Computer Help forum

General discussion

Java: What is it? Do I really need it? Is it safe?

by Lee Koo (ADMIN) CNET staff/forum admin / April 12, 2013 8:49 AM PDT
Question:

Java: What is it? Do I really need it? Is it safe?


I have been reading from one source that Java is losing the battle with the security "holes," and the recommendation was to disable it or "unload" it from the computer completely. So that's what I did. I have not noticed any problems with not having it. I do understand it could interfere with some things when surfing in browsers. And that some of the free "word" programs won't function without Java. So what to do? Bottom line, do I need it? Is it better to be without it? Is it safe? And are there alternatives? Nowadays security is very important. Thanks.

-- Submitted by Jean
Discussion is locked
You are posting a reply to: Java: What is it? Do I really need it? Is it safe?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Java: What is it? Do I really need it? Is it safe?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Need Java too!
by jijo272 / April 25, 2013 12:29 AM PDT
In reply to: Need JAVA

I like to play pogo games and Mahjong Garden, my favorite, can't be played without Java. However Mahjong Safari can be played without it. It's crazy, but I'l not going to reinstall Java until it's save (if ever).

Collapse -
java bottom line
by bnp37 / April 21, 2013 10:58 AM PDT
In reply to: Bottom Line...

Now there is a post that answers the questions in understandable language. thanks very much

Collapse -
Uninstall Java, then test
by Jim Johnson / April 12, 2013 11:37 PM PDT

If an application needs Java, it will tell you so. Then (if) when you reinstall, you will have the latest, and for the moment, most secure version.

I already know that I have a couple regularly used apps that need Java, so I have the latest version installed. I doubt most people need Java installed.

BIG NOTE: Java is not the same as JavaScript. A simplified explanation is Java is for code running on YOUR PC. JavaScript is for code running on a remote web server. With JavaScript your browser is displaying the results of that code running on someone else's system.

Collapse -
Javascript - Jim Johnson got it wrong.
by markfilipak / April 19, 2013 11:58 AM PDT
BIG NOTE: ...JavaScript is for code running on a remote web server is wrong, wrong, wrong. Javascript runs on your system, in your browser.

In theory, Javascript is entirely safe because it includes instructions that can alter only the text, graphics, and appearance of the web page that delivers the script. It can't get to your hard drive or to any other part of your computer. However, in practice, a malicious Javascript can exploit flaws in the underlying operating system (like MS-Windows).

For example, I investigated the very severe Bagel rootkit virus and found that it exploits a memory management flaw in Windows XP. It creates a multi-megabyte-sized array (a type of data structure similar to a matrix) of particular design that is crafted to overflow it's memory allocation so that, for the overflowing part, it acts as a program so that it's subsequently run by Windows XP. That overflowing part, when run by Windows XP, 'phoned home' (so-to-speak) and loaded a key logger that intercepts keystrokes looking for passwords to on-line banks. That was the toughest virus I've ever encountered and it took me 4 months to finally eradicate the last of it.

The fault was not in Javascript. The fault was in Windows XP memory management. But without the Javascript, that memory management flaw would probably have never been exploited. BTW, Bagel was a 'drive-by' virus: a virus that's picked up even if you don't click on anything in the infected web page.
Collapse -
Yep!
by JCitizen / April 19, 2013 2:08 PM PDT
Cool
Collapse -
You DO need Java
by 2dogday / April 19, 2013 8:23 PM PDT

If you play games online, you need Java, because nearly all of the games use Java rather than HTML. I've played a few online games, and most of them run very fast, even Solitaire. In all the years I've been on the computer, I've never had any problems with Java, and I have loaded all of Java's updates, which, btw., are mostly short, and do not take up much room on the ol' HD.
.

Collapse -
Keep it updated if you use it
by capoderra / April 13, 2013 7:03 AM PDT

I read an article that recommends disabling the java plugin in your web browser (i use Google Chrome) and only enable it when you run website that needs it. I need it for online banking during a verification process. Libre Office needs it too. I heard that people get infections through outdated Java versions, so I would follow the advice above that recommends disabling the updates.

