Uninstall Java Now!


Uninstall Java Now!

The Department of Homeland Security recently recommended that everyone disable Java. We at PC Pitstop will go one step further and recommend that everyone uninstall Java immediately. Here is why Java is such a threat to your computer, security, data and your identity.

First a little history. Back in the late 90’s, Java represented one of the core technologies that brought the web together. Java could run on Linux, Macs, and of course Windows, seamlessly. A developer did not need to create a separate version for each platform, and this simplicity drove a lot of Java’s adoption on the web.

As time has gone on, other technologies such as Flash and now HTML5 have essentially replaced Java as the standard for “web” applications. Every once in a while, we all come upon an old web site that still relies on Java, and that’s how Java gets on our machines.

The problem, and it is a big problem, is that Java has many security holes in it. If you have Java installed on your system, and you browse to a compromised web site, your computer is immediately infected. Let me repeat that. You don’t have to execute any malicious software, the malware enters through the security hole without your consent or knowledge. In the security business, this is defined as an exploit – a compromised web site and a vulnerable computer.

I have heard outrageous numbers from associates in the security industry. Industry insiders are speculating that over 90% of all modern malware is distributed through exploits. There are security holes in many products such as Chrome, Firefox, Adobe Reader and many others, but the most porous, security-hole-ridden software out there is Java. It’s not even close.

Think about it. Java is an old technology that you rarely use in your day to day browsing experience. Once a blue moon, you come upon a site that requires Java and you install it and continue browsing. But now, you have created a huge security hole in your system just because Java is installed on your computer.

In a recent PC Pitstop study of 155,745 computers, Java was present on 29.6%. That’s right, Java is up there with Firefox in terms of popularity. The problem is that the bad guys know it and they have created a whole industry on finding new holes in Java and others.

Here’s the next news flash. The PC Pitstop study had only 16% of Java users on the most recent version. This is relevant because Oracle, the makers of Java, have announced that there is a new version of Java that plugs the hole. The problem is that there is a lot of work in keeping all your software up to date. First, you must download the software, then install it, and then most likely reboot. You are looking at 15 minutes minimum. Most people don’t have the 15 minutes, and even more people are unaware that it should be updated.

So our recommendation is to just remove Java from your system. Even if you visit an old web site that requires Java, you can still install it again. A better idea would be to contact the site administrator and tell them to update to other technologies. It’s easy to uninstall Java. Just go into Control Panel and find the application that allows you to manage the software. It is called Programs and Features in Windows Vista, 7, & 8, and Add/Remove Programs in Windows XP. Note: quite often there will be multiple line items for Java. Make sure that you remove all of them.

So the conclusion is to uninstall Java. There might be a web site you won’t be able to use in its entirety, but you can feel a lot safer and sleep better at night.

How to Disable or Uninstall Java

For Windows users, the latest version of Java, Version 7 Update 10, also allows you to disable Java in all of your browsers through the Java Control Panel. Find the Java icon from within the Windows Control Panel, go to the Security Tab and uncheck “Enable Java content in the browser”

Windows users with earlier versions of Java who wish to disable Java should follow the instructions below for individual browsers.

Internet Explorer
•Click on the Tools dropdown menu, then Manage Add-ons.
•Find the Java Plug-in under Toolbars and Extensions (it’s listed under Oracle America), highlight it and click Disable.

•Click on the Chrome menu, and then select Settings
•At the bottom of Settings window, click Show advanced settings
•Scroll down to the Privacy section and click on Content Settings
•In the Content Settings panel, scroll to the Plug-ins section and click Disable individual plug-ins.
•Find the Java plugin and click Disable

•Click on the Firefox tab and then select Add-ons
•Select Plugins, find “Java (TM) Platform plugin” and click Disable (a of 1/11/13, Firefox has automatically disabled the Java plugin, but you should check to verify this has been done for your browser).

UPDATE 1/14/13: Uninstalling Java may not remove the plug-in from your browser. After the uninstall, we recommend you check your individual browser settings as well.

UPDATE 1/14/13:Oracle released a patch, Java version 7, Update 11, to address the security hole and change the default security setting in Java to “High”, requiring users to confirm an applet is safe before running.


 19,920 total views,  3 views today

(Visited 1 times, 1 visits today)

167 thoughts on “Uninstall Java Now!”

  1. This article is now TWO YEARS OLD and it was out-of-date the day it was released for publication. The Javageddon never happened, the Java sky did not fall, the Javacaust never came about. Yet still people are posting to this article’s comment thread and this article should have been taken down a long time ago. I have argued in this thread that it should never have been posted at all.

    There is an upside to all of this. Oracle was being pretty sloppy about keeping up with Java threats, compromises and exploits. When DHS stuck their noses into it someone at Oracle woke up and said “Hey, we’d better fix this!” So they did.

