Oracle’s Java is a common programming language – tiny Java programs can run inside a web browser to allow you to play some web based games (e.g. Runescape) or use online calculators etc. Java is installed as an add-on or extension into the web browser - 80% of our visitors still have it, even though it’s a safe bet that very few of them actually need it…
Security specialists Kaspersky have stated that 2 of the top 10 vulnerabilities on computers today are caused by Java – vulnerabilities that could give the attacker full system access to your computer. Now ESET (another respected security vendor) have reported on the risks inherent in having Java installed (especially if it is not updated) and confirmed that the most frequently exploited target of viruses was Java.
A Microsoft Technet blog recently added: “The most commonly observed type of exploits in the first half of 2011 were those targeting vulnerabilities in the Oracle Java Runtime Environment … between one-third and one-half of all exploits observed in each quarter were Java exploits“.
It is fair to say that most of the vulnerabilities had been addressed by Oracle – if Java is up to date the situation is not as bad as the bleak picture these reports might suggest. However, the overwhelming theme of the last year is that Java is attacked so often because it is installed on so many computers – why make yours a target if you don’t need it?
Firefox users will be used to seeing the warning message in Add-ons that ‘Java Console is incompatible with Firefox’ – I discussed this issue here – Oracle are running way behind the Firefox rapid release schedule i.e. the Java Console is not certified for the latest versions of Firefox – and it looks as if it may never catch up.
What To Do About Java
1. If you know that you need Java for particular websites, ensure you keep it updated to minimize the risks – see why you should update Java. For best protection, you could leave Java active in one web browser and use that to visit only those specific sites that need it – use a different browser (with Java disabled) for all your other day to day web surfing.
2. If you don’t know if you need Java, disable it in your web browser for a few weeks and see if any of the websites you visit most frequently complain of needing it – see how to disable Java in IE, Chrome or Firefox
If you find that you don’t need it then leave it disabled or, preferably, uninstall it from your list of programs in the usual way – and you’ll never have to update it again.
Note: Java is occasionally used by some other programs, not just web browsers e.g. the popular free LibreOffice (formerly OpenOffice) suite and some specialized business apps. But if you’re an average home user without these, you most likely don’t need Java.