Uninstall Java Now!

January 16, 2013 by in PC Matic Blog, Press, The Pit Blog

endjava

Uninstall Java Now!

The Department of Homeland Security recently recommended that everyone disable Java. We at PC Pitstop will go one step further and recommend that everyone uninstall Java immediately. Here is why Java is such a threat to your computer, security, data and your identity.

First a little history. Back in the late 90′s, Java represented one of the core technologies that brought the web together. Java could run on Linux, Macs, and of course Windows, seamlessly. A developer did not need to create a separate version for each platform, and this simplicity drove a lot of Java’s adoption on the web.

As time has gone on, other technologies such as Flash and now HTML5 have essentially replaced Java as the standard for “web” applications. Every once in a while, we all come upon an old web site that still relies on Java, and that’s how Java gets on our machines.

The problem, and it is a big problem, is that Java has many security holes in it. If you have Java installed on your system, and you browse to a compromised web site, your computer is immediately infected. Let me repeat that. You don’t have to execute any malicious software, the malware enters through the security hole without your consent or knowledge. In the security business, this is defined as an exploit – a compromised web site and a vulnerable computer.

I have heard outrageous numbers from associates in the security industry. Industry insiders are speculating that over 90% of all modern malware is distributed through exploits. There are security holes in many products such as Chrome, Firefox, Adobe Reader and many others, but the most porous, security-hole-ridden software out there is Java. It’s not even close.

Think about it. Java is an old technology that you rarely use in your day to day browsing experience. Once a blue moon, you come upon a site that requires Java and you install it and continue browsing. But now, you have created a huge security hole in your system just because Java is installed on your computer.

In a recent PC Pitstop study of 155,745 computers, Java was present on 29.6%. That’s right, Java is up there with Firefox in terms of popularity. The problem is that the bad guys know it and they have created a whole industry on finding new holes in Java and others.

Here’s the next news flash. The PC Pitstop study had only 16% of Java users on the most recent version. This is relevant because Oracle, the makers of Java, have announced that there is a new version of Java that plugs the hole. The problem is that there is a lot of work in keeping all your software up to date. First, you must download the software, then install it, and then most likely reboot. You are looking at 15 minutes minimum. Most people don’t have the 15 minutes, and even more people are unaware that it should be updated.

So our recommendation is to just remove Java from your system. Even if you visit an old web site that requires Java, you can still install it again. A better idea would be to contact the site administrator and tell them to update to other technologies. It’s easy to uninstall Java. Just go into Control Panel and find the application that allows you to manage the software. It is called Programs and Features in Windows Vista, 7, & 8, and Add/Remove Programs in Windows XP. Note: quite often there will be multiple line items for Java. Make sure that you remove all of them.

So the conclusion is to uninstall Java. There might be a web site you won’t be able to use in its entirety, but you can feel a lot safer and sleep better at night.


How to Disable or Uninstall Java

For Windows users, the latest version of Java, Version 7 Update 10, also allows you to disable Java in all of your browsers through the Java Control Panel. Find the Java icon from within the Windows Control Panel, go to the Security Tab and uncheck “Enable Java content in the browser”

Windows users with earlier versions of Java who wish to disable Java should follow the instructions below for individual browsers.

Internet Explorer
•Click on the Tools dropdown menu, then Manage Add-ons.
•Find the Java Plug-in under Toolbars and Extensions (it’s listed under Oracle America), highlight it and click Disable.

Chrome
•Click on the Chrome menu, and then select Settings
•At the bottom of Settings window, click Show advanced settings
•Scroll down to the Privacy section and click on Content Settings
•In the Content Settings panel, scroll to the Plug-ins section and click Disable individual plug-ins.
•Find the Java plugin and click Disable

Firefox
•Click on the Firefox tab and then select Add-ons
•Select Plugins, find “Java (TM) Platform plugin” and click Disable (a of 1/11/13, Firefox has automatically disabled the Java plugin, but you should check to verify this has been done for your browser).

UPDATE 1/14/13: Uninstalling Java may not remove the plug-in from your browser. After the uninstall, we recommend you check your individual browser settingsas well.

UPDATE 1/14/13:Oracle released a patch, Java version 7, Update 11, to address the security hole and change the default security setting in Java to “High”, requiring users to confirm an applet is safe before running.

http://www.techlicious.com/blog/critical-java-security-risk-requires-immediate-action/

146 Responses to Uninstall Java Now!

  1. Dirk Kok says:

    This is the biggest pile of bs I ever seen, just saying.


  2. Jinia Nelzi says:

    It won't let me use my control panel to remove it. I can't even go online. I cannot us my computer at all


  3. Installing the latest version of Java and making sure the security setting is on at least High is the most reasonable thing any of us can do. While Java may never be 100% secure there is nothing else expected of any consumer other than keeping it up to date. (Alternatively you could just never run Java, good luck using the internet tho.)


  4. Ste Douglas says:

    Rob Woodworth If you think the internet is safe you're far from it. You might as well have Java either way. Your identity and information is already on the web if you know where to look.