    Not everyone needs Java but it is most certainly NOT true that no one needs Java. If you don’t know, find out or leave it alone. If you do know that you will never need Java, which pretty much means you’re a veteran computer expert and don’t need this advice anyway — go ahead and uninstall it. If you don’t UNDERSTAND any of this then don’t go tinkering with this stuff unless you’re willing to pay someone a respectable chunk of change to fix your tinkering.

    After this article came out and all this hullabaloo about Java hit the media I have seen SERIOUS damage caused by people heeding this kind of advice. In one case it took a security camera system offline for a significant period of time before anyone noticed the cameras were down. IF FOLLOWING ADVICE BREAKS THINGS IT’S NOT GOOD ADVICE. If you don’t know FOR CERTAIN if it will break things or not then don’t do it. THAT is good advice.

    1. Of course it’s not a religion. It is amoral code. Neither good nor evil, and most certainly not containing anything resembling a spiritual component either pro or anti. It is a programming language.

      I’m curious however — Why would you ask such a question?

  2. I hate Java and all its little add-ons and the false updates it has every time i turn on my computer… But this is ridicules, Java is needed by most of the stuff i do and is a very useful program … no matter how painful… The 15 minutes it took to update was a lot shorter than it took to read this stupid conspiracy theory… How about we delete our operating systems because they run viruses that effect my computer… how about you spend your time more efficiently

    1. @Java Hater1000: If Java is needed by most of the stuff you do, you’re in a very tiny minority. But if you need it, the current version allows you to set it to prompt before running, which is a good way to prevent malicious drive-by executions. A change which was finally prompted by the deluge of Java security issues.

      FWIW, this isn’t a conspiracy “theory”, it is a conspiracy “fact”. There are numerous exploits that attack out-of-data Java versions. And unlike operating systems, many people don’t need Java at all. If you need it, install it and keep it updated. The latest version is far safer than what was available when this article was written (nearly two years ago).

      1. It’s not that Java is “needed by most of the stuff you do”, it’s that IF Java is needed for even ONE important thing you do then this advice to uninstall it is bad. This attitude of “one size fits all” and hyperbolic blanket justifications supporting bad advice is what I take exception to.

        Java’s poor security might break your computer. Bad advice for everyone to uninstall Java because no one needs Java (according to this article) can also break your computer.

        This all arrives at the same place by two different paths. The intention of benevolence or malevolence results in failure either way. Bad advice is still bad advice even when wrapped up in a helpful looking package.

        This article was published nearly two years ago, much has changed since it went up. Java didn’t end the computing world as we know it. The article was bad advice when it was published and it’s even worse advice now. PC Pitstop should take it down as a public service.

        1. @CloaknDagr: Given that 84% of Java installs in PC PitStop’s survey were using outdated versions of Java at the time, and the ease of reinstalling Java IF you need it (which would also ensure that you now have the most up-to-date version), the advice is appropriate, even in retrospect.

      2. @Josh Kirschner: A tiny minority LOL that is hilarious all on it’s own. What minority do you see here complaining that java is actually needed? It looks to me like the greater portion of comments are against uninstalling java.

        You need 3 things after an operating system. Flash Java Anti-virus everything else is optional but those.

        And yes some would say a browser because IE but that is really an option compared with the above.

        Java is necessary to those playing games on popular sites as is flash because both pieces of software are used to make browser games. That is a simple example of why you need java. There are a lot of things that break without java but I suppose if you only visit 10 pages on the internet religiously every day and none of those 10 use it you would never know that.

        This was written by someone who checks email reads the news and logs off for the day.

        1. @TheKing: Stats from PC PitStop users showed that more than 70% of the PCs they see didn’t have Java installed at all. Of those, only 16% had the most recent version of Java, suggesting event those who had it installed may not be actively using it. Additionally, less than 1% of websites utilize client-side Java. So the stats are pretty clear.

    2. @Java Hater1000: The problem is that older versions of Java can be activated by a compromised web site without user knowledge and consent. The fact that some older Java programs cannot run on newer versions of Java is just proof on how poorly written and how fundamentally insecure Java has become.

      Our advice stands. If you uninstall Java, and it is required (which is probably won’t), then it will install the correct version of Java and the user suffers none. But if they are not using Java, and then they go to a compromised web site, they will wish they had never had Java in the first place.

  3. This is a ridiculous suggestion. There are some programs that require java to run. It's staying put on my system. Just make sure that when you install or upgrade you uncheck options to install anything else.

  4. Please tell me what to use instead of Java to replace Java with.

    If you don’t have any decent options, the don’t come up with stupid suggestions.

    1. @Ron: Most people don’t need Java at all. If you really need it, then use it. Just be aware of the risks, make sure you update regularly and have your settings to prompt before running Java.

