On the other hand, Java, made by Oracle,
is a software package installed separately from your browser. It can be
used for creating and running all sorts of regular-style software: web
servers, code editors, word processors and much more. These are called applications,
just like any other application such as Microsoft Word or Apple iMovie.
Java also provides a plugin system that allows stripped-down Java
programs called applets to run inside your browser. They aren't
security generally depends on the Java system itself, not on your
browser. Nevertheless, there have been several recent and widely-abused
bugs in the applet part of Java that make your browser insecure. Time
and time again we're seeing examples of cybercriminals exploiting flaws
in Java to infect innocent users' computers.
earlier this year we saw more than 600,000 Macs infected by the
Flashback malware because of a Java security flaw. In fact, it has
become increasingly common to see malware authors exploiting
vulnerabilities in Java - as it is so commonly installed, and has been
frequently found to be lacking when it comes to security. Cybercriminals
also love Java because it is multi-platform - capable of running on
computers regardless of whether they are running Windows, Mac OS X or
Linux. As a result it's not unusual for us to see malicious hackers use
Java as an integral part of their attack before serving up an
OS-specific payload. Seriously though, stop reading this article now and
check if you have disabled Java or not. Chances are that if you don't
think that you need Java, you don't need it. Even if you absolutely must
use websites that require you to have Java installed, why not disable
it in your main browser and have an alternative browser just for
visiting that website? What you need to do now is reduce the
opportunities for attack. For most people that means disabling Java -
and doing it now.
So i recommend that you turn off Java in your browser.
Most recently, in January 2013, a new zero-day flaw affecting Java in web browsers was exploited. Apple and Mozilla are doing things to help fight the problem for their users, but you may decide that you still need to take steps yourself. There
will be many pointing fingers at Oracle and arguing that it has not
taken the security flaws seriously, but the accusations that are bound
to fly aren't actually going to help the millions and millions of
vulnerable devices out there. Those devices need a patch from Oracle -
but as it may not be available for some time, the best advice I can give
you is to disable Java.