  5. Susanne Cary says:

    Techlicious I play Yahoo Euchre and up until today Java would permit Yahoo to run. No longer. Apparently it requires Java 7 Update 45 to run. I removed that when I downloaded the new Java this AM


  6. Susanne Cary says:

    That doesn't work with the latest Java


  7. Andrew Plaisted says:

    Nothing is ever 100% secure.
    "The latest version of Java is NOT safe just because exploits have not been published, does not mean they don't exist and never will."
    That statement applies to ALL software, not just Java.


  8. Alan Coler says:

    I have been running java (new and old) for 10 years with no problem. I believe hitting the lottery is easier than getting infected from java if at all possible.


  9. AmericanMuse says:

    Uninstall Java!! I did that on my computer with no functional problems at all.


  10. Cj Nuno says:

    Author is fucking retarded. Gamers use Java for Minecraft. No, it won't be going.


  11. rich says:

    What’s the big fuss about here. Uninstall Java and if you find you need it reinstall it again. Java has become a pain so for me it goes. If I find I need it, I’ll reinstall or preferably find an alternative that doesn’t require it. If people continue to develop using Java that’s fine, but bear in mind you may be excluding people like me from using your product


    • CloaknDagr says:

      @rich:

      Are you serious? Really?

      Ok, well if you don’t use or need Java by all means get rid of it. If you don’t use Microsoft Office don’t buy it and install it. If you can get by on Linux for all your needs, then absolutely- ditch both Windows and Mac. If you can write your own operating system, drivers, and ancillary software then forget Linux too.

      Many of us just cannot do those things, they’re not anywhere to be found in our options list. Java is ubiquitous and pervasive, it’s in HTML accessed/controlled network nodes like IP cameras, routers, firewalls, etc. It’s in webpages that some of us need and there’s no egocentric option for “if you don’t treat me the way I demand I’ll walk away from your software” type malarkey, but we actually NEED it to do what we NEED to do on computers. Telling some people that they really should get rid of Java is not unlike telling them they really should drive their car with two wheels missing.

      If you don’t have any of those things to deal with then by all means get rid of Java.

      But don’t assume foolishly from the depths of an abysmal ignorance that just because you don’t need or use something that no one else does. Don’t assume that the uses you put your IT machines to are the only uses anyone ever has for them. Don’t assume that everyone in the world uses their computer(s) only for looking up recipes and resending joke emails like Great Aunt Tillie does.

      If you just can’t resist and you must, then after you’ve made such an erroneous assumption don’t go on to write an article like the one we’re commenting on that does exactly that.

      I’m sure you wouldn’t make such foolish assumptions and of course Oracle will just jump through hoops to please you, rich. I bet they have read your post and have a whole team of programmers working ’round the clock just to make sure that you’re not unhappy with their software. Even though YOU aren’t the one paying them anything for that software.

      That’s what all the fuss is about


      • rich says:

        @CloaknDagr: Having a different opinion to you, is not grounds for assuming that I’m ignorant.
        I wouldn’t pay Oracle for their software or expect them to jump through hoops, because I don’t want it.
        My point was, the software I have on my PC is software I choose to put there to do what I need to do.
        Software such as Java and Flash are not programmes that I would choose to have, but they’re forced upon me because people use them on their websites.
        My comment about excluding me from using a website that uses Java was meant to be helpful, not selfish.
        If you run a website that you depend upon for revenue, it’s surely in your best interest to make that website accessible to as many people as possible.


      • rich says:

        @CloaknDagr: And by the way, I don’t class myself as an IT expert, but I do write websites. So don’t assume my computer usage is limited to looking up recipes and joke emails


        • CloaknDagr says:

          @rich:

          You said-
          “Having a different opinion to you, is not grounds for assuming that I’m ignorant.”

          An arbitrary difference in opinion isn’t what I consider ignorant. It’s the (paraphrasing here) “What’s the fuss? Just get rid of it. I don’t use it so no one else needs it either.” aspect that I consider ignorant. That was the core of this article and that was the gist of your post.

          Bear in mind that we’re talking about an article published by a fairly well regarded, reputable organization (PCPitstop.com) that gives ADVICE to people across the full spectrum of computer users. Bear also in mind that is the topic to which I refer in all my posts in this thread. Proceeding from that point, when such an organization publishes something under the mantle of “expert advice” it assumes some responsibility for the accuracy and validity of the advice rendered. As such, it is not completely without influence.

          The giving of that advice is not without consequences- good or bad depending on whether the advice is sound or not. That the article and apparently you take the “toss the baby out with the bath water” approach to this topic isn’t an arbitrarily neutral matter of opinion, it’s ignorant of the real world. In the real world there are both situations where Java can be done without and there are situations where it absolutely cannot be avoided.

          Thus “Uninstall Java Now!” given as advice to all computer users is ignorant and any position that supports that is likewise ignorant by association. It is either sage, sound, helpful advice or it’s bad advice based on ignorance of the scope that Java is used. That is true and is an unequivocal fact because Java is not just used on websites that can be avoided and because there are both websites and net nodes that use Java for various indispensable purposes.

