Skip to main content
  1. Home
  2. Computing
  3. Features

Is it time to say goodbye to Java?

By
cyber attack
Image used with permission by copyright holder

Java is a nearly-ubiquitous technology that has played an important role in the development of the Internet and cross-platform applications. It has offered a mature, net-savvy development framework for everything from high-end server applications and desktop applications (like OpenOffice) to mobile phones and interactive applications embedded in Web pages.

However, in recent months Java has come under fire. Java was once a fundamental technology included with almost every computer; however, Apple stopped shipping Java by default on new Macs almost two years ago, most Linux distributions don’t include Java by default, and even the latest versions of Windows don’t come with a stock Java installation. Why? Because, despite being a mature cross-platform technology, Java never really took off for desktop applications.

Recommended Videos

Worse, Java’s stature has been further cut down by a series of high-profile security exploits: the Mac-specific Flashback trojan relied on Java to spread itself, and (after months of apparent foot-dragging) database giant Oracle has just released a new Java update to patch multiple vulnerabilities currently being exploited by cybercriminals. Most recently, Java may also have been an attack vector in the 12 million iPhone and iPad device identifiers allegedly stolen from an FBI agent’s notebook earlier this year.

Related

Is it time for everyday computer users to finally say goodbye to Java on their systems? How is that done? And what about people who have a legitimate need to use Java?

Nature of the beast

Java Logo
Image used with permission by copyright holder

The Java situation is complicated — and is made more complicated by terminology. The security issues making headlines this week concern only a small part of the broader Java universe: It’s important not to paint with broad strokes and label everything related to Java as a massive security risk.

First, there’s confusion about what exactly is Java. Java is a programming language, like BASIC, Pascal, C, and C# (originally from Microsoft, now an open standard) and Apple’s Objective C. Programmers use Java to write programs, just like they’d use any other language. Java has actually been around more than 20 years, although it first started getting a lot of attention in 1995 when Sun released its first Java platform. Java is hardly a new kid on the block.

The idea behind Java was to create a high-level language with no platform-specific implementation dependencies. Rather than compiling to native code (say, for Windows, Mac OS or Unix) Java compiles to “bytecode” that runs on virtual machines. All JVMs are designed to run the same Java bytecode the same way, regardless of platform. That means a programmer can write a Java application that program should run on any platform with a compatible Java virtual machine. Voilà The Holy Grail of modern computing: a program that runs the same on every platform.

To put a Java application (or applet, as they’re called) into a Web browser, you need a third item: a Java browser plug-in. Like other plug-ins, a Java browser plug-in executes within a Web browser application and generally acts like an intermediary between the Java virtual machine available on the computer and the Java code on a website. Java plug-ins run applets in a security “sandbox” that’s supposed to prevent applets from doing anything harmful on a user’s system. However, the Java VM is a complicated system, plug-ins can be complicated, and Web browsers are enormously complicated. The interaction of these three Java components plus Web browser applications can have security implications — and that’s where we’re seeing the current spate of problems.

Notice what’s not a part of Java? JavaScript. Despite the unfortunate name similarity, the JavaScript client-side scripting engines built into modern Web browsers have nothing to do with Java. JavaScript has had its own share of security gaffes over the years, but turning off JavaScript will do nothing to protect users from security issues in Java — and vice versa.

Unplugging versus uninstalling

hacker keyboard
Image used with permission by copyright holder

Complex modern software applications can have security issues at any step along the way. Java applications aren’t immune to security problems any more than applications written in other languages. No matter what language an application was written in, you need to hope that the developer updates its software promptly to close off security holes when they’re found. As development platforms and frameworks go, Java is actually in relatively good shape on the security front: After all, it’s had the better part of two decades to get its act together.

However, the so-called “drive-by” exploits involving Java that can compromise a person’s computer just by automatically loading a Java applet on a website rely on the Java plug-in. Plug-ins have long been popular targets of malware authors: Adobe’s Flash and Acrobat Reader plug-ins are also very common sources of security issues.

The good news is that these drive-by exploits can all be foiled by disabling the Java plug-in in your browser — no need to uninstall the Java runtime (or virtual machine). That’s handy if you do Java development or use one of the mainstream applications that do rely on the Java runtime:

  • Adobe Creative Suite 5.5 and 6
  • OpenOffice (and descendants like LibreOffice)
  • CrashPlan Pro
  • Wuala
  • Vuze (a BitTorrent client)
  • Runescape
  • Minecraft

That’s not counting specialized applications used by banks, universities, and corporations that rely on Java. For instance, anyone who runs software from Oracle probably needs Java.

Disabling the Java plug-in in browsers

Internet Explorer
Image used with permission by copyright holder

You can disable the Java plug-in in every major Web browser without removing Java from your system.

Internet Explorer

Disabling Java in Internet Explorer is unnecessarily difficult. The United States Computer Emergency Readiness Team (US-CERT) offers detailed instructions for (mostly) disabling Java in Internet Explorer; however, they are not for the non-technical or faint of heart. A safer recommendation is to remove Java entirely (if you don’t need it) or switch to a different browser (like Chrome or Firefox) if you do.

To remove Java from Windows, go to Control Panel then Programs, find “Java” in the program list, and click Uninstall.

Firefox

  1. Choose Tools > Add-ons (or, in Windows 7 and Vista, click the Firefox button and choose Add-ons).
  2. Select the Plug-ins tab
  3. Find the Java plug-in in the list (it’ll have a name like Java(tm) Platform SE with version numbers).
  4. Click Disable.

