How big a security risk is Java? Can you really quit using it?

[JMH]

Summary: As OS vendors get better about patching their own flaws, malware authors are increasingly turning to third-party code to get their dirty work done, and Java is high on the list. It’s easy to say, “Just don’t use Java,” but what if a program you use requires it? I’ve got a list of problem apps and solutions.

The criminals who successfully infected 600,000 Macs with the Flashback malware (aka Flashfake) could just as easily have trained their guns on Windows or Linux users.


That’s the problem with exploits that target vulnerabilities in cross-platform runtimes like Flash Player and the Java Runtime Engine (JRE). Even if your operating system is fully up to date, an unpatched vulnerability in that third-party code can lead to havoc.

http://www.zdnet.com/blog/bott/how-big-a-security-risk-is-java-can-you-really-quit-using-it/4749

 

[Patrick]

It's really a shame. The amount of malicious redirects and just malware attacks in general that happen based off of flash / java is quite high. Noscript has done a great job for many years now for me.

 

[Corrine]

Yes, you can quit using Java. My computer has been Java-free for a long time. Do You Need Java?

BTW, coming your way on "Patch Tuesday": Oracle Java Critical Patch Update - June 2012

This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This Critical Patch Update contains 14 new security vulnerability fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

 

[marsmimar]

Yes, you can quit using Java. My computer has been Java-free for a long time. Do You Need Java?

Same here. Removed Java about a year ago and haven't missed it.