I’ve been seeing the same question over and over in my search logs lately: Is Java safe to run in 2013?
Generally speaking, the answer is no.
I have little choice but to run Java right now, though. I’m studying for a certification exam, and the best quiz program that I know of is written in Java. Its user interface is in Polish, a language I don’t speak, but that bothers me less than it being written in Java. Google Translate can help me with the Polish, but it can’t make Java safe. That’s up to me.
So here’s what I did.
I downloaded the 64-bit version of Java, which won’t plug into my 32-bit web browsers. That means I can’t accidentally enable it there, and neither can anything else. The 64-bit version of Java also appears to have less trouble with ridealong installs.
Then, after installing the 64-bit Java JRE, I opened up Internet Explorer 64-bit (for the first time in a year or more, I’m sure) and disabled the Java add-on, and disabled Java in each of the security zones.
Besides not being compatible with the browsers I use every day, the 64-bit memory model gives the operating system more tricks to help keep Java’s memory space secure. A 64-bit application is inherently more secure than a 32-bit app.
So that’s how I have Java installed on one PC and still manage to sleep at night.
The other thing I’m thinking about doing is unretiring my ancient Pentium III laptop and running my quiz program on it. I don’t think it meets the minimum requirements for any relatively recent web browser, so it won’t be getting online anyway.
But one thing is certain: After I pass my test and don’t need my drill program anymore, I’m uninstalling Java again. I’ll re-install it the next time I get voluntold to get a cert.