Print
The Java browser plugin is notorious for being wildly popular among malware authors. The ubiquity of Java is not the only reason for this. Rather, the problem seems to lie more in the fact that a sizable chunk of its installed base consists of outdated versions, something that is often attributed to low awareness among users about Java itself and the threat posed by Java vulnerabilities. But according to F-Secure’s Mikko Hypponen, the only thing users need to know about Java is that they don’t need it. Hit the jump for more.
In a recent blog post on F-Secure’s site, Hypponen questioned the very raison d'être of Java and concluded that most people don’t need it anymore. He feels that others too will arrive at the same conclusion once they get down to ditching it.
“The risks of Java are nicely illustrated by the recent Java Rhino vulnerability (aka CVE-2011-3544),” wrote Hypponen. “If you're running Java, but not the latest version, you're vulnerable. So either you have to check at all times that you have the latest version of Java — or get rid of it altogether.”
“And the Java Rhino vulnerability is not theoretical: the most common exploit kits have incorporated this vulnerability in their default exploits, and it seems to be working very well for the online criminals.”
Don’t know about everyone, but certainly those who don't even know their Java from JavaScript don’t need it at all. Hypponen informed these unenlightened souls that the two are completely different things, making it clear that unlike Java “it's hard to use the web without JavaScript”.
For those who only need Java for a specific web application, he has an alternative to completely abandoning it: “Leave Java on your system but remove the Java plugin from your daily browser. Then use another browser that you use only for this one service.”
Comments are closed on this article
DasHellMutt
December 28, 2011 at 4:03pm
Yes, Yes, a thousand times yes! Lets throw Flash and Java in the same landfill and bury them for all time. Along with them should go the entire concept of the web app. They and the platforms they run on are universally shit.
Danthrax66
December 28, 2011 at 10:57am
Doesn't html 5 depend on java or is it javascript... If we get rid of flash and java most internet sites will become pointless.
maroci
December 29, 2011 at 5:37am
Uh, no. Approximately 99.999999% of the web sites in the world use no client-side Java whatsoever.
jnite
December 28, 2011 at 10:25am
Maybe I'm wrong, but don't a number of site still use Java? It's nice to say use another browser for a single site, but what about the others? I'm pretty certain more than one uses it, and people would prefer to keep using their good browser for them.
This honestly comes off as someone saying something isn't needed when in reality it is. It's needed because it is the popular choice, and that is what people are using. There really isn't much of a popular alternative. The same could be said about Adobe Flash. Responsible for a lot of viruses, but too many sites rely on it to simply abandon it.
Edit:
I may be confusing Java with Javascript. I'm not an expert, so feel free to argue against me.
Rooke
December 28, 2011 at 10:55am
I agree with you.
IBM and a number of benchmark websites use Java, not to mention the almighty MineCraft.
Plus, there are 1,000s of Java enabled devices and their remote control apps.
I don't see Java going away anytime soon.
jonnyohio
December 28, 2011 at 8:14am
Somehow I don't think the research took into account all those people playing minecraft.
0ly1r3m@1ns
December 28, 2011 at 8:25am
^^ lol but also my email web portal uses java i test some of my java programes in browsers i just feel java need to be redone and made mroe efficiant
