Is Java On Its Way Out?
By Claudiu Popa | February 1, 2013
The development platform once hailed for its compatibility and ease of use, stability and security is now under attack on multiple fronts.
On one side, hackers around the world have systematized ways to breach its security with automated packages they’re distributing online. On the other, the U.S. government has come out and said that its current caretaker, Oracle, has been delinquent in fixing bugs and plugging security holes for years. Their solution: disable or uninstall it. If you must use it, turn it on then off again once you’re done.
This is serious business.
For a government to come out publicly to protect users is not unprecedented, but it’s a seriously damaging move to Oracle and means that people are abandoning the venerable development tool after decades of trust have allowed it to thrive on desktops and across all sorts of mobile devices.
Java is so easy to use that it’s the de facto standard for learning to program in schools. It’s so widespread that it’s considered to be installed in no less than 1 billion software plug-ins across a wide variety of platforms.
And now those plug-ins are endangering their users, systems and organizations.
The problem isn't new. The company has known about it for at least 18 months but chose not to do anything about it. Oracle's eccentric CEO has been busy buying chunks of Hawaii and associated properties while the company’s stock has seen a sharp see-saw ranging between $36/share and $26/share and back up again over the same period.
But other software has vulnerabilities, even recurring ones. What’s so special about this that it would warrant government intervention?
This means that the malware that’s out there exploiting Java’s weaknesses is doing so with impunity. There is nothing stopping it because Oracle has not released a fix. It promised. Repeatedly, but never came through.
Technically speaking, Java has a neat solution against security attacks. It segregates all the code it runs in a ‘sandbox’, siloing it away from the rest of the system’s memory and effectively doing its business separately from everything else on the computer. It’s worked well for years, except that breaking out of the sandbox became a bit of a game for hackers until they succeeded, and then they did it again in multiple ways, to the point where Java is so exposed that fixing it would impact the functionality of billions of pieces of software on as many devices.
Indeed, it’s not looking good for Java and it may never regain its status as the kind of interoperable development platforms.
In the meantime you should disable or uninstall it, both of which are easy to do on computers, but not so easily accomplished on mobile devices.
To uninstall it from your system, go to Control Panel and the Software or Programs icon will present you with the option to uninstall. If you absolutely need it, simply disabling it and re-enabling it may be an irritating way to preserve any semblance of productivity, so replacing its functionality may be the right approach for now.
Similarly, if your Web site makes use of it, now is the time to explore alternative ways to engage with users because even if Java makes a comeback, it will be with fewer followers and a damaged reputation.
Keep an eye out for a new patch that actually works (the last couple have been faulty) and wait until Java has been thoroughly tested by independent security experts before you consider reinstalling it. Tough times.