Java & Security

I use Java for creating software; however, it has been in the news lately because of potential security risks. So what does this really mean?

Well, first of all Java is very widely used – it has been around for a long time and it is cross platform, so it will work on virtually any device; it will even work in a washing machine or other appliance. However, because it is so widely used there are lots of people who want to find ways to use it to steal information from your computer. Java can also be used to write applications that run in your web browser, or applets,  which means that visiting a website where there is an applet could put you at risk.

On the other hand, there aren’t really any realistic alternatives to Java. The fact that it is cross platform and widely used are essential features. One reason I have decided not to start making  mobile apps is because of the need to develop different versions for each different operating system; it’s simply too time consuming.  Being able to write a program that will run on any computer that has the JVM (Java Virtual Machine) installed is a massive plus.

As Java has been around for a long time, it also means that there are a huge number of libraries which means that it is possible to import code to carry out specific tasks. Other languages simply don’t have the same amount of resources. Again, this is a huge advantage for Java.

These two factors mean that Java won’t be going away any time soon, no matter what security experts might advise. If I can use another programming language, like Python or Ruby to do what I want, then I’ll use it; otherwise the approach I am adopting is to do my best to make my use of Java as safe as possible.

So, what to do? First of all, make sure that you have the latest version of Java – 7 update 11. Older versions of any software are always a potential security risk.

Applets really don’t serve a useful purpose, in my view – the kind of things that they are used for can be done much more effectively in other ways. I would definitely recommend disabling Java in your browser. There are instructions for how to do this here.

With Java disabled in your browser, it should mean that the only Java files that you run are those that you have downloaded. Again, as always, be careful when downloading a file that you trust the source of the file. If there is anything that arouses your suspicions, don’t download it. It’s better to be safe than sorry. Of course you should also have anti-virus and anti-malware scanners that are kept updated.