          Taking into account the above facts, this topic is not a matter of opinion because there’s no valid, knowledgeable margin allowing an informed opinion to be involved. The topic isn’t arbitrary, it’s simply a matter of correct or incorrect. An uninformed opinion is the definition of ignorance. I’m sorry I had to spell all that out for you but apparently you didn’t “get it” as demonstrated by your simplistic approach to the topic.

          This is why I’m taking the time to post on this thread, hoping to address that very ignorance before this article can cause unintended damage by advising people who know no better to do something that may not be in their best interests.

          You said-
          “So don’t assume my computer usage is limited to looking up recipes and joke emails.”

          I didn’t make that assumption, I very clearly asked you not to make that assumption about all computer users. My point was that just because you (or anyone for that matter) might have a certain use for IT systems doesn’t mean that your use is the only use and to bear in mind that there are other people with other uses that this kind of “toss out the baby with the bath water” advice would most certainly be detrimental to.

          I’m pretty sure I made that perfectly clear the first time but if not, it should be now. I understood and addressed “your point”, apparently you didn’t understand my point. I’m actually being generous by “assuming” you didn’t get my point because either you misunderstood or you just want to blather irrelevancies in lieu of discussion. So I’m giving you the benefit of the doubt and you’re welcome.

          You said-
          “What’s the big fuss about here.” (sic)

          You asked so I told you what the big fuss was about here. Twice. If you didn’t want to know then why bother to ask? Do we need to go for three times before you comprehend the answer to your interrogative?


          • rich says:

            @CloaknDagr: You nicely sidestepped my points, to just say what you said before.
            And you clearly have an urge to right a novel on this subject, I don’t. I could, because I’m not simplistic, I just have better things to do.
            “What’s the big fuss about”
            If you buy something that needs Java to work, it will tell you and you clearly need to have it.
            If you’re just visiting websites that require Java, do you need it or can you get that elsewhere.
            You’re clearly someone who once they have their opinion, are unwilling to listen to others, and you wrap insults up in large senteneces to mask your inability to have a discussion.
            Goodbye


            • CloaknDagr says:

              @rich:

              Gee, I’m sorry I used too many words for you. However, you did ask and I see we do have to go for a third time. No one is forcing you to read my “novel”, feel free to close the page right now.

              This is as simple as I can make it-

              ****************************************************************
              1. Abandoning Java completely will cause unexpected problems with unintended consequences for many people. The percentage is irrelevant because the numbers will still be very large.

              2. Advising everyone in the world to abandon Java forever is bad advice. I’ve already covered why that is, in depth, and stand accused of using excessive verbiage for doing so.

              3. People who are not aware of #’s 1 & 2 above potentially will be victims of this bad advice. That is why it’s irresponsible to give this advice in the first place.

              4. Just because you’re not aware of #’s 1 & 2 above doesn’t mean your advice is sound, it means you don’t know enough to be giving advice on this topic. Which is what this article did.

              5. If you agree with or support the content of this article then you are likewise at fault either through ignorance or malice.

              6. These are all facts, there’s no “opinion” involved. Advice of this nature is either correct or incorrect. The advice in this article is incorrect.
              *****************************************************************

              As a SPECIFIC example, if you uninstall Java and use certain network IP nodes you will not get full functionality. With a Trendnet TV-IP110 IP security camera if you uninstall Java you will not get the “Live View” function of the camera, which if you’re depending on that camera for anything at all renders the camera completely useless. You MAY or MAY NOT get the little “puzzle piece” icon that denotes a need for Java depending on the browser you’re using and your system configuration. Even if you DO get that icon unless you know to CLICK ON IT you will not be informed that Java is required.

              Thus your statement that -

              “If you buy something that needs Java to work, it will tell you and you clearly need to have it.”

              -is WRONG.

              It doesn’t matter that a small PERCENTAGE of people actually use that particular device because for those that DO and follow the advice in this article and/or your advice that camera will be rendered useless by the removal of Java from their system. IF that camera was set up by an IT pro and not a knowledgeable system owner, the owner will blame the IT pro or the device for the failure caused by following the advice in this article. Without knowing that they were responsible for the failure. If that camera provides vital security for the system owner then the result of following this advice may result in a genuine disaster if not corrected before the device is needed to fulfill it’s intended function. This may result in a DANGEROUS situation.

              That is only ONE specific example among many and your lack of experience or knowledge of issues of this nature does not excuse you to give bad advice or make untrue statements.

              Consequentially the advice in this article is completely incorrect. It is BAD advice rendered by ignorance of the facts. Supporting that advice by reason of identical ignorance is likewise irresponsible. That the author of the article or you are not aware of these results and assume that everyone uses a computer the same way you do is sheer, bullheaded, stupidity avoidable by not rendering incorrect advice in the first place. That stupidity is compounded by the ridiculous insistence that your “opinion” is viable and you cannot possibly be wrong and that there are no grounds to accept correction of your error.

              So to be perfectly clear and use as many words as I see fit- It is INCORRECT advice, which is a FACT not an OPINION. Opinion and fact are not synonymous words nor interchangeable concepts.

              I’m a real IT pro with over 30 years in the IT field. This is my area of expertise and I make a fairly decent living selling that expertise on the open market. I own an IT company and the results described above are well within my experience and that of my employees. You claim a lack of expertise in this area yet are compelled to give and defend bad advice even so.

              I do not subscribe to the “every opinion is valid” school of thought. In my many years involvement with this industry I have seen a devolution from “correct vs. incorrect” to “if you have an opinion it is valid and because you state your opinion it is automatically deserving of respect.” I see this same phenomenon in my daily work and it increases in frequency as time passes.

              I do not make statements regarding IT systems unless I not only know what I’m talking about, but also am absolutely positive I’m correct. Absent those criteria I always take the position that “”I don’t know” or “I’m not sure” but I will find out and get back to you.”"

              I reach the point where I am absolutely positive I’m correct through research, my foundational education and my many years of broad experience in this field. Once the point is reached where I will make such a statement to ANY other person there is no discussion, there is only correction. Thus you are right in noting that I am not discussing this with you. I am correcting you. Though you don’t seem to realize it, you are wrong. If you choose not to accept logical correction in the face of demonstrable facts any deficiency is yours not mine.

              If you don’t like the way I correct you, that is likewise your problem not mine. It doesn’t change the fact that you’re wrong or that your persistence in insisting on your right to be wrong somehow makes you correct.

              Thus I have taken the time to point out in great detail the errors in this article and the subsequent posts erroneously commenting on same. Like yours.

              While you may claim “to have better things to do” that does not diminish my efforts to render valid, correct advice on this topic. I do my best to see that whoever reads what I write gets enough information to make a sound, informed decision. That you forgo doing so is not a credit to you. It is difficult to reconcile the fact that you claim to have better things to do yet post an incorrect “opinion” then plead the virtue of brevity when corrected. Obviously you don’t have anything better to do than make erroneous statements and then try to defend them no matter the number of words you use.

              I will use as many words as it takes to make the referenced correction(s) and if you don’t like the number of words I use the deficiency is also yours not mine. You can either tell me why I’m wrong, or you can ignore me, but criticizing the number of words I use to make my point perfectly clear is nothing but dodging the fact that you are wrong. Employing such a defensive tactic in the face of being proven wrong and to negate being corrected for your error does not somehow magically make you correct. A simplistic, brief, fallacious approach to a complex and critical issue does not mystically impart some sort of merit.

              I don’t really care if you just read my “novel” or not. What I care about is making the effort to assist people in avoiding the consequences of bad advice. That is a function of who I am and what I do for a living. I’m doing it here for FREE. It is a generosity of my time and effort. No matter how many words it takes to accomplish that.

              To answer your question for a third time- That’s what all the fuss is about.


  12. Dennis Teel says:

    these pc professionals who advise that you uninstall java,also advocate you not download any programs or use any sites regularly that requires that you have java enabled.they don’t actually say that however.they will just claim that those sites and programs shouldn’t be used.they be risky.their attitude reminds me of some pc programmers I knew who absolutely preached that all toolbars are bad regardless of who created them(especially music toolbars.but toolbars by conduit have always been safe imo)/.I’ve used music toolbars since 1997 and never had a problem.it comes down to common sense.what these pc people expect you to do is uninstall java and NEVER run any kind of program or use any site regularly that requires java.they’re notion is that it’s dangerous.it reminds me of what these guys told me about toolbars.NEVER download one..NEVER download free online software..NEVER ,etc..they had a seizure when they found I frequently downloaded(even purchased) music-mp3-downloader..clickster pro,,etc..NO NEVER they said…music toolbars..NEVER they warned me…nothing nasty ever occurred from my downloading any of those things.my point is that these professional pc’ers that advise you to uninstall java,also expect you to narrow down the things you do and go when you surf the internet.uninstall java and stop using anything that requires it..period.that entails a whole lot for people that are on the internet for several hours a day using it for entertainment purposes/.if I ceased downloading everything I was warned about and only surfed sites that didn’t require java i’d only be checking my email and surfing a limited amount of cyberspace.doing very little compared to what I do now online./


    • @Dennis Teel: No one ever said all toolbars are bad and no one is saying NEVER to use Java. But Java has been shown over and over again to contain bugs that are actively being exploited by hackers in the wild. So unless you need Java, you shouldn’t have it active. If you do need it for web apps, it would be safer to use a separate browser for sites that require Java to be active, while keeping Java off in your main browser.

      Outside of online games and coupon sites, it’s rare to find sites that use Java. I keep it disabled in my browser and I’ve only found one site I use that requires it to be active – and I visit a lot of sites for my job.


      • CloaknDagr says:

        @Josh Kirschner:

        “No one ever said to NEVER use Java”? That’s just flat out untrue, what do you think “Uninstall Java NOW” means? It means lose Java forever immediately and NEVER use it.

        As far as “online games and coupon sites” being the ONLY use for Java, that’s just flat out untrue also. Many HTML controlled devices use Java; routers, firewalls, IP cameras, etc. NASA uses Java, just today I was on NASA’s website looking up data on comet PANN-Stars and the app for the orbital data uses Java.

