It's Time to Get Rid of Java, Feels F-Secure

[beer]

The Java browser plugin is notorious for being wildly popular among malware authors. The ubiquity of Java is not the only reason for this. Rather, the problem seems to lie more in the fact that a sizable chunk of its installed base consists of outdated versions, something that is often attributed to low awareness among users about Java itself and the threat posed by Java vulnerabilities. But according to F-Secure’s Mikko Hypponen, the only thing users need to know about Java is that they don’t need it. Hit the jump for more.

In a recent blog post on F-Secure’s site, Hypponen questioned the very raison d'être of Java and concluded that most people don’t need it anymore. He feels that others too will arrive at the same conclusion once they get down to ditching it.

“The risks of Java are nicely illustrated by the recent Java Rhino vulnerability (aka CVE-2011-3544),” wrote Hypponen. “If you're running Java, but not the latest version, you're vulnerable. So either you have to check at all times that you have the latest version of Java — or get rid of it altogether.”

“And the Java Rhino vulnerability is not theoretical: the most common exploit kits have incorporated this vulnerability in their default exploits, and it seems to be working very well for the online criminals.”

Don’t know about everyone, but certainly those who don't even know their Java from JavaScript don’t need it at all. Hypponen informed these unenlightened souls that the two are completely different things, making it clear that unlike Java “it's hard to use the web without JavaScript”.

For those who only need Java for a specific web application, he has an alternative to completely abandoning it: “Leave Java on your system but remove the Java plugin from your daily browser. Then use another browser that you use only for this one service.”

(

source)

[Atasas]

Could not agree more! same to banish Flash- I'd be a lot happier! :P

[mrsmith]

I dont have java installed and wont use a program that requires it.

[Alanon]

This is true on so many levels. When I last reinstalled my OS, I completely forgot about it, and didn't install Java. I've encountered one website only which requires it. So rock on F-secure guy!

[ck_kent]

Could not agree more! same to banish Flash- I'd be a lot happier! :P

Yep, what he said. :)

[Sands]

Java is just one more thing that has to run in the background... I hope it leaves!

[tangkungan]

[leland]

Unfortunately some devices like multi-function printers/copiers/scanners/fax machines can only be access through a Java interface. I have had to have it installed at work for this reason. However I agree the average home user has little or no need to have it installed. Considering Firefox can use multiple Profiles it is quite easy to use a specific profile for Java and leave it out of your main profile. That is how I do it.

On second thought Android developers also need it.

[DKT27]

I remember playing song previews on Wikipedia and seeing a Java icon in tray. Also, my memory isn't so good but wasn't it Youtube videos that required Flash and Java installed?

[Atasas]

I remember playing song previews on Wikipedia and seeing a Java icon in tray. Also, my memory isn't so good but wasn't it Youtube videos that required Flash and Java installed?

Yup; Yup + (.NET also)

all of the add-ons on one hand let developers expand areas of apps, but M$ would not be happy in having to open its code completely, so the choices are either some good via bad or bad only! :evil:

BTW only app I need Java is LibreO currently I think... :think:

[brain_death]

It would be lovely to ditch Java and avoid the monthly update ritual, that now comes in both x86 and x64 flavors.

The only minuses arise from Java's cross-platform nature and if you enjoy astronomy, that many very worthy sites use Java for their demos and for presenting their technical data. Also if you have kids, they probably play Java games online...

Sux I know, you don't have to tell me!

[eqagunn]

I have JRE v7.0.2 installed because I need it for Minecraft. :coolwink: