Oracle gives 21 (new) reasons to uninstall Java
A modest (security) proposal
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Oracle this week pushed an updated version of its Java runtime environment that fixes 21 security vulnerabilities, 19 of which allow attackers to remotely install malicious software on end-user machines.
The company recommends users install Java 6 Update 24 as soon as possible, but before readers follow though, allow us to offer this modest proposal: Try uninstalling Java altogether. This will dramatically shrink the attack surface of your machine, and unless you use a handful of specific applications, you'll never notice the difference.
Once upon a time, Java, with its mantra of write once, run anywhere, was the white knight that was going to save the mankind from the predatory clutches of Microsoft Windows. It never quite worked out that way – at least on the desktop – but the prospect was enough to “scare the hell” out of Bill Gates (your reporter's byline used to accompany that CNET exclusive but it was removed years ago for reasons that are unknown).
Despite the hype about Java's superior security model, the framework by some accounts has surpassed Adobe applications as the most exploited software package, with millions of attacks logged each quarter. While the vast majority of the affected platforms are Windows, attacks, albeit lame ones for now, are beginning to target Mac OS X and . And given Steve Jobs' insistence of thinking differently, Apple doesn't typically release Java security updates until months after they come out of Oracle.
Even Java attacks against Linux are now being seen.
We won't spend much time complaining about Oracle's legal broadside on the Android operating system, but that's another reason you may want to avoid Java.
So go ahead, give it a try and uninstall Java completely. You can always reinstall it if you need to, although as we've already said, if you're like most people, there's little chance you'll need to. ®
Bootnote
No, OpenOffice does not require Java. Per the official OpenOffice Wiki, Java is required merely to complete OpenOffice. Most OpenOffice functions work just fine on machines that don't have Java installed.
COMMENTS
Uninstall Everything
If you are going to uninstall everything with a security flaw in it, you might as well forget owning a computer: MacOS, Linux, Windows, BIOSes, Java, .NET, the whole lot can go.
Its fun to write dumb articles like this one, but giving companies grief when they publish security fixes is a pretty bad strategy - it is only going to encourage companies to hide their flaws.
Why not...
uninstall Microsoft .Net - just like Java, except its updates are forced with Windows updates so you don't see them, didn't you know that? Perhaps you should also suggest Adobe products or even Windows itself
Stop scare mongering. Chances are if people have it installed already it's because an app on their system needs it.
Java is a beautiful programming language and very satisfying to program with.
I use Apache Tomcat to serve up MySQL database access via Java Servlets. My Tomcat configuration uses OpenJDK.
The applications, Applets and Servlets I write need zero-modification to run on Linux and Windows. My customers are using OpenJDK and Oracle's own version, seamlessly on Windows and Linux.
Dan's argument seems to be an emotive finger pointing exercise: Look they have updated Java. Told you it was insecure!
Dan, your article lacks a professional Journalistic feel and in my opinion undermines theregister.co.uk's credibility.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