        When you say “only blah blah blah uses Java blah blah blah” what you MEAN is “I don’t use or need Java so therefor no one else does either.” That’s like saying “All camels have humps on their backs so anything with a hump on it’s back is a camel. So humpback whales are camels because I’ve seen camels but not humpback whales.”

        It sure would be nice if people who have no idea what they’re talking about would stop giving their “sound advice” to people who know even less than they do. Which is what the person who wrote this article did. Folks just mess up everyone’s computer system when they do that and cause huge headaches for us IT professionals.

        As for you … Stick to what you actually know something about, you made two completely false statements in the same number of paragraphs and I have demonstrated beyond equivocation WHY those statements are false.


        • @CloaknDagr: Wow, that’s some angry rhetoric. Let’s get beyond that and discuss some facts. According to W3Techs, only .2% of websites use Java on the client side (http://w3techs.com/technologies/details/cp-javaruntime/all/all). And from PC PitStop’s own stats above, more than 70% of the PCs they see don’t have Java installed at all. Of the remaining 29%, many of those people may not be using it either (i.e., it came installed on their PC or they downloaded at some point in the past but no longer need it). So, yes, actual statistics strongly show that consumer usage of Java is rare.

          Worse, though, is of that 29%, only 16% had the most recent version of Java. So 84% of Java users (whether they were actually “using” it or not) were leaving themselves open to known vulnerabilities currently being widely exploited on the web.

          ColaknDagr, If you’re running a corporate environment, that may be different. You may have proprietary programs and apps that require Java. If that’s the case, inform your users so they know what to do (or not do). I’m sure they love to hear from you – you sound like a delightful person to work with.


          • CloaknDagr says:

            @Josh Kirschner:

            That’s not “some angry rhetoric”, that’s calling you on making completely untrue statements. You DID make completely untrue statements and of that there is no doubt.

            Untrue statements which I notice you try to walk back with useless statistics.

            Those statistics are useless because if someone happens to be in one of the minorities you cited they don’t apply. They are generalizations in a field where generalities do not pertain to the individual or their computer configuration. I have already pointed out at great length WHY they do not pertain, both on general WAN internet usage and on controlling LAN IP based nodes (cameras, routers, firewalls, etc.) that are more than common to every day users.

            Your statistics do not even cover the latter. I shudder to think how many people have read this article and followed it’s “expert” advice but find that they are now unable to control those LAN IP nodes that use Java … and they don’t know why they can’t access them any more. This article is BAD advice of the very worst sort.

            Thus I don’t really care if “only .2% of websites use Java on the client side” because while that’s a nice statistical generality there are most certainly people who need and use a higher percentage of Java than that. I cited a very common site in my reference to NASA.

            I assure you, if it’s take your word (and that of a website) or NASA’s I’m going to go with NASA every time. Pardon me if I place more stock in the people who launch interplanetary space missions than I do in some poster on a website advocating the preposterous.

            It doesn’t matter for purposes of this discussion if only 16% of 29% have the latest version of Java installed, that is a user/admin failure not a failure on the part of the Java software itself. User error is user error, no one is to blame for user error but the user.

            Unlike the author of this article I do not presume that all users will fit neatly into a category nor do I assume all users are too stupid to operate their systems correctly and so need some kind of bogus “expert” advice to uninstall Java. There may be some, they may even be in the majority, but this is not a democratically based situation where everyone is required to bow to the will (or failings) of the majority.

            If only 70% of PC’s have Java installed that does not mean that the other 30% do not NEED Java. That is a logical fallacy like the camel hump fallacy I pointed out. But yet you persist in perpetrating that fallacy.

            Even when it is pointed out to you that it is in fact a fallacy you stubbornly repeat the same mistake. If you think I’m “angry” then maybe you should actually read all the responses I’ve made to your “expert” advice so you can see that it gets very old pointing out where someone is wrong (and even making completely untrue statements, so demonstrably untrue that they are fully obvious) only to have them persist in their denial of the facts. Reason and logic do not seem to penetrate your mental perimeter, perhaps strong language will fare better. But I doubt it because by now I only expect you to be wrong and no matter what to not budge from that error.

            Hence my advice to people reading your “expert” opinion is to run screaming from it as fast as they can.

            Sure, there are users who do not need Java. That’s fine and dandy. But that does not excuse telling EVERY user to permanently uninstall Java. Far more sage and professional advice would be to tell users how to determine if they actually use Java or not, and THEN if not to go ahead and uninstall Java until such time as they discover they need it. With the proviso that they are not in a supervised system where the System Administrator has spec’d Java software for the environment but they go ahead and read this article and uninstall it anyway.

            Yes, I operate in a corporate environment, but I also (obviously because I’m here posting) operate in a private capacity. Just because I make a living with computers does not mean I don’t have any knowledge or experience with non-business oriented computer systems. One does not preclude the other, and there’s ANOTHER logical fallacy you have passed off as valid reasoning.

