If you need Java, use this one instead

If you need Java, use this one instead

Summary: My ZDNet colleague Ed Bott has exposed some icky practices at Oracle regarding their monetization of the end-user JRE install. Here's a better Java option for you to check out and some considerations for the future that the industry might want to look at.


Oh man, when it rains, it pours.

Forget the Java installable on Java.com. This is the one you want instead.
(Screenshot by ZDNet)

Today, my ZDNet colleague Ed Bott published a scathing investigative report of how Oracle partners with shovelware companies in order to monetize the distribution of the Java JRE.

Given that I work for a company that competes with Oracle in the software development arena with its own programming languages and various other software products, I don't want to give the impression that I am slamming a competitor by endorsing Ed's article.

However, strictly from a personal standpoint, I am shocked that a wealthy company such as Oracle would seek to monetize Java in such a fashion when its licensing efforts are (almost certainly) far more lucrative than collecting perhaps 30 cents (or even less) for every Ask.com install side-loaded on an end-user desktop as a result of each Oracle Java JRE install.

I do feel that Ed's investigative work speaks for itself and as an end user, you should be thinking very carefully about whether or not you should be installing Java on your system given the knowledge that he has now supplied you with.

You should also be aware of advisories from Homeland Security in recent days that detail vulnerabilities in the software you should be legitimately concerned with if you have PCs with the software installed.

That being said, if you must use Java, do not use the one that comes from Java.com, which is the variant that includes the shovelware install that Ed has written about. Instead, use the one that software developers use.

Specifically, you want the Java SE Runtime Environment 7, for x86 Windows 32-bit (offline install) as depicted in the header graphic of this article and linked above. This is the one that includes the required plug-in to make the 32-bit versions of Internet Explorer, Chrome, and Firefox work with web pages that use Java Web Start (JNLP) apps.

What's the difference? Well, this one is targeted toward software developers that write applications written in Java, versus end users who install Java because they are prompted by any random web page that says they are missing a required plug-in.

The JRE code that it uses is identical, but the installers are quite different. The software developer version does not have the tricky shovelware installer that Ed has written about.

While we are on the subject of JREs, I'd like to point out there are other implementations of Java that the industry should consider using going forward if Oracle's icky practices like those that Ed describe continue along with said security vulnerabilities.

Firstly is OpenJDK, which is an open-source project that is sponsored and hosted by Oracle but has the participation of individual contributors and other companies that include IBM and Red Hat.

At the moment, there is no pre-baked Windows installer for OpenJDK of current vintage, but it would not be a significant effort for one of the open-source groups that was interested in an independent JRE installable implementation to spin one of these every time a major patch release of Java comes out.

The next is IBM's own J9, which is a high-performance Java 2 SE/J2EE JRE that is distributed with the company's various enterprise software packages that use Java, such as Websphere and the Lotus Notes client.

IBM does not distribute an easy end-user Windows installer for J9 on the web that just works out of the box, but it does distribute it as part of its Eclipse Developer Kit.

As a former IBMer, I know this software works perfectly well with Java Web Start apps, and it would not be a significant effort for IBM just to package this up with no implied end-user desktop support to garner good will.

What's in it for IBM, you say? Happy customers.

There are also third-party "Java-like" VMs which contain no actual Java code and are not Oracle Java certified that the industry might consider porting their apps to if the security and ethical distribution of Oracle's JVM becomes an ongoing concern.

One is Apache Harmony, which is what Google's Dalvik VM in Android was originally based on. Harmony is currently in a stable milestone release that dates back to 2010. Apache halted development on Harmony in 2011 when IBM lent its support to OpenJDK instead.

I have not done enough testing with Harmony to know which JNLP apps work and which ones do not, so your mileage may vary. While the software is no longer actively developed, there may now be renewed interest in the project given recent security concerns with Oracle's own JRE code.

A second option the industry may wish to pursue is Dalvik itself. Given the popularity of the Android OS in mobile, it would not be a stretch nor a wasted effort to start an open-source project that uses Dalvik as the basis of a "Java-like" VM for the purposes of launching re-compiled Java applications in a browser on desktop OSes that run using Dalvik bytecode.

Ultimately, I would like to see Google lead this effort, perhaps as part of the overall Chrome/Chromium browser project.

Should the industry pursue alternatives to Oracle's own JVM for running Java applications on the web? Talk back and let me know.

