Yes, I am one of those people who make New Year’s resolutions every year — or, at least, I call them my New Year’s goals. I write them down and hang them on my wall next to my desk to see how I am doing. I fail miserably at most of them, but usually keep one or two. This year, when I write down my 2013 goals or resolutions, I plan to include making sure all of my computers are Java-free. I guarantee that one will be easy to keep.
Oracle released a new Java update with a number of security upgrades. That’s the good news. For the problems that Java has and the security issues that surround the software, Oracle doesn’t provide nearly enough updates — according to Sophos, security patches are released only three times a year. The security updates include the option of disabling the Java web plugin, which eliminates a lot of the security risks found with Java, and allowing the user to set security levels.
However good the security updates are, Java is still going to be one of the primary targets for bad guys, as PC Advisor explained:
That's because hackers know many people do not keep the Java plug-in for browsers up to date, leaving old flaws open to exploitation. This has resulted in a high success rate for attackers. In 2011, an exploit integrated into the Blackhole toolkit, a hacker favorite, had more than an 80 percent success rate, according to HP's security research division.
You can add the new security updates, but habits aren’t going to change. The bulk of computer users are going to continue to skip the update.
Another issue is that the new security measures are not the default settings. Users will have to change them and, again, we have seen that too many users don’t bother to make the changes or are too worried they’ll screw something up if they do.
As Computerworld pointed out, Oracle would be doing a greater service if the defaults were set to the best security levels. And while this may not be the case for others, I’ve found that when I do go to update Java on my laptop, I often get errors that won’t allow the update to install. Granted, my laptop is old, but the update error isn’t a new problem. I’d be curious to see if others have dealt with something similar.
While I applaud Oracle’s security update, I have reached a point where I want to see how things run without Java. I want to make my computers less vulnerable to the threats that are bound to come in the new year.