  5. I’m not a computer expert but I know when there is something on my pc that makes me want to throw it in the street and run over it repeatedly with my car, and I’m usually told its a virus or malware or a worm, yesterday it and for the last month its been called Java and Flash. Needing to be updated at least once a day and finally yesterday it got so bad with pop ups that my virus scans which brought up 7 high rated threats could only clean temporarily. Basically if I went to any website that required flash or Java the problem would start right back up again. So I did a clean install lost a bunch of files I didn’t want to lose but fixed the problem. That is until right before I found this page, I wanted to listen to an audio file on Vimio without it stopping and starting and early I couldn’t play certain casino games so I thought what the hell, I guess I’ll risk it and down load Adobe Flash like its telling me too. Immediately DING DING DING THREAT HAS BEEN DETECTED. Now I know the threat and problem is Adobe which really sucks and limits what I can do with my system now. This is bullshit!!!

  6. Well I put up with windows because I don't have a real alternative right now. (apple computers are out of me reach now). But having html5 and even flash is by far more useful and not that insecure.

    Why do I need a virtual machine anyway? I don't play minecraft by the way.

  7. I'm learning to program java, I'm actually been told to do so, I don't enjoy it, but it has to be done since most programs on my workplace are made in java. We do get intruders all the time and the payroll is as private as a naked picture in facebook.

  8. Installing the latest version of Java and making sure the security setting is on at least High is the most reasonable thing any of us can do. While Java may never be 100% secure there is nothing else expected of any consumer other than keeping it up to date. (Alternatively you could just never run Java, good luck using the internet tho.)

  9. Rob Woodworth If you think the internet is safe you're far from it. You might as well have Java either way. Your identity and information is already on the web if you know where to look.

  10. Techlicious I play Yahoo Euchre and up until today Java would permit Yahoo to run. No longer. Apparently it requires Java 7 Update 45 to run. I removed that when I downloaded the new Java this AM

  11. Nothing is ever 100% secure.
    "The latest version of Java is NOT safe just because exploits have not been published, does not mean they don't exist and never will."
    That statement applies to ALL software, not just Java.

  12. I have been running java (new and old) for 10 years with no problem. I believe hitting the lottery is easier than getting infected from java if at all possible.

  13. What’s the big fuss about here. Uninstall Java and if you find you need it reinstall it again. Java has become a pain so for me it goes. If I find I need it, I’ll reinstall or preferably find an alternative that doesn’t require it. If people continue to develop using Java that’s fine, but bear in mind you may be excluding people like me from using your product

    1. @rich:

      Are you serious? Really?

      Ok, well if you don’t use or need Java by all means get rid of it. If you don’t use Microsoft Office don’t buy it and install it. If you can get by on Linux for all your needs, then absolutely- ditch both Windows and Mac. If you can write your own operating system, drivers, and ancillary software then forget Linux too.

      Many of us just cannot do those things, they’re not anywhere to be found in our options list. Java is ubiquitous and pervasive, it’s in HTML accessed/controlled network nodes like IP cameras, routers, firewalls, etc. It’s in webpages that some of us need and there’s no egocentric option for “if you don’t treat me the way I demand I’ll walk away from your software” type malarkey, but we actually NEED it to do what we NEED to do on computers. Telling some people that they really should get rid of Java is not unlike telling them they really should drive their car with two wheels missing.

      If you don’t have any of those things to deal with then by all means get rid of Java.

      But don’t assume foolishly from the depths of an abysmal ignorance that just because you don’t need or use something that no one else does. Don’t assume that the uses you put your IT machines to are the only uses anyone ever has for them. Don’t assume that everyone in the world uses their computer(s) only for looking up recipes and resending joke emails like Great Aunt Tillie does.

      If you just can’t resist and you must, then after you’ve made such an erroneous assumption don’t go on to write an article like the one we’re commenting on that does exactly that.

      I’m sure you wouldn’t make such foolish assumptions and of course Oracle will just jump through hoops to please you, rich. I bet they have read your post and have a whole team of programmers working ’round the clock just to make sure that you’re not unhappy with their software. Even though YOU aren’t the one paying them anything for that software.

      That’s what all the fuss is about

      1. @CloaknDagr: Having a different opinion to you, is not grounds for assuming that I’m ignorant.
        I wouldn’t pay Oracle for their software or expect them to jump through hoops, because I don’t want it.
        My point was, the software I have on my PC is software I choose to put there to do what I need to do.
        Software such as Java and Flash are not programmes that I would choose to have, but they’re forced upon me because people use them on their websites.
        My comment about excluding me from using a website that uses Java was meant to be helpful, not selfish.
        If you run a website that you depend upon for revenue, it’s surely in your best interest to make that website accessible to as many people as possible.