Google Chrome

  1. Type chrome://plug-ins into the location bar and press Enter
  2. Locate the Java plug-in
  3. Click the Disable link

Safari (Mac OS X and Windows)

  1. In Safari, go to Preferences > Security
  2. Uncheck the Enable Java checkbox

Opera

  1. Type opera:plug-ins into the location bar and press Enter
  2. Locate the Java plug-in and click Disable.

Other options

Mac OS X Java Preferences
Image used with permission by copyright holder

This is all fine and dandy for folks who don’t need Java on their systems, or who never need to use a Java applet on a Web page. However, if your situation or job makes Java impossible to avoid, here are some other options:

Use a second browser solely for Java

If you absolutely must use Java in a browser, consider dedicating a browser specifically to that task, and use another browser for all your other Web tasks. If you’re on Windows, you could use Internet Explorer for your Java-specific site(s) or pages (since Java is so fiendishly difficult to disable in IE), but install and use something like Firefox or Chrome (with Java disabled) as your primary browser for everything else. Similarly, there’s no reason you can’t run (say) Safari and Chrome side-by-side, one just for your Java needs, and the other for everything else. Be sure to set the browser with Java disabled as your primary browser, so it’s what opens when you click a link in email or a friend’s Facebook page. This setup isn’t ideal, but with a little care it can insulate you from risk without ripping Java out of your system.

Mac OS X

In Mac OS X, you can prevent Java applets from loading in all your Web browsers. Go to Applications > Utilities > Java Preferences, select the General tab, and uncheck “Enable applet plug-in and Web Start applications.” (Note: if you don’t have Java installed on your Mac, opening Java Preferences will prompt you to install it. Click “Not Now” to exit.)

Mac OS X is unique in that it will automatically disable Java applets in all browsers if users go 35 days without loading one. It’s a security measure Apple introduced for Mac OS X 10.6.8 and later in the wake of the Flashback trojan.

Is Java’s time done?

Java isn’t going to be going away anytime soon. It’s still used by some mainstream desktop applications, as well as a number of specialized apps, particularly in science and medicine. Moreover, Java is very much a leading technology for server software and mobile phones. Although Apple’s iOS doesn’t rely on Java, Google’s Android certainly does, and there are even hundreds of millions of feature phones in the world running it.

However, Java’s days as a de facto part of every major operating system seem to be over. Mainstream operating systems have stopped including Java by default, offering it only as an optional add-on for folks who need it.

Perhaps the saddest thing is that, for all of Java’s potential, few mainstream computer users will notice when it’s gone.

Editors' Recommendations

Topics
Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
This Serta office chair is on sale from $360 to $230
The Serta Smart Layers Brinkley Manager Chair on a white background.

Are you on the hunt for office chair deals? Here's one that should help boost your productivity -- the Serta Smart Layers Brinkley Manager Chair for only $230, following a $130 discount from Lenovo on its original price of $360. We're not sure how much time is remaining before you lose the chance to get this office chair at 36% off though, so if you're interested in this offer, we highly recommend that you push through with the transaction as soon as possible. Any delay may cause you to miss out on this bargain.

Why you should buy the Serta Smart Layers Brinkley Manager Chair
For an office chair that provides both comfort and performance, you can't go wrong with the Serta Smart Layers Brinkley Manager Chair. It features five layers of foam with ComfortCoils that are individually wrapped, for the ability to provide relief on the critical pressure points of the body while maintaining pleasant temperatures even during extended use. The office chair's ergonomic design, lumbar support, and waterfall seat cushion makes it even more comfortable so you won't get body pains when your daily workload forces you to sit for several hours each day.

Read more
Best router deals: Save on mesh networks and Wi-Fi 6 routers
The Netgear Nighthawk AXE11000 Tri-Band Wi-Fi 6E Router on a table.

If you haven't bought a router in a while, now is really the time to do it, as a lot of modern routers are better suited to a world where you might connect several devices to one router at the same time. In fact, part of the new Wi-Fi 6 and Wi-Fi 6E standards is built around the concept of the Internet of Things and connecting to dozens of devices. That's great if you have a lot of smart home gear you need to connect without getting a ton of latency; plus, the newer standard helps with working around congested airwaves where everybody has some form of router and Wi-Fi connection running.
Of course, there are a lot of routers to pick from out there, and if you don't have a lot of tech-savvy, it can be overwhelming. That's why we've gone out and found our favorite router deals that will give you the best bang for your buck, and that includes mesh router deals too.

Best Router Deals
TP-Link Archer AX3000 -- $83, was $130

Read more
HP is practically giving away this QHD conferencing display
The HP Z24m G3 QHD conferencing display on a white background.

Not all monitor deals will get you a display that's designed for conferencing purposes. If you were hoping to get one for cheap, check out this offer from HP -- a $359 discount for the HP Z24m G3 QHD conferencing display that pulls its price down to a very affordable $150 from its original price of $509. This 70% discount will only be available for a limited time though, so if you're interested in this screen, there should be no hesitation with your purchase. Add it to your cart and push forward with the checkout process immediately.

Why you should buy the HP Z24m G3 QHD conferencing display
HP Z24m G3 QHD conferencing display is equipped with helpful conferencing features, such as a 5MP webcam and noise-cancelling microphones so that you'll look and sound crystal clear during your online meetings, and recessed speakers that are located within the screen's borderless frame to help you follow discussions closely. The monitor is also equipped with HP Presence, which will let you access conferencing solutions that enable seamless connections, meeting optimizations, and real-time insights.

Read more