I removed Java earlier this year when the warnings went out about a bunch of security holes, so is it safe to put it back on now?
This question was answered on August 30, 2013. Much of the information contained herein may have changed since posting.
The much maligned universal programming platform known as Java continues to be one of the main targets of cyber criminals for a variety of reasons.
Some very dangerous holes where discovered in January, which is what caused the Department of Homeland Security’s CERT (Computer Emergency Readiness Team) to recommend that everyone remove Java from their computers: http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713
Java has long been a target of hackers because it’s commonly used by business and government software companies and because it can be exploited in ways that traditional security software can’t detect or defend against.
For the average Internet surfer, the most common sites that require Java are interactive business apps or gaming sites that can be run via your browser instead of installing a special program to your computer.
Java is also universal so it allows hackers to attack any type of computer (Mac or Windows) whenever new security holes are discovered.
Even worse, the sophistication level of the hackers is growing so that your traditional security blankets (antivirus or other security programs) are useless to defend against some of the newer attacks when new security holes are discovered.
Virtually every computer connected to the Internet has Java installed, which gives the hackers a much bigger group of victims to target.
Since you removed Java a while ago, unless you are running into specific websites that you really need to make use of, I’d suggest you continue to run without it.
Anytime you can remove an attack vector from your computer, especially one that’s so highly targeted, you’re better off.
The problem with Java is that so often in the past it’s been the victim of zero-day exploits, meaning that the day an exploit is discovered, malicious code is released on the Internet to take advantage of the hole (and there’s nothing to indicate that this pattern won’t continue).
For those wanting to disable Java in your browsers, the NakedSecurity website has instructions for all the major browsers including IE, Firefox, Chrome, Safari and Opera listed here: http://nakedsecurity.sophos.com/?s=disable+java
If you find that you do need to run Java for certain websites that you trust, I prefer to use Google Chrome as the only browser with Java enabled as it always asks you if you want to allow Java to run when a website is trying to use it.
You can also enable Java on an “as need” basis on any of the browsers, which is a bit of a hassle, but it ensures that you always know when you are running the tool.
If you plan on running Java, make absolutely sure you immediately install any updates when you get the notification down in your System Tray (bottom right corner). The icon will look like a hand-drawn cup of coffee with an orange background.
By default, the Java update mechanism is scheduled to check for updates once a month, which I would suggest you change to once a week.
Windows users can access the Update option from the Windows Control Panel (look for the Java icon) while Mac users can go to System Preferences to open the Java Control Panel to change the update intervals.
About the author
Posted by Ken Colburn of Data Doctors on August 30, 2013