I’m not suggesting you stop drinking coffee – I would never deprive anyone of that life giving nectar! Heck, It’s a known fact that 95% of the tech world runs on Coffee (the other 5% substitutes alternate caffeinated beverages).
What I am suggesting is that you delete, remove, and abandon Java on your computer!
Why? Well, Java isn’t needed on most computers – the odds that a user in a home environment will require Java are slim – but the Java Runtime Environment (JRE) somehow finds its’ way onto a majority of home computers. That’s not necessarily bad, but Java is “known” for a couple of traits: Poor housekeeping and security vulnerabilities.
Before I go on let me clear up some misconceptions about what Java is and is not.
Wikipedia describes Java as:
Java is a programming language originally developed by James Gosling at Sun Microsystems (now part of Oracle Corporation) and released in 1995 as a core component of Sun Microsystems’ Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities. Java applications are typically compiled to bytecode (class file) that can run on any Java Virtual Machine (JVM) regardless of computer architecture. Java is a general-purpose, concurrent, class-based, object-oriented language that is specifically designed to have as few implementation dependencies as possible. It is intended to let application developers “write once, run anywhere.” Java is currently one of the most popular programming languages in use, particularly for client-server web applications.
Let’s break that down a bit…
- Java is a programming language
- Java was developed by Sun, but is now owned by Oracle
- Java runs in a virtual machine using software called the Java Runtime Environment (JRE) – this is the software you will find on your computer
- Java programs are intended to run on multiple platforms (Windows, Linux, OSX, etc) which saves time during development
Java isn’t needed in most cases
Java programs are mostly in use at businesses. There are very few actual programs written in Java for the home user and if you do have one I would highly suggest that you find an alternative. The reason behind the use of Java based programs in business is the “write once, run many” model of Java. The business pays once for the author to write the software and has the ability to run the software on multiple platforms by simply installing the Runtime Environment. In most other instances a program would have to be specifically written for each platform. Just as at home a Windows programs will not natively run on Apple’s OSX nor will a Windows program run natively on Linux. As you can see it is purely a financial decision for most businesses.
Java doesn’t cleanup after itself
As Java has progressed through its’ various versions users would download and install updates and later notice they had 4,5, or more versions of Java on their machine. The reasoning behind this is that often software written for earlier Java versions wouldn’t function correctly leaving businesses with important programs that wouldn’t run. Good for business, but not so good for security as many of the updates were patches for security holes and leaving the old version installed also means the older version could be ran which would again expose the vulnerabilities in that version.
There’s a big hole in that coffee cup!
Java’s Runtime Environment doesn’t have a reputation as the most secure software. In the past each version has had security updates in the dozens and, in general, each update addresses multiple (sometimes numbering in the 20’s) security vulnerabilities. Add this to the fact that Java doesn’t have a history of patching security holes in the most timely manner and you can see that Java is an accident waiting to happen.
Not a rosy picture, but most attacks have been limited in their scope. An attacker can send compromised documents, or executables to only so many targets. Or can they?
Security researcher Brian Krebs has discovered evidence that exploits targeting Java are being folded into “Exploit Kits”, software often sold on the black market with the sole purpose of “infecting” computers with malware and remote control software. Not good.
Junk your Java!
For most users Java serves no useful purpose – I highly recommend you uninstall all versions of Java from your computer. If, by some small chance, a program doesn’t work after you do uninstall Java look for replacement software that doesn’t require Java to run. If all else fails uninstall Java and download the latest version from the Java website. After each subsequent update be sure to check that previous versions were uninstalled. If not, do so manually from the Control Panel.
To find out if you have Java installed you can visit the Verify Java Version page.