Uninstall Java Now!
The Department of Homeland Security recently recommended that everyone disable Java. We at PC Pitstop will go one step further and recommend that everyone uninstall Java immediately. Here is why Java is such a threat to your computer, security, data and your identity.
First a little history. Back in the late 90’s, Java represented one of the core technologies that brought the web together. Java could run on Linux, Macs, and of course Windows, seamlessly. A developer did not need to create a separate version for each platform, and this simplicity drove a lot of Java’s adoption on the web.
As time has gone on, other technologies such as Flash and now HTML5 have essentially replaced Java as the standard for “web” applications. Every once in a while, we all come upon an old web site that still relies on Java, and that’s how Java gets on our machines.
The problem, and it is a big problem, is that Java has many security holes in it. If you have Java installed on your system, and you browse to a compromised web site, your computer is immediately infected. Let me repeat that. You don’t have to execute any malicious software, the malware enters through the security hole without your consent or knowledge. In the security business, this is defined as an exploit – a compromised web site and a vulnerable computer.
I have heard outrageous numbers from associates in the security industry. Industry insiders are speculating that over 90% of all modern malware is distributed through exploits. There are security holes in many products such as Chrome, Firefox, Adobe Reader and many others, but the most porous, security-hole-ridden software out there is Java. It’s not even close.
Think about it. Java is an old technology that you rarely use in your day to day browsing experience. Once a blue moon, you come upon a site that requires Java and you install it and continue browsing. But now, you have created a huge security hole in your system just because Java is installed on your computer.
In a recent PC Pitstop study of 155,745 computers, Java was present on 29.6%. That’s right, Java is up there with Firefox in terms of popularity. The problem is that the bad guys know it and they have created a whole industry on finding new holes in Java and others.
Here’s the next news flash. The PC Pitstop study had only 16% of Java users on the most recent version. This is relevant because Oracle, the makers of Java, have announced that there is a new version of Java that plugs the hole. The problem is that there is a lot of work in keeping all your software up to date. First, you must download the software, then install it, and then most likely reboot. You are looking at 15 minutes minimum. Most people don’t have the 15 minutes, and even more people are unaware that it should be updated.
So our recommendation is to just remove Java from your system. Even if you visit an old web site that requires Java, you can still install it again. A better idea would be to contact the site administrator and tell them to update to other technologies. It’s easy to uninstall Java. Just go into Control Panel and find the application that allows you to manage the software. It is called Programs and Features in Windows Vista, 7, & 8, and Add/Remove Programs in Windows XP. Note: quite often there will be multiple line items for Java. Make sure that you remove all of them.
So the conclusion is to uninstall Java. There might be a web site you won’t be able to use in its entirety, but you can feel a lot safer and sleep better at night.
For Windows users, the latest version of Java, Version 7 Update 10, also allows you to disable Java in all of your browsers through the Java Control Panel. Find the Java icon from within the Windows Control Panel, go to the Security Tab and uncheck “Enable Java content in the browser”
Windows users with earlier versions of Java who wish to disable Java should follow the instructions below for individual browsers.
•Click on the Tools dropdown menu, then Manage Add-ons.
•Find the Java Plug-in under Toolbars and Extensions (it’s listed under Oracle America), highlight it and click Disable.
•Click on the Chrome menu, and then select Settings
•At the bottom of Settings window, click Show advanced settings
•Scroll down to the Privacy section and click on Content Settings
•In the Content Settings panel, scroll to the Plug-ins section and click Disable individual plug-ins.
•Find the Java plugin and click Disable
•Click on the Firefox tab and then select Add-ons
•Select Plugins, find “Java (TM) Platform plugin” and click Disable (a of 1/11/13, Firefox has automatically disabled the Java plugin, but you should check to verify this has been done for your browser).
UPDATE 1/14/13: Uninstalling Java may not remove the plug-in from your browser. After the uninstall, we recommend you check your individual browser settings as well.
UPDATE 1/14/13:Oracle released a patch, Java version 7, Update 11, to address the security hole and change the default security setting in Java to “High”, requiring users to confirm an applet is safe before running.