Why You Should Get Rid of Java Now

Threats & Hacks

We want to pass on some advice that F-Secure Labs has been sharing for a while: “Do you need Java in your web browser? Seriously, do you? If not, get rid of it.”

Sean Sullivan, F-Secure’s Security Advisor, explains why:  “The problem isn’t a particular vulnerability; it’s that Java always has the latest, most popular vulnerability to exploit.”

The good news most people do not even use Java anymore. (Some confuse it with Javascript, which is still widely used.) The bad news is online criminals all over the globe are successful infiltrating systems through a program that may not even be necessary.

So if you don’t need it, get rid of it. If you need it later, you can always install it later.

If you don’t want to remove it or need to it to run a specific application, you need to make sure it is always updated.

Cheers,

Jason

Tags

20 Comments

If the comment posted by Mika is correct why do you advocate deleting Java when It would appear it is needed to run health Check
I have F Secure supplied thru Tiscali / Talk Talk

If you don’t need it, you should get rid of it. Use it when you do and then get rid of it again. It’s a good point and the Labs is working on it for the future.

Advising people to take out an addon that your own product uses and worse, advising people to install it to run your product and the remove it again;

This is known as ‘the left hand doesn’t know what the right hand is doing.’ That’s not a compliment.

I suspect you will find that F-Secure health check uses Javascript, not Java.

This leads to my question: in the list of installed programs I see only Java but I KNOW I have Javascript. How do I tell them apart in that list?

Can I run java with limited rights? That way if I need it I have it but it’s also sandboxed and/or not allowed to escalate privileges for child processes and exploits.

I believe that in Windows 7 and Vista it is difficult to keep Java with the settings to check for updates daily. If you make that option and check back later you will see that Java has changed away from daily checking of updates. I believe you have to make the settings as admin and there is another step or two. But it is worth making sure your java is checked for updates daily and don’t assume if you make that setting that the setting will remain..

Why would you advise people to get rid of an app that is used by your own product? Java can be, and has been exploited for years, but if kept up to date (much like Windows itself) you probably won’t have any problems with it. I never have and have had it on most Windows pc’s for years now…..But, I suppose if you are that afraid of it…get rid of it. I surely wouldn’t do what you recommend above….install when needed and then delete it again. Really???

Whatever works best for you. If you’r good with updates and know the risks, sounds as if you have the situation handled.

Actually this situation is even more strange than I first thought.

Advisor, explains why: “The problem isn’t a particular vulnerability; it’s that Java always has the latest, most popular vulnerability to exploit.”

Well, you could apply this argument to telling people to stop using Windows! Or, now that IOS attacks are becoming more common, to stop using Apple products too.

This cannot be called a serious recommendation.

The big question (elephant in the room) for me is simply:
Why -how -when does anyone/s system need Java?

Some examples would help – and the need for it on the product marketed here is strange….

Can it be switched off/parked in the Windows browsing system, where it is apparently the big problem, not in installed programs?

Cheers?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like