            You don’t need to concern yourself about “my users”, my clients and users LOVE me. One of the reasons for that affection is I don’t pass off malarkey as sound advice. The fact that I have no problem with chopping the ignorant baloney I encounter off at the knees endears “my users” to me and yes, they are delighted to work with me. Your final logical fallacy is that you assume because after many attempts to get you to see the light of day while you stubbornly persist in your benighted hogwash I must be hard to work with.

            Professionally and personally I cannot agree with the content of this article and I cannot sit idly by watching ignorance and generalities passed off as expertise and specific advice to everyone. I’m sorry if you don’t like that and want to persist in making untrue statements but that’s too bad. I call ‘em as I see ‘em and I don’t give a fig for being politically correct about it.


            • CloaknDagr says:

              @CloaknDagr:

              One more thing I forgot to mention, Josh. You ARE partially right, someone like YOU would really hate working for me. I would have fired you after I had told you to get off your baloney horse and gave you a chance to comply. When you refused and chose to argue with me after I had demonstrated that you were undeniably wrong I would have terminated your employment. My company isn’t a democracy and I don’t play politically correct patty-cake with college boys who think they know more than a pro with 30 years in this field. While I am always willing to listen and learn and do not credit myself as infallible I also do not tolerate willful ignorance, conceit, and stubborn refusal to acknowledge facts when an employee is beaten over the head with them. No, I just send that kind of person out the door with their final paycheck and burning ears. Good luck in your IT career, I pity the people you work for/with and you had best hope you never work for anyone like me. Unless unemployment checks are your favorite source of income.


  13. DHANANJAYA PANDA says:

    computer not access java login


  14. Susan Keller says:

    If you just turn it off even when you think you want to have it run.. it will have to be updated anyway.. may as well remove it. Some sites may be fine to use Java however it is advised to remove it when your video is done. But then what do I know.. lol!


  15. I'm running McAfee, with real-time scanning and firewall activated. Are these measures ineffective against these so-called "exploits", rare as they reportedly may be? Also, I used to get those annoying javascript runtime error messages on a regular basis (not so much anymore). Would removing this program altogether affect recurrences of runtime error messages?


    • CloaknDagr says:

      @Dwight Foster:

      No defensive software is more than about 50% effective and I’m being generous saying 50%. You cannot count on a single program like McAfee to keep you safe no matter what you do. You need layered defenses, look up that term and apply it to your situation.

      I run Panda Cloud, MS Security Essentials, MS Defender, Spybot Search & Destroy and Malware Bytes Anti-Malware (MBAM), Windows Firewall and a real SonicWall hardware firewall on my perimeter. I have Java turned off in my main browser but have an alternate browser configured JUST to run things where I need Java and ActiveX. For the record I really hate Internet Explorer and only use it for certain things, I also have Firefox with AdBlock and NoScript installed, plus Google Chrome. I use all three browsers in my daily life as a computer pro.

      Java and Javascript are TWO completely different things with confusingly similar names. In general, what applies to one does not apply to the other for the purposes of this discussion.


  16. IntelGuy says:

    There seems to be a lot of misinformation in these replies as to how much Java is needed. I have never installed Java on any computer I have built (I have never bought an off the shelf computer) going back to about 1999, which is well over two dozen computers, and I can count on one hand the number of times something on a website did not work because Java was not installed, and even then it was nothing significant.

    I think many of these comments are based on not knowing the difference between Java and javascript. I have never installed Java on the computer I am writing this from and I can go to Facebook just fine, I can listen to BBC Music just fine, I can print out my USPS postage labels from eBay just fine, etc, etc, etc.

    Uninstalling Java is not a new concept exclusive to PC Pitstop. The topic has been visited before by other well known computer experts:

    http://ask-leo.com/should_i_disable_java_and_if_so_how.html

    http://www.infoworld.com/t/java-programming/its-time-run-java-out-of-town-190525?source=fssr

    http://www.howtogeek.com/122934/java-is-insecure-and-awful-its-time-to-disable-it-and-heres-how/


  17. Techman Dan says:

    Lots of inaccurate information in this article. If a user has NO security software installed, and if the user likes to click on unidentified popups promising big money and worldly pleasures, then it might be possible to run a particular binary to infect a system. Advising users to uninstall Java is just plain wrong. Text/link-only sites are boring and outdated. Are you really advising users to uninstall Java because you are too lazy to update your own software? This sounds like advice a 15-year-old would give. I have been developing software and computer systems for years. There are plenty of easy ways to update software and you are truly lazy if you think downloading and installing an update is that difficult. Why even work on articles here if it’s so much work? If you are too lazy to install the update yourself, download and install Secunia PSI which will update and patch vulnerabilities in many titles for you, including java. http://secunia.com/vulnerability_scanning/personal/

    Want to check and see if your software is up to date? There are several reliable update checkers available from places like Filehippo.com, majorgeeks.com, filepuma, C-net Techtracker, kcsoftwares.com (Sum0), and more. There is no call or need to uninstall Java and Java is used more widely than you are leading readers to believe. Having the latest version installed, and running a reliable security suite provides protection. Past that, all it takes is a little common sense. When the popup appears inviting you to share wealth of the “prince of Nigeria”… C’mon now. There is no cyber defense against foolishness or lack of common sense.