      2. @CloaknDagr: And by the way, I don’t class myself as an IT expert, but I do write websites. So don’t assume my computer usage is limited to looking up recipes and joke emails

        1. @rich:

          You said-
          “Having a different opinion to you, is not grounds for assuming that I’m ignorant.”

          An arbitrary difference in opinion isn’t what I consider ignorant. It’s the (paraphrasing here) “What’s the fuss? Just get rid of it. I don’t use it so no one else needs it either.” aspect that I consider ignorant. That was the core of this article and that was the gist of your post.

          Bear in mind that we’re talking about an article published by a fairly well regarded, reputable organization (PCPitstop.com) that gives ADVICE to people across the full spectrum of computer users. Bear also in mind that is the topic to which I refer in all my posts in this thread. Proceeding from that point, when such an organization publishes something under the mantle of “expert advice” it assumes some responsibility for the accuracy and validity of the advice rendered. As such, it is not completely without influence.

          The giving of that advice is not without consequences- good or bad depending on whether the advice is sound or not. That the article and apparently you take the “toss the baby out with the bath water” approach to this topic isn’t an arbitrarily neutral matter of opinion, it’s ignorant of the real world. In the real world there are both situations where Java can be done without and there are situations where it absolutely cannot be avoided.

          Thus “Uninstall Java Now!” given as advice to all computer users is ignorant and any position that supports that is likewise ignorant by association. It is either sage, sound, helpful advice or it’s bad advice based on ignorance of the scope that Java is used. That is true and is an unequivocal fact because Java is not just used on websites that can be avoided and because there are both websites and net nodes that use Java for various indispensable purposes.

          Taking into account the above facts, this topic is not a matter of opinion because there’s no valid, knowledgeable margin allowing an informed opinion to be involved. The topic isn’t arbitrary, it’s simply a matter of correct or incorrect. An uninformed opinion is the definition of ignorance. I’m sorry I had to spell all that out for you but apparently you didn’t “get it” as demonstrated by your simplistic approach to the topic.

          This is why I’m taking the time to post on this thread, hoping to address that very ignorance before this article can cause unintended damage by advising people who know no better to do something that may not be in their best interests.

          You said-
          “So don’t assume my computer usage is limited to looking up recipes and joke emails.”

          I didn’t make that assumption, I very clearly asked you not to make that assumption about all computer users. My point was that just because you (or anyone for that matter) might have a certain use for IT systems doesn’t mean that your use is the only use and to bear in mind that there are other people with other uses that this kind of “toss out the baby with the bath water” advice would most certainly be detrimental to.

          I’m pretty sure I made that perfectly clear the first time but if not, it should be now. I understood and addressed “your point”, apparently you didn’t understand my point. I’m actually being generous by “assuming” you didn’t get my point because either you misunderstood or you just want to blather irrelevancies in lieu of discussion. So I’m giving you the benefit of the doubt and you’re welcome.

          You said-
          “What’s the big fuss about here.” (sic)

          You asked so I told you what the big fuss was about here. Twice. If you didn’t want to know then why bother to ask? Do we need to go for three times before you comprehend the answer to your interrogative?

          1. @CloaknDagr: You nicely sidestepped my points, to just say what you said before.
            And you clearly have an urge to right a novel on this subject, I don’t. I could, because I’m not simplistic, I just have better things to do.
            “What’s the big fuss about”
            If you buy something that needs Java to work, it will tell you and you clearly need to have it.
            If you’re just visiting websites that require Java, do you need it or can you get that elsewhere.
            You’re clearly someone who once they have their opinion, are unwilling to listen to others, and you wrap insults up in large senteneces to mask your inability to have a discussion.

            1. @rich:

              Gee, I’m sorry I used too many words for you. However, you did ask and I see we do have to go for a third time. No one is forcing you to read my “novel”, feel free to close the page right now.

              This is as simple as I can make it-

              1. Abandoning Java completely will cause unexpected problems with unintended consequences for many people. The percentage is irrelevant because the numbers will still be very large.

              2. Advising everyone in the world to abandon Java forever is bad advice. I’ve already covered why that is, in depth, and stand accused of using excessive verbiage for doing so.

              3. People who are not aware of #’s 1 & 2 above potentially will be victims of this bad advice. That is why it’s irresponsible to give this advice in the first place.

              4. Just because you’re not aware of #’s 1 & 2 above doesn’t mean your advice is sound, it means you don’t know enough to be giving advice on this topic. Which is what this article did.

              5. If you agree with or support the content of this article then you are likewise at fault either through ignorance or malice.

              6. These are all facts, there’s no “opinion” involved. Advice of this nature is either correct or incorrect. The advice in this article is incorrect.

