Sophos Cloud Optix
A little over three months since the last update to Java, Oracle has released Java 6 update 26 for Windows, Linux and Solaris.
This update addresses 17 security vulnerabilities and one non-security-related bug. All 17 vulnerabilities allow remote code execution without authentication.
Oracle has rated nine of the flaws as a risk of ten out of ten. All but one of the vulnerabilities affect the Java Runtime Environment client software that runs in your browser.
We have seen great success among attackers using flaws in Java to exploit Windows computers, but also a broader experimentation with building malware that will run on Mac and Linux.
Unfortunately, Mac users will have to wait on Apple to release an update to address these flaws, as Oracle does not provide Java for OS X.
Windows, Linux and Solaris users can download the latest Java from http://java.com/en/download/manual.jsp?locale=en.
If you haven’t already, I recommend testing out your standard OS images without the Java plug-in. Most people aren’t using Java these days and it reduces the attack surface for exploits delivered over the internet.
Don’t confuse JavaScript with Java either; they are totally unrelated. Not installing the Java Runtime Environment (JRE) has no impact on your browser’s ability to render web pages that require JavaScript.
If you require Java, be sure that you deploy this update. If you aren’t sure it may be worth testing your images without it. The less software plugged into your browser, the harder it is for malcontents to exploit your users.
I run Win 7. I removed Java runtime a couple of years ago. Now my AVs do not pop up all the time telling me I'm infected. I play games, watch movies, use MS Office and surf all over the net. I still haven't encountered any probs from not having it so I truly do not know what it is used for. All I know is I don't get infections any more and I can thank dumping Java for it. Excellent advise on your part.
If you run Microsoft EMET 2.1 and add the java exe's to the program, you will no longer have those problems. EMET is a tank, and (up to now) rock solid.
I teach online using Blackboard's WebCT Vista learning management system, and it unfortunately requires Java. 🙁
Consider Java runtime a spyware or a magnet for dubious software. is not a good piece of software, and, yet these companies disguised us for year to depend on it. Well they are worng…I dumped W7 a while ago for OS X and I haven't had any problems with Java in that fashion. the less we use middleware Java, the least the malware problem we will have in the future.
You may be better advised to consider the Windows OS and Adobe Flash and Adobe Reader magnes for dubious software, spyware and lots of other baddies. Java is actually a runtime that allows the same softwre to run on different platforms. It is used to write software for all manner of applications and devices. You'd be surprised! Don't be lulled into thinking that just b ecause you uninstalled Java you can now relax . . .
I agree Jim. Anything that you can get rid of reduces your risk though. If you can remove Flash and Reader, go for it! Quality security software that is up to date, an up to date OS and the least number of up to date applications is ideal.