Have you uninstalled Java yet? Here are 14 new reasons...

Have you uninstalled Java yet? Here are 14 new reasons...

Summary: All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

SHARE:

If you still haven't uninstalled Java to reduce the attack surface on your computer, here are 14 new reasons from Oracle Sun.

A new version of the Java SE has been released to patch 14 documented security vulnerabilities, some serious enough to let hackers remotely install malware on vulnerable machines.

"All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," Oracle warned in an advisory.follow Ryan Naraine on twitter

[ SEE: Microsoft reports 'unprecedented wave' of Java malware exploits ]

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible."

Security vendors are reporting an "unprecedented wave" of Java malware exploits.  Exploits for known Java vulnerabilities have been fitted into the most widely distributed exploit kits, allowing Java to surpass Adobe Flash Player and Adobe Reader as the most commonly exploited Windows third-party desktop software.

[ SEE: Ten little things to secure your online presence ]

As I explained here, it's hardly likely that you will miss Java on your machine.  If you do run into the random banking app that requires Java, you can always reinstall it but I haven't had Java on my machine for more than a year and I never miss it.

Here are the official uninstallation instructions from Oracle Sun.

Topics: Open Source, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

70 comments
Log in or register to join the discussion
  • RE: Have you uninstalled Java yet? Here are 14 new reasons...

    Reason #1 to keep Java...Minecraft! Of course, as the article indirectly mentions, the best defense actually is to dump Windows.
    dequire
    • Sorry, but no

      @dequire

      This is like saying to kill the patient and preserve the liver in a jar of formaldehyde to preserve it before cancer sets in.

      Perhaps you forget that the biggest Linux distro - Android - is attacked all the time from Google's own marketplace, not to mention that Koobface Linux variants are already rampant on Facebook, and those are ALL programmed in Java.
      Joe_Raby
      • RE: Sorry, but no

        @Joe_Raby Linux wasn't even mentioned by dequire. The alternative OSs might also be Mac OS X, a BSD or Solaris. The fact is that these alternate OSs provide a safer environment from which to run the Java platform than does Windows because most Java exploits target Windows. In addition, most Linux distros and BSD variants now include OpenJDK in their repositories and use it by default. As a result, OpenJDK will be updated by whatever package management system the OS employs (just as Windows Update and Microsoft update do with .NET).
        Rabid Howler Monkey
      • RE: Have you uninstalled Java yet? Here are 14 new reasons...

        @Joe_Raby You are intentionally ignoring the fact that there are almost no remote exploits for Linux, almost all Linux malware are trojans. If the user lets it in, the security system can't do anything else than warn them.
        Natanael_L
      • RE: Have you uninstalled Java yet? Here are 14 new reasons...

        @Rabid Howler Monkey: Most Java exploits occur in Windows for two simple reasons:

        1) Because the Java implementation on Windows is particularly weak
        2) Because Windows is the biggest and therefore the most attacked platform on the planet

        The vulns in Java are Java vulns, not OS/Platform vulns.
        bitcrazed
      • RE: Have you uninstalled Java yet? Here are 14 new reasons...

        @bitcrazed wrote:
        "The vulns in Java are Java vulns, not OS/Platform vulns.

        Like I said, and I quote, "most Java exploits target Windows". Java exploits imply Java vulnerabilities and most Java exploits target the Windows platform. In reality, though, Java is merely used by the miscreants to get their foot in the door. Once inside, Windows binaries are used to finish the job.
        Rabid Howler Monkey
    • RE: Have you uninstalled Java yet? Here are 14 new reasons...

      @dequire ... Yes, JAVA is not secure ... so use our .NET instead !
      BrentRBrian
      • RE: Have you uninstalled Java yet? Here are 14 new reasons...

        @BrentRBrian Java is exploited much more than is .NET on the Windows platform. Most likely because .NET updates are managed by Windows Update and Microsoft Update. Many Windows users fail to keep Java updated on their systems.
        Rabid Howler Monkey
    • RE: Have you uninstalled Java yet? Here are 14 new reasons...

      @dequire
      agree. on linux you are safe from java exploits!
      The Linux Geek
      • RE: Have you uninstalled Java yet? Here are 14 new reasons...

        @The Linux Geek

        Using a non Oracle JVM and you're much safer from exploits
        the.nameless.drifter
      • RE: Have you uninstalled Java yet? Here are 14 new reasons...

        @The Linux Geek - Smoke break over back to the fry station Mr.
        ItsTheBottomLine
      • RE: Have you uninstalled Java yet? Here are 14 new reasons...

        @The Linux Geek - you have an Apple fanboi-like mindset there - an illogical and irrational belief that your chosen platform is immune to malware and has no exploitable vulns.

        Nothing could be further from the truth.
        bitcrazed
      • RE: Have you uninstalled Java yet? Here are 14 new reasons...

        @The Linux Geek - You're safe until you aren't. Your statement comes from misplaced pride and trust, not intellect. No O/S is safe from exploits. Ever.
        Rinzai
  • RE: Have you uninstalled Java yet? Here are 14 new reasons...

    As a Java programmer, it is not possible for me to remove Java from my computers.
    GraphiteCube
    • RE: Have you uninstalled Java yet? Here are 14 new reasons...

      @GraphiteCube As a Java programmer you obviously confuse "possible" with "advisable"/"being practicable". That's they very reason nobody's taking Java developers seriously.
      ff2
      • Apparently a lot of people take Java Developers seriously

        But then, you probably aren't capable of much more than addition, if that.
        ego.sum.stig
      • Nice nitpick about terminology

        @ff2

        But his point is sound: since he's programming in Java, he can't just remove it from his PC, or he wouldn't be able to test it.

        Kind of like if you were, say, an iOS app developer, but didn't own an iPod/iPad to test the app on. It would just be an exercise in futility.
        spdragoo@...
    • Fine, just uninstall the browser plugin

      @GraphiteCube
      I think these exploits are run in the browser, so if your browser cannot execute Java then you're probably OK.
      Zogg
    • RE: Have you uninstalled Java yet? Here are 14 new reasons...

      @GraphiteCube What you can do is block all your web browsers from accessing Java -- from starting Java Applets by their mime type etc. .<br><br>Has to be done individually and thoughtfully, but keeps your basic workstation Java without having it accessible by websites<br><br>p.s. pay no attention to the negative thinkers
      Narr vi
  • Ignorant people are too dumb to understand technology

    Seriously, asking people to uninstall Java just because you are too ignorant to know how Java works and how many applications and technologies depend on it i just plain ridiculous.

    Maybe we should uninstall Windows, Linux, iOS, Android and any software in the world .... because they have bugs and vulnerabilities.
    wackoae