    • @Techman Dan:

      I think you’re confusing Java and JavaScript. Very few sites require Java to run, though most do use JavaScript.

      The fact is that many people don’t keep all of their software up to date, and scammers are pretty ingenious at getting people to click on malicious links; casting those that do as simply “foolish” or “lacking common sense” doesn’t reflect today’s reality, nor the fact that many/most users are not techies who can easily decipher what is real and what is not. In any case, the identified exploits can infect you without requiring actions on the part of the user.

      Given the continuing risks and the relative lack of value for many users, disabling Java is the way to go.


      • Techman Dan says:

        @Josh Kirschner: I’m not confusing anything. Java Runtime Environment is a requirement of plenty of software available today, going far beyond simple website javascript. There’s lots of profitable software running today which requires java for everything from communicating to printing to playing games. I’m not going to list examples. I am also correctly casting many users into multiple categories. There are wise users as well as foolish. My company has many customers who range the whole spectrum. One customer came to us with a system that was a bot and had countless malware signatures (around 800). Others want the added protection of proactivity in the face of today’s zero-day threats. It is a duty for those of us with knowledge and experience to teach those who lack the element of common sense and make them wise. Since most users are capable of reading and comprehending even the most basic instructions, and since everywhere you look today there are plenty of warnings against foolishness such as clicking on strange popups of answering the “prince” of some foreign land. It doesn’t take a genius or a senior tech to have common sense. Reading your comment, you leave an impression that most users are “stupid,” for lack of better term.

        Identified exploits can be stopped in their tracks with proper zero-day protection, as well as a reliable security suite.

        This article ticked me off just enough to weigh in, but I have better things to do, such as protect users from zero-day threats. There are many would like to argue. It gives them a reason to post a comment. John, Given the continuing risks and the relative lack of value for many users, getting rid of computers or at least internet access is the way to go. In order for 98% of users to function on the internet today, John, Java will be required. That’s why there are those of us out here who work hard to stop zero-day threats and even track down offenders who write malicious code. You go ahead and disable your Java, John. My company and our customers will continue to use Java safely, using common sense.

        Stay vigilant everyone!


    • BILL MACGREGOR says:

      There Is a Sh&* Lot of inaccurate information in this article. I Find It Interesting That I Have To “TURN ON” “JAVA” To Answer Options On This WEB Site. What The Heck!
      Oh, I know , I am Running The Number 1 Security Tool That All Should Have, “NoScript”.. It blocks All Java and Java Script.. It’s Installed on SeaMonkey 1.9. 1.9 Is a Very Old Browser, 99% of It’s Flaws have been forgotten ..
      I takes about 3 min. To Download and install Java, Lazy Is Not That Word For It..

      PC Pitstop need not ever send me an other email like this..

      BILL MacG


  18. Vic Cowling says:

    Agree with many of the above, I disabled Java this afternoon, and now Facebook doesn’t work properly (hardly a minority site) and nor can I listen to BBC radio via Internet, unless I re-enable


  19. Do any of the firewalls or other protections protect against those "EXPLOIT" naughty things?


  20. Susie Fleet says:

    But what about Ebay? I sell things on Ebay and I can't print out shipping labels without Java! Is there another solution to that?


  21. Concerning the 15 minutes, he meant EVERY time you update you use the 15 minutes. So, as a matter of course, many people might put off putting on FUTURE updates. You only have to uninstall once, and this is an appeal to put down what you are doing and do it now… That said, I researched and seems like if you set it up right, have the right protection, and keep it updated (even with the "15 minutes) you can be somewhat safe.


  22. He meant 15 minutes EVERY time they publish an update–so updates by the general public are sometimes delayed. The uninstall only happens once…


  23. david says:

    I updated java last month on my WXP computer and now my Media Center doesn’t work, I uninstalled it and went back toseveral previous versions, and it still doesn’t work, my AV product says no threats found. I have nothing to lose by updating to the latest version. I have not wound Windows back to mid November yet, to see if that fixes the problem.


  24. Mike says:

    Yes, I think the article is a little alarmist, but there is a reasonable element of truth in what is said but it seems to only apply to web browsers. The first sentence actually describes what the US-CERT said, and that is to temporarily disable JAVA until the issue is fixed.

    “.. Due to the number and severity of this and prior Java vulnerabilities, it is recommended that Java be disabled temporarily in web browsers as described in the “Solution” section of the US-CERT ..”

    http://www.us-cert.gov/current/#us_cert_releases_oracle_java


  25. faramarzi says:

    no isnt true , test it before say wrong


  26. MUZAAYA JOSHUA says:

    Those crappy-old java APPLETS are very annoying. The desktop-running normal java programs have no problems, but those APPLETS running in the browser. Why are programs still written in Java ? – arrhrhh…..!!!!