Topics: Oracle, Google, IBM, Open Source, Software Development, Windows


Jason Perlow, Sr. Technology Editor at ZDNet, is a technologist with over two decades of experience integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. Jason is currently a Partner Technology Strategist with Microsoft Corp. His expressed views do not necessarily represent those of his employer.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Quick, someone call the police

    "The stolen version of Java exists in Android but from a consumer PC perspective Java is gone for good, one less installation to worry about."

    Thefts need to be reported.
    • Silly wild comment

      Do you have any thing intelligent to offer
      Van Der
  • BTW - Apache Harmony is retired

    "Apache Harmony is retired at the Apache Software Foundation since Nov 16, 2011. "
    • read it next time

      "I have not done enough testing with Harmony to know which JNLP apps work and which ones do not, so your mileage may vary. While the software is no longer actively developed, there may now be renewed interest in the project given recent security concerns with Oracle's own JRE code.`"
  • microsoft...

    had a version of java until sun made them give it up.
    • It wasn't pure Java

      There were some incompatibilities (as there was with everything MS did those days *cough*IE6*cough*).
    • Sun didn't make them....

      Microsoft got into a licensing argument over fees. MS included the JavaVM as a part of the OS. Sun wanted royalties, so MS unannounced removed the JavaVM during a software update. I remember freaking out when I discovered the patch removed the VM and no Java worked anymore. Sun had to scramble to get a JRE out and publicized quickly.
      Thomas Kolakowski
      • Unannounced?

        Announcement: http://www.microsoft.com/About/Legal/EN/US/Interoperability/Java/FAQ.aspx

        Also, Sun -the company calling for a stop to MSJVM- ,scrambled to get a JRE out?
      • Also...

        MS was using Java in a Windows-centric model, which kinda negated the whole concept.
        • Er...

          Java was delivered to MS as a windows-centric deployment. That was the point. They (SUN) then went greedily after royalties in a classic bait 'n' switch and MSFT called their bluff. If people syill wanted a JVM, they could download it no problem, as I did from that day on...until recently and all the bloatware "offers"...
  • IBM java

    the last time i used IBM java, it was a lot faster than Sun/Oracle Java for the same tasks. i'd highly recommend it for server applications (i.e. it tends to not run graphical applications like the Minecraft client that well, but the minecraft server app is happy as shit)
  • Can Mokiki troll in blog?

    I did it. I flagged TracyMorgan. I feel bad, but at least he found work outside SNL.
  • Look before you click.

    If you don't want the useless Ask.com bar just opt out during the install.
    Oracle isn't the first and only company guilty of this and they definitely won't be the last. You should always look before you click.

    Java's dead anyways.
    • Not That Simple

      As Bott's article shows, one of the very sleazy things Oracle does is go ahead and install it anyway even though you opt out! How low is that?
      • That has not been my experience,

        however, I always choose an offline installer, due to having the need to install on many computers.

        However, when I last tried this, using the web installer, I saw, and unchecked the install of the extraneous stuff, and my wishes were honored. If they are not, however, another method that proves more than satisfactory is to use the Opera browser, for which there is no Ask toolbar, just as many other annoyance items have no equivalent piece of garbage for Opera.
    • I don't disagree with personal responsibility

      But you generally expect a company like Oracle to act like a company of it's size and stature, not like some shady no name freeware company. While annoying, I can tolerate crapware offers, even if they default to "Yes" when I first download the app, but to repeatedly try any shove it down my throat with every dot update is mom and pop. It's the automated equivalent of a company I buy one thing from calling me to sell another offering, I politely tell them not interested, and they call me back every few days to try and sell the same product. I could even tolerate yearly getting an offer, as I may change my mind over time (not likely in Ask's case), but the key phrase is "over time". And "over time" doesn't translate to the next Java dot update when I just opted out 2 weeks before.

      As mentioned, Adobe was headed down the same path, but apparently had some epiphany and changed their practices to more what you'd expect from a large, well known software company.
      • Well Oracle doesn't talk much with their Java Group.

        Oracle doesn't work with Java 7. We use Oracle 12 at work and mistakenly allowed Java to update to v7 and discovered to our horror that 7 doesn't work with their own software. Still doesn't!
        Thomas Kolakowski
      • Java Pop-ups

        Yes it seems to upgrade Java twice a day - the pop up keeps getting in the way of real work.
        Now, I wonder if there really is an alternative that works?
    • Good advice, but...

      ...it doesn't excuse the practice.
      John L. Ries
    • But...

      ...most end-Users don't even read the screen, they just click. When I look at most pc's that I work on, the end-user inevitably has three or four toolbars glomming a significant portion of their browser window.