Whenever I post a note here about an update to Oracle’s (formerly Sun’s) Java software, as I did last week, I try to remember to suggest that readers think about whether they really need Java at all, especially on their personal systems. Java has proved to be, over the years, a rich source of security vulnerabilities, at least in part because it is widely installed across multiple platforms (including Windows, Mac OS X, and Linux)., making it an attractive target. Also, unlike a typical application software package, installing a new version of the Java environment did not necessarily remove older versions that had been installed previously. (This was done, I think, because the definition of the language was evolving, and a new version was not guaranteed to be 100% compatible with an older one.) This meant that, although the updated software might fix security flaws, the old version, complete with flaws, was still there to be exploited. I first discussed the Java issue in a post back in October, 2010.
Ars Technica, on Friday, published an article on dumping Java, “Is Using Java on a Desktop Worth the Security Risks?”. The question is not solely rhetorical; Ars has invited readers to post comments addressing the following questions:
- Do you run Java at home and/or at work?
- If you’ve considered disabling Java but decided against it, what were your reasons?
- What Java-based functionality are you not willing to give up?
- For those of you who have disabled Java, what made you take the plunge—and have you ever regretted your decision when encountering software that won’t run without Java?
The editors intend to monitor the comments, and present a recap of the most interesting ones tomorrow (Monday, October 22). I am most interested to see the results.
Regardless of whether you wish to comment or not, the rest of the article has a good summary of some of the issues involved in deciding whether to keep Java, especially for businesses. It’s worth the (quick) read if this is something that affects you.
Random Walks 
[…] some additional information. (I didn’t know about this aspect of the update when I wrote yesterday’s post on […]
[…] Friday, I posted a note here about an article and informal survey at Ars Technica, on whether keeping Java on the desktop was a […]
[…] data base, such as PostgreSQL is used, the JRE is not needed. (I’ve posted here before about issues with using Java.) The project FAQ has more information on Java usage and […]