              As a SPECIFIC example, if you uninstall Java and use certain network IP nodes you will not get full functionality. With a Trendnet TV-IP110 IP security camera if you uninstall Java you will not get the “Live View” function of the camera, which if you’re depending on that camera for anything at all renders the camera completely useless. You MAY or MAY NOT get the little “puzzle piece” icon that denotes a need for Java depending on the browser you’re using and your system configuration. Even if you DO get that icon unless you know to CLICK ON IT you will not be informed that Java is required.

              Thus your statement that –

              “If you buy something that needs Java to work, it will tell you and you clearly need to have it.”

              -is WRONG.

              It doesn’t matter that a small PERCENTAGE of people actually use that particular device because for those that DO and follow the advice in this article and/or your advice that camera will be rendered useless by the removal of Java from their system. IF that camera was set up by an IT pro and not a knowledgeable system owner, the owner will blame the IT pro or the device for the failure caused by following the advice in this article. Without knowing that they were responsible for the failure. If that camera provides vital security for the system owner then the result of following this advice may result in a genuine disaster if not corrected before the device is needed to fulfill it’s intended function. This may result in a DANGEROUS situation.

              That is only ONE specific example among many and your lack of experience or knowledge of issues of this nature does not excuse you to give bad advice or make untrue statements.

              Consequentially the advice in this article is completely incorrect. It is BAD advice rendered by ignorance of the facts. Supporting that advice by reason of identical ignorance is likewise irresponsible. That the author of the article or you are not aware of these results and assume that everyone uses a computer the same way you do is sheer, bullheaded, stupidity avoidable by not rendering incorrect advice in the first place. That stupidity is compounded by the ridiculous insistence that your “opinion” is viable and you cannot possibly be wrong and that there are no grounds to accept correction of your error.

              So to be perfectly clear and use as many words as I see fit- It is INCORRECT advice, which is a FACT not an OPINION. Opinion and fact are not synonymous words nor interchangeable concepts.

              I’m a real IT pro with over 30 years in the IT field. This is my area of expertise and I make a fairly decent living selling that expertise on the open market. I own an IT company and the results described above are well within my experience and that of my employees. You claim a lack of expertise in this area yet are compelled to give and defend bad advice even so.

              I do not subscribe to the “every opinion is valid” school of thought. In my many years involvement with this industry I have seen a devolution from “correct vs. incorrect” to “if you have an opinion it is valid and because you state your opinion it is automatically deserving of respect.” I see this same phenomenon in my daily work and it increases in frequency as time passes.

              I do not make statements regarding IT systems unless I not only know what I’m talking about, but also am absolutely positive I’m correct. Absent those criteria I always take the position that “”I don’t know” or “I’m not sure” but I will find out and get back to you.””

              I reach the point where I am absolutely positive I’m correct through research, my foundational education and my many years of broad experience in this field. Once the point is reached where I will make such a statement to ANY other person there is no discussion, there is only correction. Thus you are right in noting that I am not discussing this with you. I am correcting you. Though you don’t seem to realize it, you are wrong. If you choose not to accept logical correction in the face of demonstrable facts any deficiency is yours not mine.

              If you don’t like the way I correct you, that is likewise your problem not mine. It doesn’t change the fact that you’re wrong or that your persistence in insisting on your right to be wrong somehow makes you correct.

              Thus I have taken the time to point out in great detail the errors in this article and the subsequent posts erroneously commenting on same. Like yours.

              While you may claim “to have better things to do” that does not diminish my efforts to render valid, correct advice on this topic. I do my best to see that whoever reads what I write gets enough information to make a sound, informed decision. That you forgo doing so is not a credit to you. It is difficult to reconcile the fact that you claim to have better things to do yet post an incorrect “opinion” then plead the virtue of brevity when corrected. Obviously you don’t have anything better to do than make erroneous statements and then try to defend them no matter the number of words you use.

              I will use as many words as it takes to make the referenced correction(s) and if you don’t like the number of words I use the deficiency is also yours not mine. You can either tell me why I’m wrong, or you can ignore me, but criticizing the number of words I use to make my point perfectly clear is nothing but dodging the fact that you are wrong. Employing such a defensive tactic in the face of being proven wrong and to negate being corrected for your error does not somehow magically make you correct. A simplistic, brief, fallacious approach to a complex and critical issue does not mystically impart some sort of merit.

              I don’t really care if you just read my “novel” or not. What I care about is making the effort to assist people in avoiding the consequences of bad advice. That is a function of who I am and what I do for a living. I’m doing it here for FREE. It is a generosity of my time and effort. No matter how many words it takes to accomplish that.

              To answer your question for a third time- That’s what all the fuss is about.

