Last Friday (Jan 11) the US Department of Homeland Security announced that computer users should either disable or uninstall the popular browser plugin Java, at least until Oracle patched a vulnerability that allows for remote code execution. Like many such security bulletins, the announcement came as hackers were already taking advantage of the weaknesses to compromise unknowing web user’s computers. Yesterday I had the opportunity to sit down with my friends at WBIR and WTNZ to discuss what Java is, and why we should care about the patch.
Late in the day Sunday, Oracle actually released a patch for Java 7 that it said would close the holes in their browser add-on, however security researchers are saying that it fell short of totally resolving the problem. This begs the larger question of whether you should just uninstall it altogether. I mention in the video that users should try removing it and see if they find things that don’t work (my home machine hasn’t had it installed since I reloaded the OS who knows how long ago… and I hadn’t noticed, and frankly I haven’t seen issues since uninstalling it from my laptop); if things do not work afterwards, you can always just install the latest release from Oracle. Apparently DHS agrees. This follows with the idea of if you don’t need it… don’t have it on your machines. In the end, that’ll be one more piece of software you won’t have to worry about leading to the compromise of your computer in the future.
–Dan Thompson