As he drove me home after I had surgery on Friday morning, my husband asked me if I heard about the recommendations to disable Java from computers. Obviously, he needs to read my blogs and articles more often because, as I reminded him, I’ve been advocating disabling Java for quite some time, most recently because […]
As he drove me home after I had surgery on Friday morning, my husband asked me if I heard about the recommendations to disable Java from computers. Obviously, he needs to read my blogs and articles more often because, as I reminded him, I’ve been advocating disabling Java for quite some time, most recently because of an unpatched flaw that threatened serious damage to data.
“I know you have advised that,” he said, “but this time it is coming from the Department of Homeland Security.”
Now that made me curious. Government agencies have warned about cyber dangers, of course, including the outgoing Secretary of Defense’s warning that if we don’t do something about cybersecurity, we could see a catastrophic event that would compare to Pearl Harbor or 9-11. However, this is the first time in my memory that a government agency, particularly one like DHS, has told citizens to remove a specific software application from their computers, just like it is rare to read about cybersecurity issues on a site like Politico:
According to a Thursday afternoon post on the U.S. Computer Emergency Readiness Team’s website, Java 7 Update 10 and earlier could allow a remote user to “execute arbitrary code on vulnerable systems,” putting it at risk for malware. A cyberattacker could exploit the risk to either direct a user to visit a website that would download malicious software to their computer or to access a legitimate website and compromise it with a malicious applet (a “drive-by download”), CERT said.
By Sunday evening, Oracle released a patch for the Java problem. I can’t recall Oracle ever reacting so quickly to a security warning, and I can’t help but think that a warning coming from DHS had something to do with the quick action. Perhaps it was just ironic timing? That’s possible, but on the other hand, I don’t recall a Java flaw getting this much mainstream press, either.
In any case, I believe the time has come for computer users to re-evaluate the need for Java. I don’t have it on my primary computer, and I don’t miss it. This latest flaw isn’t a one-time incident for Java; it is one in a long line of flaws, which Oracle has been either slow to fix or was fixed inadequately. For instance, Matthew Schwartz at InformationWeek pointed out that one of the flaws fixed this weekend was supposed to be fixed back in October.
At least one security expert, Bogdan Botezatu, a senior e-threat analyst with Bitdefender, thinks that we should keep Java around but it should be rebuilt from scratch. I don’t agree, simply because computing has moved beyond Java and surely there are more secure replacements available.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
