My 2013 Resolution: Removing Java from My Computers

Sue Marquette Poremba

Yes, I am one of those people who make New Year’s resolutions every year — or, at least, I call them my New Year’s goals. I write them down and hang them on my wall next to my desk to see how I am doing. I fail miserably at most of them, but usually keep one or two. This year, when I write down my 2013 goals or resolutions, I plan to include making sure all of my computers are Java-free. I guarantee that one will be easy to keep.

Oracle released a new Java update with a number of security upgrades. That’s the good news. For the problems that Java has and the security issues that surround the software, Oracle doesn’t provide nearly enough updates — according to Sophos, security patches are released only three times a year. The security updates include the option of disabling the Java web plugin, which eliminates a lot of the security risks found with Java, and allowing the user to set security levels.

However good the security updates are, Java is still going to be one of the primary targets for bad guys, as PC Advisor explained:

That's because hackers know many people do not keep the Java plug-in for browsers up to date, leaving old flaws open to exploitation. This has resulted in a high success rate for attackers. In 2011, an exploit integrated into the Blackhole toolkit, a hacker favorite, had more than an 80 percent success rate, according to HP's security research division.

You can add the new security updates, but habits aren’t going to change. The bulk of computer users are going to continue to skip the update.

Another issue is that the new security measures are not the default settings. Users will have to change them and, again, we have seen that too many users don’t bother to make the changes or are too worried they’ll screw something up if they do.

As Computerworld pointed out, Oracle would be doing a greater service if the defaults were set to the best security levels. And while this may not be the case for others, I’ve found that when I do go to update Java on my laptop, I often get errors that won’t allow the update to install. Granted, my laptop is old, but the update error isn’t a new problem. I’d be curious to see if others have dealt with something similar.

While I applaud Oracle’s security update, I have reached a point where I want to see how things run without Java. I want to make my computers less vulnerable to the threats that are bound to come in the new year.

Add Comment      Leave a comment on this blog post
Dec 28, 2012 12:14 PM Ryan Ryan  says:
I have found in many organisations-- especially SMBs, that patch management is limited to Microsoft products via WSUS, hence leaving out Java, Adobe Flash/Acrobat and other third party apps. They seem to be unaware that there are some free tools out there to automate the process. Limiting your login credentials to a standard user and application whitelisting (e.g. parental controls / applocker) is very effective in limiting the success of malware. Reply
Dec 29, 2012 5:00 AM Mark B Mark B  says:
So you are going to remove Java from your computers because other people don't update theirs own? Reply
Jan 1, 2013 12:01 PM eljhonb eljhonb  says:
Interesting but how to view java-based company's application sites? Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.