For years, standard practice has been to install Java, just in case you need it.
That’s no longer a safe practice. For your own safety, unless you absolutely, positively need Java, you should uninstall it. If you’re not sure if you need Java, uninstall it, then consider reinstalling if something breaks.
Yes, that’s an extreme position. But here’s the thing. There’s a Java exploit in the wild, being actively exploited at this very moment. The exploit works on any platform. It works just as well on Linux and Mac OS X as it does on Windows, so nobody’s safe.
Oracle updates its software quarterly. So this exploit will be able to run rampant until 16 October 2012, when Oracle will finally get off its lazy butt and release a patch. Meanwhile, the bad guys will gladly continue to exploit this, because everyone installs Java, just in case.
Since Oracle doesn’t want to be a responsible citizen of the world we live in now and release patches at least to its most critical vulnerabilities monthly, the only thing to do is to take security into our own hands and stop using the vulnerable software.
If you want to be conservative, here’s how to unplug Java from your browser. But frankly, I think the world would be a much better place if most people would go to Add/Remove Programs (or its equivalent on Mac OS X or whatever version of Linux you run) and uninstall it completely.
I had a quiz program that only ran in Java, so I had Java installed until I passed my most recent certification. Having passed that test, I uninstalled Java afterward. It was the right thing to do.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.