Is it time to say goodbye to Java?

cyber attack

Java is a nearly-ubiquitous technology that has played an important role in the development of the Internet and cross-platform applications. It has offered a mature, net-savvy development framework for everything from high-end server applications and desktop applications (like OpenOffice) to mobile phones and interactive applications embedded in Web pages.

However, in recent months Java has come under fire. Java was once a fundamental technology included with almost every computer; however, Apple stopped shipping Java by default on new Macs almost two years ago, most Linux distributions don’t include Java by default, and even the latest versions of Windows don’t come with a stock Java installation. Why? Because, despite being a mature cross-platform technology, Java never really took off for desktop applications.

Worse, Java’s stature has been further cut down by a series of high-profile security exploits: the Mac-specific Flashback trojan relied on Java to spread itself, and (after months of apparent foot-dragging) database giant Oracle has just released a new Java update to patch multiple vulnerabilities currently being exploited by cybercriminals. Most recently, Java may also have been an attack vector in the 12 million iPhone and iPad device identifiers allegedly stolen from an FBI agent’s notebook earlier this year.

Is it time for everyday computer users to finally say goodbye to Java on their systems? How is that done? And what about people who have a legitimate need to use Java?

Nature of the beast

Java Logo

The Java situation is complicated — and is made more complicated by terminology. The security issues making headlines this week concern only a small part of the broader Java universe: It’s important not to paint with broad strokes and label everything related to Java as a massive security risk.

First, there’s confusion about what exactly is Java. Java is a programming language, like BASIC, Pascal, C, and C# (originally from Microsoft, now an open standard) and Apple’s Objective C. Programmers use Java to write programs, just like they’d use any other language. Java has actually been around more than 20 years, although it first started getting a lot of attention in 1995 when Sun released its first Java platform. Java is hardly a new kid on the block.

The idea behind Java was to create a high-level language with no platform-specific implementation dependencies. Rather than compiling to native code (say, for Windows, Mac OS or Unix) Java compiles to “bytecode” that runs on virtual machines. All JVMs are designed to run the same Java bytecode the same way, regardless of platform. That means a programmer can write a Java application that program should run on any platform with a compatible Java virtual machine. Voilà The Holy Grail of modern computing: a program that runs the same on every platform.

To put a Java application (or applet, as they’re called) into a Web browser, you need a third item: a Java browser plug-in. Like other plug-ins, a Java browser plug-in executes within a Web browser application and generally acts like an intermediary between the Java virtual machine available on the computer and the Java code on a website. Java plug-ins run applets in a security “sandbox” that’s supposed to prevent applets from doing anything harmful on a user’s system. However, the Java VM is a complicated system, plug-ins can be complicated, and Web browsers are enormously complicated. The interaction of these three Java components plus Web browser applications can have security implications — and that’s where we’re seeing the current spate of problems.

Notice what’s not a part of Java? JavaScript. Despite the unfortunate name similarity, the JavaScript client-side scripting engines built into modern Web browsers have nothing to do with Java. JavaScript has had its own share of security gaffes over the years, but turning off JavaScript will do nothing to protect users from security issues in Java — and vice versa.

Unplugging versus uninstalling

hacker keyboard

Complex modern software applications can have security issues at any step along the way. Java applications aren’t immune to security problems any more than applications written in other languages. No matter what language an application was written in, you need to hope that the developer updates its software promptly to close off security holes when they’re found. As development platforms and frameworks go, Java is actually in relatively good shape on the security front: After all, it’s had the better part of two decades to get its act together.

However, the so-called “drive-by” exploits involving Java that can compromise a person’s computer just by automatically loading a Java applet on a website rely on the Java plug-in. Plug-ins have long been popular targets of malware authors: Adobe’s Flash and Acrobat Reader plug-ins are also very common sources of security issues.

The good news is that these drive-by exploits can all be foiled by disabling the Java plug-in in your browser — no need to uninstall the Java runtime (or virtual machine). That’s handy if you do Java development or use one of the mainstream applications that do rely on the Java runtime:

  • Adobe Creative Suite 5.5 and 6
  • OpenOffice (and descendants like LibreOffice)
  • CrashPlan Pro
  • Wuala
  • Vuze (a BitTorrent client)
  • Runescape
  • Minecraft

That’s not counting specialized applications used by banks, universities, and corporations that rely on Java. For instance, anyone who runs software from Oracle probably needs Java.

Disabling the Java plug-in in browsers

Internet Explorer

You can disable the Java plug-in in every major Web browser without removing Java from your system.

Internet Explorer

Disabling Java in Internet Explorer is unnecessarily difficult. The United States Computer Emergency Readiness Team (US-CERT) offers detailed instructions for (mostly) disabling Java in Internet Explorer; however, they are not for the non-technical or faint of heart. A safer recommendation is to remove Java entirely (if you don’t need it) or switch to a different browser (like Chrome or Firefox) if you do.

To remove Java from Windows, go to Control Panel then Programs, find “Java” in the program list, and click Uninstall.

Firefox

  1. Choose Tools > Add-ons (or, in Windows 7 and Vista, click the Firefox button and choose Add-ons).
  2. Select the Plug-ins tab
  3. Find the Java plug-in in the list (it’ll have a name like Java(tm) Platform SE with version numbers).
  4. Click Disable.