  27. Half of the sites I use , use java, I updated, but I never had a problem with java anyway.


  28. Norm Higgs says:

    "Most people don't have the time to update" (15 minutes) – Really? Are you SERIOUS? That is the most idiotic statement I have ever seen from a supposed computer professional. And it pretty much inspired me to stop reading right there.

    Any serious computer security professional will tell you the FIRST 3 steps in keeping your computer secure is UPDATE, UPDATE, UPDATE.


  29. javaman says:

    This article is absolute bull****! Give as a software that can do like jave and we will do it.


  30. David Ulmer says:

    I am not knowledgeable about computers and software, so this has sared. I have lots of cathing up to do to be comvetable with the technical aspects of my computer. I appreciate warnngs, suggestions, ec. to help me. operate my computer with confidence. I admire those individuals who have mastered the technologhy and the know-how in operationg and managing their computers.

    I appreciate you shareing your thoughts and comments regarding softwae issues.

    Regards, Colonel (Ret) Dave Ulmer, SFm USA


  31. Pat says:

    The latest Java 7 Update 11 update is also vulnerable to sandbox bypass exploits, researchers from Security Explorations say…. http://www.computerworlduk.com/news/security/3421517/java-7-update-11-critical-vulnerabilities-discovered-by-researchers/


    • simrick says:

      @Pat:

      I am no computer expert by any means, but I do spend a lot of time setting them up and clearing viruses off them, so I am familiar with some terms and research. I had noticed that, updating J7U10 to J7U11 did not change the actual install date in the system (using ccleaner to view this). This was a flag to me, and so I proceeded to uninstall Java completely and reinstall J7U11. I had noticed that the security setting had been changed by them to High (it used to be Medium), could this be their fix????? I hope not – that’s not enough! So I did some investigating. I found the same website showing the 2 sandbox bypass proof-of-concepts, and then began to wonder about “Ads” – do adverts on web sites use Java applets? based on what I read in Wikipedia, yes, they can. So, I could potentially visit a site like, say, CNN, or even Yahoo mail, and be infected by a malicious applet from an advert feed. So, it appears the best course of action is to disable Java in all browsers until they have completely plugged this hole. It is now January 22nd and still, we are left hanging…and no operating system is safe – Java applets are operating-system-INdependent.


  32. Jeff Rohner says:

    You make it sound like java is only used on websites, far from the truth. Real programs are written in java too. It's definitely not some outdated useless software that no one uses anymore.


  33. Alan Gustin says:

    IBM supports Java on all their major platforms. This means that even if Java should disappear from the face of the Earth it will still be the running on the mainframes (like COBOL). The primary advantage for programmers is the ability to develop locally, and the strictness of the JVM meaning it will run in a predictable way.


  34. Mitch says:

    Its amazing “Think about it. Java is an old technology that you rarely use in your day to day browsing experience. Once a blue moon, you come upon a site that requires Java and you install it and continue browsing.” Sine i read this article at 11:54 Jan 21 2013 i have run into 86 instances where Java was required to run a website I dont know how far ahead of the curve you people are but there are still alot of us that unfortunately rely on Java for OUR everyday computing .But lest we forget those people


  35. CheapSeats says:

    Yes, poorly written, sounds biased, like “throw away all your macs”. Ignore.


  36. I have been avoiding Jave issues for a long time now.

    I have it installed and up-to-date; however, my secret weapon is not a secret; it is good common sense. I browse through the Internet using FireFox and have, among others, the NoScript addon installed. This permits me to decide on a per site basis as to whether I allow all the page or just parts of it, and that can be on a permanent or temporary basis.

    It can seem like a pain in the rear when you first use it. Nevertheless, as time goes on, and you have allowed the sites you trust and go to regularly it gets easier. It then just affects you if you go to new sites.

    Happy and safe surfing

    Bj aka Bjantiques


  37. John Cardona says:

    I agree to unsubscribe. This article seems not to be impartial


  38. Jeffrey W. VanDer Sluis says:

    You can also just disable JAVA for web by just unchecking the "Enable Java Content in the browers" in the "Java Control Panel" under the Security Tab. That along with the lates version at http://java.com/en/download/ie_manual.jsp?locale=en.
    should take care of it won't it?


  39. Vali Dragan says:

    Funny how they speak about uninstalling Java the whole post , even giving you step-by-step instructions on how to uninstall it , but they try to avoid the fact that The Last Version of Java is secure.
    15 minutes of installing it? It's not like I'm working my a** off in those 15 minutes , just pressing a few buttons. Don't want to reboot now? Reboot later.


  40. hawkhuff says:

    I have a question. Each time I view my list of programs in an uninstall program I see multiple versions of Java. Will I be OK if I uninstall the earlier versions? Seems to me the newer versions, when installing,should automatically remove the earlier versions like so many other program will do. Should I remove them?


  41. M H says:

    Man, I’m unsubscribing from PC Pitstop. I’ve never gotten so much useless insignificant and exaggerated news.


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Scan with PC Matic

Sign up for our FREE Newsletter

Our weekly newsletter is packed with computer tips & tricks.
As a bonus, receive monthly emails with exclusive offers.

Which device is the most important to you?

View Results

Loading ... Loading ...


Contributors