  14. these pc professionals who advise that you uninstall java,also advocate you not download any programs or use any sites regularly that requires that you have java enabled.they don’t actually say that however.they will just claim that those sites and programs shouldn’t be used.they be risky.their attitude reminds me of some pc programmers I knew who absolutely preached that all toolbars are bad regardless of who created them(especially music toolbars.but toolbars by conduit have always been safe imo)/.I’ve used music toolbars since 1997 and never had a problem.it comes down to common sense.what these pc people expect you to do is uninstall java and NEVER run any kind of program or use any site regularly that requires java.they’re notion is that it’s dangerous.it reminds me of what these guys told me about toolbars.NEVER download one..NEVER download free online software..NEVER ,etc..they had a seizure when they found I frequently downloaded(even purchased) music-mp3-downloader..clickster pro,,etc..NO NEVER they said…music toolbars..NEVER they warned me…nothing nasty ever occurred from my downloading any of those things.my point is that these professional pc’ers that advise you to uninstall java,also expect you to narrow down the things you do and go when you surf the internet.uninstall java and stop using anything that requires it..period.that entails a whole lot for people that are on the internet for several hours a day using it for entertainment purposes/.if I ceased downloading everything I was warned about and only surfed sites that didn’t require java i’d only be checking my email and surfing a limited amount of cyberspace.doing very little compared to what I do now online./

    1. @Dennis Teel: No one ever said all toolbars are bad and no one is saying NEVER to use Java. But Java has been shown over and over again to contain bugs that are actively being exploited by hackers in the wild. So unless you need Java, you shouldn’t have it active. If you do need it for web apps, it would be safer to use a separate browser for sites that require Java to be active, while keeping Java off in your main browser.

      Outside of online games and coupon sites, it’s rare to find sites that use Java. I keep it disabled in my browser and I’ve only found one site I use that requires it to be active – and I visit a lot of sites for my job.

      1. @Josh Kirschner:

        “No one ever said to NEVER use Java”? That’s just flat out untrue, what do you think “Uninstall Java NOW” means? It means lose Java forever immediately and NEVER use it.

        As far as “online games and coupon sites” being the ONLY use for Java, that’s just flat out untrue also. Many HTML controlled devices use Java; routers, firewalls, IP cameras, etc. NASA uses Java, just today I was on NASA’s website looking up data on comet PANN-Stars and the app for the orbital data uses Java.

        When you say “only blah blah blah uses Java blah blah blah” what you MEAN is “I don’t use or need Java so therefor no one else does either.” That’s like saying “All camels have humps on their backs so anything with a hump on it’s back is a camel. So humpback whales are camels because I’ve seen camels but not humpback whales.”

        It sure would be nice if people who have no idea what they’re talking about would stop giving their “sound advice” to people who know even less than they do. Which is what the person who wrote this article did. Folks just mess up everyone’s computer system when they do that and cause huge headaches for us IT professionals.

        As for you … Stick to what you actually know something about, you made two completely false statements in the same number of paragraphs and I have demonstrated beyond equivocation WHY those statements are false.

        1. @CloaknDagr: Wow, that’s some angry rhetoric. Let’s get beyond that and discuss some facts. According to W3Techs, only .2% of websites use Java on the client side (http://w3techs.com/technologies/details/cp-javaruntime/all/all). And from PC PitStop’s own stats above, more than 70% of the PCs they see don’t have Java installed at all. Of the remaining 29%, many of those people may not be using it either (i.e., it came installed on their PC or they downloaded at some point in the past but no longer need it). So, yes, actual statistics strongly show that consumer usage of Java is rare.

          Worse, though, is of that 29%, only 16% had the most recent version of Java. So 84% of Java users (whether they were actually “using” it or not) were leaving themselves open to known vulnerabilities currently being widely exploited on the web.

          ColaknDagr, If you’re running a corporate environment, that may be different. You may have proprietary programs and apps that require Java. If that’s the case, inform your users so they know what to do (or not do). I’m sure they love to hear from you – you sound like a delightful person to work with.

          1. @Josh Kirschner:

            That’s not “some angry rhetoric”, that’s calling you on making completely untrue statements. You DID make completely untrue statements and of that there is no doubt.

            Untrue statements which I notice you try to walk back with useless statistics.

            Those statistics are useless because if someone happens to be in one of the minorities you cited they don’t apply. They are generalizations in a field where generalities do not pertain to the individual or their computer configuration. I have already pointed out at great length WHY they do not pertain, both on general WAN internet usage and on controlling LAN IP based nodes (cameras, routers, firewalls, etc.) that are more than common to every day users.

            Your statistics do not even cover the latter. I shudder to think how many people have read this article and followed it’s “expert” advice but find that they are now unable to control those LAN IP nodes that use Java … and they don’t know why they can’t access them any more. This article is BAD advice of the very worst sort.