Collapse -
Typo?
by tumbleweed_biff / April 19, 2013 4:26 PM PDT

"I heard that people get infections through outdated Java versions, so I would follow the advice above that recommends disabling the updates."

I think you meant "I would NOT follow the advice above that recommends disabling the updates?

Collapse -
Umm.....
by lennylampert / April 20, 2013 2:14 AM PDT

" I heard that people get infections through outdated Java versions, so I would follow the advice above that recommends disabling the updates."

That's illogical. I believe you mean to say that you would follow the advice above that recommends NOT disabling the updates.,

Collapse -
Re: Java
by Kees_B Forum moderator / April 13, 2013 7:58 AM PDT

Java is a programming language from Oracle (they bought it when they bought Sun) and (in Windows) you only need the Java runtime evnvironment (abbrevated as JRE) if you're running a program that has been programmed in that language. If you aren't running such a program you don't need it.

The most common use of Java that you'll notice is that it can be used to write small programs (nicknamed applets) that run inside a browser and are loaded on your PC if you load the webpage that includes them. But that's quite rare nowadays, and my guess is that 80 or 90% of all Windows users never go to such a webpage. So that 80 or 90% don't need Java.

It's like Shockwave. That is (like pdf and Flash) a program by Adobe. While practically everybody reads a pdf-file once in a while, so has a pdf-reader installed (from Adobe or Foxit or Nitro, or integrated into a webbrowser), and most users visit a site that uses Flash once in a while, so have Flash installed, visiting a website that uses Shockwave is an exception. So most users don't have Shockwave installed.

It can be considered good practice to have no Java runtime environment on your PC if you don't need it. If you need it, you'll get a clear error message inviting you do download and install it. If you trust the site that asks you and want to run the 'applet' that needs it, you can do it and enable it. Alas, no browser I know has the ability to limit the use of Java to a limited set of sites you specifiy and exclude other sites of using it.

Kees

Collapse -
Safari got an update =)
by NOSFERATU75 / April 19, 2013 11:50 AM PDT
In reply to: Re: Java

Just wanted to mention that the new version of Safari that just got released will let you select the websites to allow the use of Java and will block all others.

Collapse -
Java is used...
by RonG6 / April 19, 2013 2:07 PM PDT
In reply to: Re: Java

It is used in various live stock market programs. It is a trim fast way of making all taht complex data run live. If you have a Scottrade account, It needs Java to run its real time stock quote grid that shows everything moving.
Im sure many other real time platforms use it.
- R

Collapse -
Useful only if you day-trade.
by richteral / April 21, 2013 8:03 PM PDT
In reply to: Java is used...

Real-time prices are a tool for scalpers trading futures, hardly anyone else. Unless the retail customer (aka muppet) wants to get mesmerized by the flickering screen and dazzled by the nimble action of HFT engines gorging on his 401(k).

Collapse -
Re: Java
by rattankp / April 19, 2013 8:45 PM PDT
In reply to: Re: Java

As an addendum to what Kees_B has written:
A Government website which I use regularly requires JRE. As he says, you cannot limit the use of Java to a set of sites - so I use 2 browsers. One which has Java (IE) and one where Java is blocked (Firefox with NoScript running).

Collapse -
Helpful response
by markandcheryl / April 19, 2013 9:31 PM PDT
In reply to: Re: Java

Good reply, thank you Happy

Collapse -
wrong post sorry
by markandcheryl / April 19, 2013 9:36 PM PDT
In reply to: Helpful response

for some reason that went in the wrong place, my response was to rocket motor tests post ' java is fairly secure but only install the programs you need' sorry about that .

Collapse -
Java is fairly secure, but only install programs you need
by RocketMotorTest / April 16, 2013 12:48 AM PDT

As briefly as possible: Java is a software development and deployment platform. You need it only if you run applications that require it.

