A couple of weeks ago I reported on another major security vulnerability in Oracle’s Java. Gaping security holes in Java are nothing new but what made this one even worse is that Oracle were allegedly warned in April – but did nothing for 4 months, leaving millions of users vulnerable to attack…
With that sort of attitude to protection, the most effective security for your computer would be to uninstall Java completely if you don’t need it – but do you?
According to new research from W3Techs, only 0.2% of all the websites in the world still use Java on the client side – i.e. within your web browser. That’s only 2 in every 1000 websites and that ratio has not changed in the last year – so you might expect that very few people would still have the Java plugin?
However, 82% of visitors to TechLogon have Java enabled in their browser – and the global average is similar. It is this ubiquity that makes Java such a popular target for malware. If it’s only required by 2 in every 1000 websites, why do around 80% of people still have Java enabled in their browser? There may be several reasons:
1. Offline Applications – Some offline apps require Java e.g. Adobe Creative Suite and OpenOffice / LibreOffice (mainly the Database module). Users of such programs may have little choice but to keep Java installed.
However, you can still disable the Java plugin in your browser – to prevent web based Java vulnerabilities from being exploited:
2. Popular Websites – I’ve reviewed before how many active websites there are in the world – about 190 million. So even a lowly 0.02% figure means that about 380,000 websites do use Java.
These include some games sites (e.g. Runescape, Minecraft, Pogo.com) and other sites offering calculation-heavy content (e.g. 3D maps, financial trading). However, these sites can only be of interest to a small percentage of internet users – I’d guesstimate 5% at most.
If you regularly use a site which requires Java then consider installing a new web browser (with Java enabled) to visit it – and use your regular browser (with Java disabled as above) for normal browsing of all other websites.
3. Lack Of Java Knowledge – In my PC repair business I find that Java is often a forgotten relic or users may not know what it is for and so are afraid to remove it. If there is no logical reason to have Java installed, that is a very good reason to uninstall it.
Only about 0.2% of websites use Java – the vast majority of users should therefore be able to uninstall Java or disable it in their web browser for better security.