Java alert for Networker 8.1 console

Yes, I can launch it on the server itself. But for some reason our Windows 7 PC's get "Cannot create Java virtual machine" errors.

I was more concerned that this might be an issue over the next few months when those "future versions" come out for Java.

yes, I did.But this is coming from the JRE and not NetWorker. The NMC jar files i guess might not be containing a permissions attribute that is required by JRE and thus the Waring.  I assume you are able to launch the NMC normally once you are through this prompt ?

I didn't test it myself, but there seem to be easy workaround described at What does the Java Applet security warning "JAR file manifest does not contain the Permissions attribute"mean? so I don't worry to much.

check this out from JAVA.

Various security dialogs for trusted signed applications

you can ignore it can select accept and continue to run it.

Various security dialogs for expired certificate applications

NMC 8.1 will break starting today due the release of Java 1.7_51.

Confirm. After java upgrade to 7u51 on Windows 7 box

the NMC GUI (8.0.2.3) does not start and shows error as below:

java.lang.SecurityException: Missing required Permissions manifest attribute in main jar: http://spng027:9000/LGTOnmc/java/gwt.jar

  at com.sun.deploy.security.DeployManifestChecker.verifyMainJar(Unknown Source)

  at com.sun.deploy.security.DeployManifestChecker.verifyMainJar(Unknown Source)

  at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)

  at com.sun.javaws.Launcher.run(Unknown Source)

  at java.lang.Thread.run(Unknown Source)

According to information on following page the code should be aligned with Java 7u51

https://blogs.oracle.com/java-platform-group/entry/new_security_requirements_for_rias

Have you seen any Networker alert note or some statement with regard to Java 7u51?

Thanks

What would be the reason to apply latest and greatest java?  At company level we use build 1.7.0_40-b43 and with java we were never really rushing as differences in java would break some systems (like Brocade GUI or few others we use). Obviously one may wish to say that latest one has latest security patches, but do you really wish to live on the edge and break everything else. Not me. 

Well, some (not a big) customers are upgrading SW as soon popup window is displayed with information on new version.

In such a case I would refer the customer to official statement, which I cannot find out currently.

Thanks.

Because Java is the most exploited piece of software in the world. All it takes is a computer running a vulnerable version to surf a website with a malware embedded in it from an APT and your whole network is compromised, your Active Directory SAM file gets stolen, bad guys are Remote Desktop connecting to hosts inside the network as Domain Admins, and uploading data files out of the network.

Sounds like you have pretty much open network in your company   Sorry, but not the case here. We browse/surf only allowed sites and have AV/malware protections set on top of everything (PC/proxy wise).  To risk operations just to be able to run latest software of anything is not an option.  There is test cycle which this had to pass first.

Zguy28 wrote: Actually we don't. We are US Dept of Defense contractor and have pretty strict security. At best you might catch them at delivery or execution. Nation-sponsored groups are now using custom crafted malware that is not detectable by 99% of AV companies, especially signature-based ones. By far the most bang for the buck is EMET from Microsoft. But Java will still get you. We also don't build or use enterprise apps that use Java for the general population. For IT, we use VM's dedicated to admin work that refresh on logoff and can run downlevel Java because they have no internet access.

In such places, I would not use java at all (that's why CLI rocks).  I have to be honest and say that I use NMC only to add clients as I'm used to copy existing client and modify just client name (rest is the same as we use single template except group name), but even that can be easily be scripted into single command from CLI.

gnworker wrote: Well, some (not a big) customers are upgrading SW as soon popup window is displayed with information on new version. In such a case I would refer the customer to official statement, which I cannot find out currently. Thanks.

Well, that one just went out (Java version history) so I doubt EMC will have statement ready yet.

Actually we don't. We are US Dept of Defense contractor and have pretty strict security. At best you might catch them at delivery or execution. Nation-sponsored groups are now using custom crafted malware that is not detectable by 99% of AV companies, especially signature-based ones. By far the most bang for the buck is EMET from Microsoft. But Java will still get you. We also don't build or use enterprise apps that use Java for the general population. For IT, we use VM's dedicated to admin work that refresh on logoff and can run downlevel Java because they have no internet access.

To solve this issue, just go to the Java Control Panel under system settings and

add your NMC-Adress in the list of excluded sites at the security section.

(http:// :9000)

Regards

Hrvoje Crvelin <emc-community-network@emc.com> hat am 16. Januar 2014 um 15:34

geschrieben:

ECN <https://community.emc.com/?et=watches.email.thread>

Java alert for Networker 8.1 console

reply from Hrvoje Crvelin

<https://community.emc.com/people/ble?et=watches.email.thread> in NetWorker

Support Forum - View the full discussion

<https://community.emc.com/message/788618?et=watches.email.thread#788618>