“Java is fundamentally broken because it is built upon a broken promise: That it runs in a protected sandbox which somehow protects the user,” Krebs told CSO Online on Wednesday.

Sunday’s patch was an effort to quiet a firestorm of criticism and calls not only from a majority of security experts but even the Department of Homeland Security (DHS) for consumers to disable Java on their PCs.

This latest report intensified some of those calls, but also a bit of pushback, although not in the form of any major defense of Oracle. Simon Crosby, […] banning or disabling Java would not solve the problem. “Humans develop buggy code — […] they can all be subverted,” he wrote. “Moreover, many users (and businesses) depend on Java … banning it would severely impact my ability to work.”

Crosby wrote that “micro-virtualization” can solve the problem with Java and other insecure applications with “hardware isolation to enforce ‘need to know’ on a per-task basis on the endpoint.”