FLASH: If you’re using Java, update it

As we’ve noted in previous posts on this blog (see Java-based Malware and Anti-Virus, Is it Needed for the Mac?), Java has been and continues to be a gateway for malware to enter your system regardless of OS.

If you’re running Java, there is a serious flaw that could compromise your system.  This flaw is only an issue with Java running within a browser (e.g., Internet Explorer, Safari, Chrome, etc), so standalone Java apps are not affected.   It permits external access to data on your system without authentication, which is an exploit found in malware on some websites.   It’s serious enough to cause the US Department of Homeland Security to issue a request users to temporarily disable Java.  The good news is that Oracle has delivered a fix (yet again).

You have two choices.  The safest choice is to simply disable it in any browser that you use.  Here’s a good article from Gizmo giving directions for various browsers.  Alternatively, you can disable its use in browsers via the Java control in the Control Panel (Windows) or System Preferences (Mac).

The other choice, assuming you need Java for some web-application that you run, is to update Java NOW.  On the Mac, if you’re running Lion (10.7) or Mountain Lion (10.8), unless you’ve added Java to your system, it’s not installed.  The same with Windows 7 or 8 (I don’t know about older versions).

To update it, go to the Java control in the Control Panel on Windows (for Windows 8, change view to icons from categories to easily see it) or click on the Java control under System Preferences for the Mac, then click on Update.  If you can’t find the java control, then you don’t have Java installed and never mind.

For more information, go to the Java update page.


  1. Dave Hamilton

    I’m really, and I mean REALLY struggling to come up with a good reason most people should have Java enabled, let alone installed on their systems. And I just graduated from a program where I had to write Java code on a regular basis. I think it’s been sandwiched by HTML5 and Flash on the web side, and app stores with corresponding native API’s on the client side. It just seems that their mantra of “write once, run anywhere” has fallen out of favor.

    I’m not asserting that Java is useless by any means, it is the language of choice for Android development and serves many other uses, I just think there’s no good reason to install it on a PC unless you absolutely know you need it. I stopped installing it after I graduated and haven’t missed it at all.

    By the way I’ve become a big fan of C#. It was basically invented by Microsoft to rip off Java, but ironically enough it is more open in many ways than Java. It’s not open source but it is an ISO standard unlike Java which frees people up to write their own compilers for other platforms. I mostly think it handles some common patterns in a more elegant manner than Java.

    The big fad these days are functional programming languages though. People love them cause they avoid many of the side effects of procedural and OO languages. I’ve never learned one though, and their syntax seems kind if funky as it’s based on lambda calculus which I am not at all familiar with.

    Not sure how I ended up going on about programming languages, but I thought you’d enjoy the discussion. 😊

  2. I believe you’re right about NOT requiring Java on Windows and Macs, especially on the consumer side. I’ve been running without it for quite a while without a problem. There are still a number of enterprise apps that run as Java-based web apps.

    One other comment, which you touched on. Java has always had two very different incarnations: A general-purpose programming environment and as an extension to web browsers to add programmability to websites. It’s the latter that has been where the issues typically lie and you’re correct, its been eclipsed by more modern and safer alternatives. The solution isn’t C# in my opinion. It might be an ISO standard, but it’s yet another opportunity to squeeze out non-IE platforms.

    One thing to make clear however: Java as a general-purpose environment IS Java’s sweet spot and doesn’t provide any more a security target than any other environment. It’s interesting that Linux OS and Java have become the de facto programming environment for embedded solutions, including most all devices including Android. Your TV’s set-to-box is running it, the smart TV itself is running it, heck I have a golf watch that runs it.

    One other comment: Java was developed and groomed by Sun Microsystems. Since Oracle purchased Sun in 2010, its not clear what the longer term prognosis will be for Java, since its no longer a labor-of-love, but will need to meet hard revenue and profit targets.

    BTW: I saw the former CEO Scott McNealy given a keynote at CES in 1999. He wore a watch that he claimed was a Java powered watch. In ’99, that seemed fantastic! It’s interesting to me that I now use one to leverage GPS to determine distances on the golf course.


  1. FLASH: Apple has disabled the latest Java update from Oracle « The Family HelpDesk

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: