Stop whatever you’re doing and uninstall Java. I’ll wait for you.

Dave Farquhar security , ,

For years, standard practice has been to install Java, just in case you need it.

That’s no longer a safe practice. For your own safety, unless you absolutely, positively need Java, you should uninstall it. If you’re not sure if you need Java, uninstall it, then consider reinstalling if something breaks.

Yes, that’s an extreme position. But here’s the thing. There’s a Java exploit in the wild, being actively exploited at this very moment. The exploit works on any platform. It works just as well on Linux and Mac OS X as it does on Windows, so nobody’s safe.

Oracle updates its software quarterly. So this exploit will be able to run rampant until 16 October 2012, when Oracle will finally get off its lazy butt and release a patch. Meanwhile, the bad guys will gladly continue to exploit this, because everyone installs Java, just in case.

Since Oracle doesn’t want to be a responsible citizen of the world we live in now and release patches at least to its most critical vulnerabilities monthly, the only thing to do is to take security into our own hands and stop using the vulnerable software.

If you want to be conservative, here’s how to unplug Java from your browser. But frankly, I think the world would be a much better place if most people would go to Add/Remove Programs (or its equivalent on Mac OS X or whatever version of Linux you run) and uninstall it completely.

I had a quiz program that only ran in Java, so I had Java installed until I passed my most recent certification. Having passed that test, I uninstalled Java afterward. It was the right thing to do.

If you found this post informative or helpful, please share it!