September 03, 2012, 9:18 PM —
flickr: Kreative Eye - Dean McCoy
Is it time to give Java the boot? Experts say yes.
Java, the programming language designed to make the web fun and interactive, has become one of the weakest links in a PC's and Mac's defenses against external threats. Consider the most recent Java vulnerability, a weakness currently being exploited by malware distributors: When Oracle, Java's maker, released an emergency update to fix the software, security analysts reported that even the hot-off-the-presses code contains additional vulnerabilities.
But the most recent security problems with Java are far from unique. Security firm Sophos, for example, blames underlying Java vulnerability for attacks by the Flashback malware last April that infected one out of five Macs.
The risks don't outweigh the rewards, security experts say. "I'd say 90% of users don't need Java anymore," says Dominique Karg, the founder and chief hacking officer of AlienVault, a security software company. "I consider myself a 'power user' and the last and only time I realized I had Java installed on my Mac was when I had to update it."
If you own a PC you know that nagging feeling of insecurity when you're asked to update your Windows PC for the umpteenth time. It may only be moderately disruptive, but it's a monthly reminder that your computer, and the personal information contained therein, remains a target for criminals.
Over the years both Apple and Microsoft have hardened their systems' defenses. The Mac operating system has been near-bulletproof to vulnerabilities, and the company no longer ships new devices with Java preinstalled. Microsoft has made a full-court press to eliminate operating system-level vulnerabilities since the Conficker worm outbreak in late 2008, and no comparable worms have attacked Windows systems since then.