The security flaws in Java are, in my opinion, greatly over-hyped. Other software people use on a daily basis, such as Firefox, Chrome, Flash, Windows itself, and really pretty much all software routinely have similar security vulnerabilities and receive regular updates. Most people don't bother to read what the updates are, but if you investigate the release notes or associated articles the next time you have updates pop up for Windows, Firefox, Flash, or pretty much any other program, you will see that these sorts of vulnerabilities, although certainly undesirable, are not at all uncommon.

In fact, in my opinion, it speaks well of Java's security that the media do make such a big deal when vulnerabilities become known. Microsoft releases updates for Windows every single month. Security updates are still released for Windows XP every month even though it has been in the field for 12 years now. The media doesn't bother to report such things because they are so routine, but no less serious.

As a rule, however, only install software you need. That doesn't just apply to Java; it's a general rule. If you don't need it, don't install it. In security this is referred to as reducing the attack "surface area." Less software means less possibilities for exploit, regardless of what software that is.

If you need Java, any programs that require it will let you know. You don't have to worry about things mysteriously failing. Most applications will clearly state somewhere whether they require Java. At worst you would get a "missing plugin" placeholder in most browsers.

Also note that Java works in two different scenarios: regular desktop applications and as a web browser plug in. If you have desktop applications that require it but you do not need it in your browser, you can keep it installed but disable it in the browser for improved security. This can be done in the latest Java versions in the control panel. Just go into Windows Control Panel, click Java, then on the Security tab un-check "Enable Java content in the browser."

Most of all, check for and apply updates promptly. That goes for all software. I strongly recommend setting the update option to either automatically install updates or at least automatically check and notify you when there are updates. That is one of the most important things you can do with regard to security, and that goes for all software.

Collapse -
Quantitative findings
by richteral / April 17, 2013 7:31 PM PDT

Java cannot be easily dismissed as an over-hyped issue; just look up "WinPatrol v25 Learns Lessons from Stuxnet" (Bits from Bill blog; July 7, 2012), and scroll down to the Recent Exploits chart. It only provides data from 2011, but that will do. Java beats OS as a potential security threat by factor of ca 2.5, which is substantial.

There is a simple lesson there: Decide to use Java only if you MUST. "Need" is not strong enough.

Collapse -
Quantitative?
by RocketMotorTest / April 18, 2013 11:46 AM PDT
In reply to: Quantitative findings

Seriously? Quantitative findings? Granted it is a graph but it means nothing. What are the "detections" of? Individual files? Instances of multiple associated files that comprise an exploit? Number of infected web pages? Web sites? You say it is quantitative and yet it is not even clear what is being counted exactly, which could make a huge difference. Who is making these detections? Is this just WinPatrol or other anti-virus? Is there an interfering correlation in what security software people choose versus what type of exploits they are most likely to encounter? For that matter what is the user base they are sampling? How big is the user base they are sampling? Or are these just detections of some automated online crawling? How do we know how reliable the detection is? Were the threads supposedly detected actually applicable to the versions of software in use? How many exploits were actually successful? Unless you can answer ALL these questions, the graph is meaningless. It is only intended for marketing. Please do not present marketing gibberish as "quantitative findings."

Collapse -
Barking at the wrong tree
by richteral / April 18, 2013 5:16 PM PDT
In reply to: Quantitative?

All your questions should be presented to Bill Pytlovany - if they are serious, and not just an irrational outburst. He is a nice guy, and capable, so no doubt he would oblige. You could also ask him direct what he or anyone else might actually market through that particular graph. WinPatrol is not an AV.

To round up and get back to the real topic: With very few exceptions, Java has no place on a computer.
That is the message.

Collapse -
Reply to: Java is fairly secure, but only install...
by ahg / April 19, 2013 12:36 PM PDT

I find this comment to be the most logical one.
I do have Java installed since I have three huge HDs (My own build) and space
is no problem. I am active in Real Estate and many websites I visit need it. I
find that the updates are not all that frequent and they install mostly in
under a minute. I do not even monitor them anymore, when one flags me, I open
it and then it takes care of itself and disappear. How hard or annoying can
that be?
As for security, AVG I.S. is a very reliable software that has the qualities of
a blood-hound crossed with a pit-bull. I feel and I have been quite safe for
years.
I DO block some updates; I will not name them but I am referring to those who
are told to "notify me" but do not and instead wait in hiding until I
am loging off the computer at which time then pounce forward to download
pages of whatever without my review and approbation.
These got the locked door treatment and now I go and check them up when I am
ready, after having selected only what I feel happy downloading.