            Thus I don’t really care if “only .2% of websites use Java on the client side” because while that’s a nice statistical generality there are most certainly people who need and use a higher percentage of Java than that. I cited a very common site in my reference to NASA.

            I assure you, if it’s take your word (and that of a website) or NASA’s I’m going to go with NASA every time. Pardon me if I place more stock in the people who launch interplanetary space missions than I do in some poster on a website advocating the preposterous.

            It doesn’t matter for purposes of this discussion if only 16% of 29% have the latest version of Java installed, that is a user/admin failure not a failure on the part of the Java software itself. User error is user error, no one is to blame for user error but the user.

            Unlike the author of this article I do not presume that all users will fit neatly into a category nor do I assume all users are too stupid to operate their systems correctly and so need some kind of bogus “expert” advice to uninstall Java. There may be some, they may even be in the majority, but this is not a democratically based situation where everyone is required to bow to the will (or failings) of the majority.

            If only 70% of PC’s have Java installed that does not mean that the other 30% do not NEED Java. That is a logical fallacy like the camel hump fallacy I pointed out. But yet you persist in perpetrating that fallacy.

            Even when it is pointed out to you that it is in fact a fallacy you stubbornly repeat the same mistake. If you think I’m “angry” then maybe you should actually read all the responses I’ve made to your “expert” advice so you can see that it gets very old pointing out where someone is wrong (and even making completely untrue statements, so demonstrably untrue that they are fully obvious) only to have them persist in their denial of the facts. Reason and logic do not seem to penetrate your mental perimeter, perhaps strong language will fare better. But I doubt it because by now I only expect you to be wrong and no matter what to not budge from that error.

            Hence my advice to people reading your “expert” opinion is to run screaming from it as fast as they can.

            Sure, there are users who do not need Java. That’s fine and dandy. But that does not excuse telling EVERY user to permanently uninstall Java. Far more sage and professional advice would be to tell users how to determine if they actually use Java or not, and THEN if not to go ahead and uninstall Java until such time as they discover they need it. With the proviso that they are not in a supervised system where the System Administrator has spec’d Java software for the environment but they go ahead and read this article and uninstall it anyway.

            Yes, I operate in a corporate environment, but I also (obviously because I’m here posting) operate in a private capacity. Just because I make a living with computers does not mean I don’t have any knowledge or experience with non-business oriented computer systems. One does not preclude the other, and there’s ANOTHER logical fallacy you have passed off as valid reasoning.

            You don’t need to concern yourself about “my users”, my clients and users LOVE me. One of the reasons for that affection is I don’t pass off malarkey as sound advice. The fact that I have no problem with chopping the ignorant baloney I encounter off at the knees endears “my users” to me and yes, they are delighted to work with me. Your final logical fallacy is that you assume because after many attempts to get you to see the light of day while you stubbornly persist in your benighted hogwash I must be hard to work with.

            Professionally and personally I cannot agree with the content of this article and I cannot sit idly by watching ignorance and generalities passed off as expertise and specific advice to everyone. I’m sorry if you don’t like that and want to persist in making untrue statements but that’s too bad. I call ’em as I see ’em and I don’t give a fig for being politically correct about it.

            1. @CloaknDagr:

              One more thing I forgot to mention, Josh. You ARE partially right, someone like YOU would really hate working for me. I would have fired you after I had told you to get off your baloney horse and gave you a chance to comply. When you refused and chose to argue with me after I had demonstrated that you were undeniably wrong I would have terminated your employment. My company isn’t a democracy and I don’t play politically correct patty-cake with college boys who think they know more than a pro with 30 years in this field. While I am always willing to listen and learn and do not credit myself as infallible I also do not tolerate willful ignorance, conceit, and stubborn refusal to acknowledge facts when an employee is beaten over the head with them. No, I just send that kind of person out the door with their final paycheck and burning ears. Good luck in your IT career, I pity the people you work for/with and you had best hope you never work for anyone like me. Unless unemployment checks are your favorite source of income.

  15. If you just turn it off even when you think you want to have it run.. it will have to be updated anyway.. may as well remove it. Some sites may be fine to use Java however it is advised to remove it when your video is done. But then what do I know.. lol!

  16. I'm running McAfee, with real-time scanning and firewall activated. Are these measures ineffective against these so-called "exploits", rare as they reportedly may be? Also, I used to get those annoying javascript runtime error messages on a regular basis (not so much anymore). Would removing this program altogether affect recurrences of runtime error messages?

    1. @Dwight Foster:

      No defensive software is more than about 50% effective and I’m being generous saying 50%. You cannot count on a single program like McAfee to keep you safe no matter what you do. You need layered defenses, look up that term and apply it to your situation.