Google Chrome

  1. Type chrome://plug-ins into the location bar and press Enter
  2. Locate the Java plug-in
  3. Click the Disable link

Safari (Mac OS X and Windows)

  1. In Safari, go to Preferences > Security
  2. Uncheck the Enable Java checkbox

Opera

  1. Type opera:plug-ins into the location bar and press Enter
  2. Locate the Java plug-in and click Disable.

Other options

Mac OS X Java Preferences

This is all fine and dandy for folks who don’t need Java on their systems, or who never need to use a Java applet on a Web page. However, if your situation or job makes Java impossible to avoid, here are some other options:

Use a second browser solely for Java

If you absolutely must use Java in a browser, consider dedicating a browser specifically to that task, and use another browser for all your other Web tasks. If you’re on Windows, you could use Internet Explorer for your Java-specific site(s) or pages (since Java is so fiendishly difficult to disable in IE), but install and use something like Firefox or Chrome (with Java disabled) as your primary browser for everything else. Similarly, there’s no reason you can’t run (say) Safari and Chrome side-by-side, one just for your Java needs, and the other for everything else. Be sure to set the browser with Java disabled as your primary browser, so it’s what opens when you click a link in email or a friend’s Facebook page. This setup isn’t ideal, but with a little care it can insulate you from risk without ripping Java out of your system.

Mac OS X

In Mac OS X, you can prevent Java applets from loading in all your Web browsers. Go to Applications > Utilities > Java Preferences, select the General tab, and uncheck “Enable applet plug-in and Web Start applications.” (Note: if you don’t have Java installed on your Mac, opening Java Preferences will prompt you to install it. Click “Not Now” to exit.)

Mac OS X is unique in that it will automatically disable Java applets in all browsers if users go 35 days without loading one. It’s a security measure Apple introduced for Mac OS X 10.6.8 and later in the wake of the Flashback trojan.

Is Java’s time done?

Java isn’t going to be going away anytime soon. It’s still used by some mainstream desktop applications, as well as a number of specialized apps, particularly in science and medicine. Moreover, Java is very much a leading technology for server software and mobile phones. Although Apple’s iOS doesn’t rely on Java, Google’s Android certainly does, and there are even hundreds of millions of feature phones in the world running it.

However, Java’s days as a de facto part of every major operating system seem to be over. Mainstream operating systems have stopped including Java by default, offering it only as an optional add-on for folks who need it.

Perhaps the saddest thing is that, for all of Java’s potential, few mainstream computer users will notice when it’s gone.

Deals

Want to learn to code? Udemy drops online coding courses under $13

Whether you’re embarking on a new career or are just looking for a fun new hobby, here are six of the best online coding courses on Udemy to get you started. With options under $20, it's surprisingly affordable.
Mobile

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.
Computing

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.
Computing

Enjoy Windows on a Chromebook with these great tips and tricks

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so in case you're looking to nab some Windows-only software.
Computing

USB4 will be the fastest and most uniform USB standard yet

USB4 is on the horizon and alongside a massive boost in speed it's also unifying with the Thunderbolt 3 standard to help finally create a singular wired connection protocol that all devices can enjoy.
Computing

The U.S. government plans to drop $500M on a ridiculously powerful supercomputer

The U.S. Department of Energy has announced plans to build a $500 million exascale supercomputer by 2021. The project, known as the Aurora supercomputer, is expected to boost research efforts in fields such as public health.
Product Review

4K and 144Hz? Yup, the Acer Predator XB3 will max out your gaming PC

The Predator XB3 isn’t for the faint of heart. But if you have a system that can push over 100 frames per second in 4K screen resolution, this monster of a monitor might be the perfect match for your overpowered gaming rig.
Buying Guides

Apple has powered up its iMac lineup, but which one should you opt for?

With new processors and graphics cards for both the 4K and 5K models, the iMac feels like a good option for creatives again. But which should you buy? Here's our guide to choosing the right Apple all-in-one for your needs.
Computing

HP spring sale: Save up to 58 percent on laptops, desktops, printers, and more

From now until March 23, the HP spring sale lets you take as much as 58 percent off of a huge range of laptops, desktop PCs, printers, and more, potentially saving you more than $1,000. We’ve rounded up a dozen of the best deals right…
Computing

Yes, Apple’s new iMacs look great, but they do have one glaring problem

With processors ranging up to the eight-core Core i9, the 2019 iMac update looks like a pretty solid upgrade to Apple's classic all-in-one. But hidden in the details of the product page, there's one outdated component Apple is holding onto.
Computing

Grab 1 terabyte of SSD storage for just $100 with this sale on Amazon

If you're looking for an excellent opportunity to pick up a 1TB SSD at a low price, Amazon has you covered with Samsung's 860 QVO 1TB 2.5-inch SATA III Internal SSD. It is an excellent offering for both multimedia enthusiasts and gamers.
Computing

The iMac finally got updated, but how does it compare to the Mac mini?

Apple announced a long-awaited update to the Mac mini. Thanks to the updated specs and increase in price, it's begun to creep up to the base model iMac. In this guide, we now put up the specs on the newest refreshed Mac mini against the…
Computing

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.
Computing

Great PC speakers don't need to break the bank. These are our favorites

Not sure which PC speakers work best with your computer? Here are the best computer speakers on the market, whether you're working with a tight budget or looking to rattle your workstation with top-of-the-line audio components.