Collapse -
You don't need it ever!
by jv / April 19, 2013 10:55 AM PDT

It is unnecessary -not useful - dangerous.

Java should be removed and all systems sterilized.

Sounds funny coming from a Java enthusiast... Java has become rogue. Even Oracle is trying to get rid of it. Almost no corporations have done any serious Java development for the last few years.

Java is like Esperanto. It is an idea that failed.

Collapse -
No java development?
by tonydr / April 19, 2013 11:41 AM PDT

"Almost no corporations have done any serious Java development for the last few years."

Really? ever look at the percentage of java programming jobs offered?

Collapse -
Corporate Java use
by tumbleweed_biff / April 19, 2013 4:33 PM PDT
In reply to: No java development?

I am personally aware of two major corporations in my local city which routinely use and extensively Java for internal applications which deal directly with finance and billing operations. One is a financial institution and the other is a major player in telecom.

Please refrain from speaking when you are tempted to make things up.

Collapse -
"Java should be removede and all systems sterilized"
by tumbleweed_biff / April 19, 2013 5:04 PM PDT

Personally, I propose we do this to people who speak from total ignorance and can't be bothered to learn. Sterilize them so they can't perpetuate their ignorance.

Java is very useful and widely used throughout the corporate world. It is also very helpful and useful in working with "appliances" and other such things.

As another poster noted - go look at how many job listings are out there for competent Java programmers and then report back.

Collapse -
Java gone the way of Esperanto?
by tumbleweed_biff / April 23, 2013 11:11 AM PDT

Your contention that Java is dead flies in the face of the actual numbers of people programming with it. Following is the top 5 programming languages used by programmers world-wide. Please note that Java is in the second slot. For the person who said Python was the way to go, Python ranks 8th with but 4.4% of programmers using it.

Position
04/13 04/12 Language % Using Apr 2013 Delta

1 1 C 17.862% +0.31%
2 2 Java 17.681% +0.65%
3 3 C++ 9.714% +0.82%
4 4 Objective-C 9.598% +1.36%
5 5 C# 6.150% -1.20%

http://www.tiobe.com/index.php/content/paperinfo/tpci/

Collapse -
Java
by Babe78910 / April 19, 2013 11:12 AM PDT

i guess java is okay but when I upgrade to the latest I cannot run one of my programs, I have to uninstall it and reinstall my program. I will not be upgrading anytime soon. Kind of like microsoft, they don't want to make things work with your programs. They seem to think we are all made of money and can jsut keep buying new progrmas. Georgia

Collapse -
Problem with a legacy program?
by tumbleweed_biff / April 19, 2013 4:36 PM PDT
In reply to: Java

If you have a legacy program requiring an older version of Java, I have to wonder which version you had which was upgraded. You are one in a situation where you should install the latest version while keeping the old version in place. You would likely need to tell that application where the old Java version is rather than relying upon the path statement which would point it to the newer.

Collapse -
A necessary evil
by edwardsmark / April 19, 2013 11:21 AM PDT

unfortunately there are quite a few websites that still rely on java.

the good news is that ever since java 1.7, you get several security warning announcements before any java program is executed, and in some cases (like on firefox) you may not even see all the security warnings !

also, the decent browsers (firefox & chrome) lets you set the java security level.

bottom line: there simply is no replacement for java, yet. flash had just about all the functionality i need, but that's like replacing an old Chevy Vega with a Chrysler! and pray for html5 to replace java entirely.

Collapse -
Good Points
by zzyzx15zzyzx-12403 / April 19, 2013 11:52 AM PDT
In reply to: A necessary evil

wow - I had not considered that. very good point!

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?