Oracle Announces Plans to Depreciate Java Plugin
Published by John on January 29, 2016 Under Computer RepairThis week, Oracle announced plans to remove the insecure Java Browser Plugin. Starting in JDK9, the plugin will be depreciated and at some point in the future, removed.
They spin this move as a response to “modern browser vendors working to restrict and reduce plugin support in their products”, which while not technically in correct, glosses over the fact that the Java web plugin is highly insecure and in its heyday was a leading cause of infection before browsers, like Firefox/Chrome, started proactively disabling it to protect their users.
While this is great news, or will be in several years when they actually remove it, it doesn’t mean the browser plugin is going away anytime soon.
Unfortunately, many of those that already have Java installed do not update it and it isn’t uncommon to see old versions like Java JDK 6 on peoples computers. So, for these users who already have the Java web plugin installed, it may still be active in Internet Explorer(at least until they get a virus and someone cleans their computer.) There are also a number of applications that don’t support newer versions of Java, so especially in a corporate environment, it is not uncommon for an App to require an outdated version Java like 6 or Java 7, which is even more insecure than your average Java install.
Java itself isn’t going away either and has traditionally been a popular tool used by malware/virus makers to infect computers. I have often seen .jar files when cleaning up infections as the payload of the virus, although according to a report by Mcafee there has been a downward trend of Java infections when comparing leading exploit kits in 2014 to 2015. And of course, Java itself has a poor track record of having vulnerabilities in it, which is why unless explicitly needed, it is better to remove/uninstall Java whenever possible.
Next up, if once Adobe Flash is gone, along with Adobe Reader, the online world would be a lot safer!
No Comments |
Add a Comment