There have been several articles in the past few days discussing the Java Security flaw, and the subsequent fix by Oracle. A lot of these articles recommend removing Java, and basically inciting a fear of Java. As a Java developer, these blanket statements about Java obviously have me concerned. When assessing the threat, I think it is best to first understand what Java is and how it used, before purging Java from all computers.
Java is a programming language that was designed around the idea of being able to run on various Operating Systems and platforms, i.e. you can create a Java application and run it on Windows, Linux, Mac, etc. Currently, Java is used in three main ways. Firstly, it can be used on Web Servers, to run Web Applications. Secondly, it is used to create stand-alone desktop applications that you install on your computer. Thirdly, it is used to create applets, which are mini applications that you can run within your browser with the use of the Java browser plugin. According to Oracle, the security flaw, only affects the Java browser plugin, used for running applets in your browser: These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. See Oracle Security Alert for CVE-2013-0422 for full details. This means that Desktop Applications that use Java, like PWMinder Desktop, are/were not affected by this flaw and are still safe to use! Like all software, however, it is still important to keep Java up to date, and I would highly recommend to update to the latest version of Java (Java 7, update 11 – at the time of writing this article). The update can be downloaded from Oracle’s Java Website. Even if after updating, you are concerned about the security of the Java Browser plugin, you can disable Java content in the browser, while still being able to run Desktop Applications that use Java. To disable Java in the browser, open the Java Control Panel (can be found in Windows Control Panel), and click on the Security tab. Then un-check the Enable Java content in the browser, checkbox: