So another day, another Java vulnerability. Before we go on, if you’re not actually using Java for anything then uninstall it right now from your computer - or at the very least disable the browser plugin. Go ahead, I’ll wait.
Done? Good.
Much like the problems that surrounded Microsoft’s Windows XP prior to Service Pack 2, the problens with Java have reached critical mass - even Oracle themselves are finally waking up to this fact. The question is: what are they going to do about it? The Java Runtime Environment has had a history of problems that makes me think the whole codebase is an unstable mess of bugs and security holes just waiting to be exploited, the famous Java sandbox has been found to leak like a sieve and I think the time has come for Oracle to put major effort into freezing further development of the Java environment until the current system has been completely re-worked.
You know, a lot of people criticised Microsoft in the past for their slapdash approach to security and deservedly so. They were constantly badgered about the state of many of their products until they finally woke up and did something about it.
Oracle’s been asleep at the wheel while flaws in their product have allowed attacks to happen at Facebook, Microsoft and Apple, not to mention all kinds of legal, health and other kinds of business software that relies on the Java framework, and those guys handle the data from a lot of us these days between them so this is an issue that has the potential to affect all of us, whether we use Java on our own computers or not. Isn’t it about time we took the same approach with Oracle that we did with Microsoft?
And if you didn’t really remove Java from your computer, go back and do it now.