Dangers of running Java in a secure computing environment

Java is a programming language and computing platform first released by Sun Microsystems in 1995, and now owned by Oracle. It is estimated to be installed on 850 million personal computers and on 3 billion devices worldwide, including consumer electronic and mobile devices. As the installation base of Java software has grown and become more widespread, cyber criminals have escalated their efforts to attack weaknesses in the software. Kaspersky Lab, a Russian antivirus company, estimates that half of all cyberattacks in 2013 were directed at Oracle’s Java software. Cisco, in its 2014 Annual Security Report, indicated that in 91% of observed attacks during 2013, the final payload was a Java exploit! This is just as true today.

Recent successful attacks have once again highlighted the risk of having Java software installed. Even though Oracle releases patches when security flaws are found, many successful attacks are against undiscovered flaws, also known as zero-day exploits. As a result, the Department of Homeland Security has issued a strong warning stating: “Unless it is absolutely necessary to run Java in Web browsers, disable it. This will [also] help mitigate other Java vulnerabilities that may be discovered in the future.”

Our recommendation is that if you don’t need Java, remove it. If you need help sorting this out within you network of computers, please call us at 517-679-3302 for assistance, or email your request to info@MakingTechEasy.com.

Scroll to Top