Last week something a bit unusual happened; Java was found to have a serious vulnerability. Ok, stop laughing, Java has obviously had many serious vulnerabilities over many years, what’s different this time though is that the US government’s Computer Emergency Response Team (CERT) took the unprecedented step of telling folks to stop using it altogether.
Here’s the word from Homeland Security:
Due to the number and severity of this and prior Java vulnerabilities, it is recommended that Java be disabled temporarily in web browsers
This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. We are currently unaware of a practical solution to this problem.
Ok, so that’s not great and for me, it’s the final nail in the coffin. I say final nail because I’m well aware of the reported risks but until now, simply hadn’t been driven to the point of uninstalling Java. When I finally got down to thinking about it, I couldn’t put my finger on what sites I actually used that required Java in the browser. Oh sure, I know the damn thing pops up every other week with a security update but other than that, I rarely, rarely see it.
So on the weekend I nuked it. Gone from my 2 Windows 8 machines, gone from my Windows 7 machine, gone from my wife’s MacBook Air. So did this mean the web became unusable? Or was it business as usual, only more secure? Here’s my experience.