Home Java Is No Longer Needed. Pull The Plug-In

Java Is No Longer Needed. Pull The Plug-In

For nearly everyone, it’s time to dump Java. Once promising, it has outlived its usefulness in the browser, and has become a nightmare that delights cyber-criminals at the expense of computer users.

 Java Today

Sun Microsystems released Java in 1995 as a technology for building applications that could run on any platform, including Windows, Macintosh and Linux. In its heyday, major browsers embraced Java for running applets within pages. All anyone needed was a browser plug-in for executing programs.

Today, that plug-in has become a top security risk, along with Adobe Flash. Partly to blame for the problem is Oracle, which acquired Sun and its invention in 2009. The database vendor has heightened the risk by failing to launch timely patches.

The latest security meltdown is a case in point. Despite being warned in April of critical vulnerabilities, Oracle did not get around to releasing an emergency patch until last week, after reports that cyber-criminals were exploiting the flaws. Security Explorations, the Polish firm that first reported the vulnerabilities to Oracle, later said the patch contained a flaw that could be used to circumvent the fix.

The Latest Threats

In the meantime, criminals are having a field day. Atif Mushtaq, security researcher at FireEye, says the number of computers infected with malware exploiting the flaws is growing. As of Tuesday, up to a quarter-million computers had been infected. Hackers are at an advantage because computers users are laggards when it comes to applying Java patches. Up to 60 percent of Java installations are never updated to the latest version, according to security vendor Rapid7.

Over the just-past Labor Day weekend, the SANS Institute’s Internet Storm Center and Websense reported finding separate phishing campaigns trying to lure people to malicious sites capable of exploiting the vulnerabilities. SANS discovered link-carrying emails that copied a recent Microsoft message about service agreement changes. Websense found emails disguised as order verification messages from Amazon.

Security experts rate the latest flaws as critical, because hackers can use them to commandeer a computer and take whatever data they want. Risking that kind of damage for a technology with little purpose makes no sense.

What Security Experts Advise

Security experts are hard pressed to say what Java does for most people. While some online games and business applications need a Java plug-in to run, nearly all modern sites, including Facebook and Twitter, use JavaScript, XML and HTML 5, which run natively in the browser. Therefore, people could happily surf the Web for years without ever running Java.

Those who are using a Java application, should run it in a dedicated browser that’s used for nothing else, Patrik Runald, director of security research at Websense, says. Another browser should be used for daily Web surfing. “I’ve run a browser with Java disabled for years,” he said.

Supporters once believed that Java would play a significant role in running Web applications. That never happened. Instead, browsers became the operating system for the Web. “(Java) never took off the way it was anticipated,” Runald said.

So the verdict is clear. Disable Java plug-ins in all browsers, whether Firefox, Chrome or Internet Explorer. Java’s glory days are over and it’s time to pull the plug.

Image courtesy of Shutterstock.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.