In case you haven’t seen, there’s a terrible unpatched vulnerability in Java right now that baddies are using to install randomware on PCs. Then, this morning, I saw that Oracle has known about this vulnerability since August, and hasn’t bothered to fix it properly yet. That should be criminal negligence, but the rules are different for billionaires.
Of course, I’ve been saying for ages that we’d all be better off if we just uninstalled Java completely, but I know very few people who’ve done it, out of fear they’ll break something. (Those same people often refuse to patch Java, out of the same fear.) I was trying to figure out why anyone would want to run Java these days anyway, and then I saw this quote, via David Huff:
“Given a choice between dancing pigs and security, users will pick dancing pigs every time.” –Edward Felten and Gary McGraw
That explains everything. Java is exceptionally good at making animated dancing pigs.
All of the major sites are recommending that you disable Java in your web browser. I continue to recommend just uninstalling it entirely, since Oracle is more interested in dancing pigs than in security.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.