may be secure, but I cannot see how, allowing a client to connect to a SQL server, is impervious to hacking.

I can collect my SQL results on the dotNet application server, behind a nice robust firewall, then deliver only the finished screen. It just seems like much better practice.

Oh, and don't get be going on "the cloud". Yeah, having someone else host my data, especially when that data contains PII (Personally Identifying Information) is the PERFECT recipe for security, right? NOT.

[E. Pluribus Unum]

I hate Java.

[Hardraade]

They should run Oracle off the planet. A company that full of swindlers and criminals would ideally be listed as organized crime.