      I run Panda Cloud, MS Security Essentials, MS Defender, Spybot Search & Destroy and Malware Bytes Anti-Malware (MBAM), Windows Firewall and a real SonicWall hardware firewall on my perimeter. I have Java turned off in my main browser but have an alternate browser configured JUST to run things where I need Java and ActiveX. For the record I really hate Internet Explorer and only use it for certain things, I also have Firefox with AdBlock and NoScript installed, plus Google Chrome. I use all three browsers in my daily life as a computer pro.

      Java and Javascript are TWO completely different things with confusingly similar names. In general, what applies to one does not apply to the other for the purposes of this discussion.

  17. There seems to be a lot of misinformation in these replies as to how much Java is needed. I have never installed Java on any computer I have built (I have never bought an off the shelf computer) going back to about 1999, which is well over two dozen computers, and I can count on one hand the number of times something on a website did not work because Java was not installed, and even then it was nothing significant.

    I think many of these comments are based on not knowing the difference between Java and javascript. I have never installed Java on the computer I am writing this from and I can go to Facebook just fine, I can listen to BBC Music just fine, I can print out my USPS postage labels from eBay just fine, etc, etc, etc.

    Uninstalling Java is not a new concept exclusive to PC Pitstop. The topic has been visited before by other well known computer experts:




  18. Lots of inaccurate information in this article. If a user has NO security software installed, and if the user likes to click on unidentified popups promising big money and worldly pleasures, then it might be possible to run a particular binary to infect a system. Advising users to uninstall Java is just plain wrong. Text/link-only sites are boring and outdated. Are you really advising users to uninstall Java because you are too lazy to update your own software? This sounds like advice a 15-year-old would give. I have been developing software and computer systems for years. There are plenty of easy ways to update software and you are truly lazy if you think downloading and installing an update is that difficult. Why even work on articles here if it’s so much work? If you are too lazy to install the update yourself, download and install Secunia PSI which will update and patch vulnerabilities in many titles for you, including java. http://secunia.com/vulnerability_scanning/personal/

    Want to check and see if your software is up to date? There are several reliable update checkers available from places like Filehippo.com, majorgeeks.com, filepuma, C-net Techtracker, kcsoftwares.com (Sum0), and more. There is no call or need to uninstall Java and Java is used more widely than you are leading readers to believe. Having the latest version installed, and running a reliable security suite provides protection. Past that, all it takes is a little common sense. When the popup appears inviting you to share wealth of the “prince of Nigeria”… C’mon now. There is no cyber defense against foolishness or lack of common sense.

    1. @Techman Dan:

      I think you’re confusing Java and JavaScript. Very few sites require Java to run, though most do use JavaScript.

      The fact is that many people don’t keep all of their software up to date, and scammers are pretty ingenious at getting people to click on malicious links; casting those that do as simply “foolish” or “lacking common sense” doesn’t reflect today’s reality, nor the fact that many/most users are not techies who can easily decipher what is real and what is not. In any case, the identified exploits can infect you without requiring actions on the part of the user.

      Given the continuing risks and the relative lack of value for many users, disabling Java is the way to go.

      1. @Josh Kirschner: I’m not confusing anything. Java Runtime Environment is a requirement of plenty of software available today, going far beyond simple website javascript. There’s lots of profitable software running today which requires java for everything from communicating to printing to playing games. I’m not going to list examples. I am also correctly casting many users into multiple categories. There are wise users as well as foolish. My company has many customers who range the whole spectrum. One customer came to us with a system that was a bot and had countless malware signatures (around 800). Others want the added protection of proactivity in the face of today’s zero-day threats. It is a duty for those of us with knowledge and experience to teach those who lack the element of common sense and make them wise. Since most users are capable of reading and comprehending even the most basic instructions, and since everywhere you look today there are plenty of warnings against foolishness such as clicking on strange popups of answering the “prince” of some foreign land. It doesn’t take a genius or a senior tech to have common sense. Reading your comment, you leave an impression that most users are “stupid,” for lack of better term.

        Identified exploits can be stopped in their tracks with proper zero-day protection, as well as a reliable security suite.

        This article ticked me off just enough to weigh in, but I have better things to do, such as protect users from zero-day threats. There are many would like to argue. It gives them a reason to post a comment. John, Given the continuing risks and the relative lack of value for many users, getting rid of computers or at least internet access is the way to go. In order for 98% of users to function on the internet today, John, Java will be required. That’s why there are those of us out here who work hard to stop zero-day threats and even track down offenders who write malicious code. You go ahead and disable your Java, John. My company and our customers will continue to use Java safely, using common sense.

        Stay vigilant everyone!

    2. There Is a Sh&* Lot of inaccurate information in this article. I Find It Interesting That I Have To “TURN ON” “JAVA” To Answer Options On This WEB Site. What The Heck!
      Oh, I know , I am Running The Number 1 Security Tool That All Should Have, “NoScript”.. It blocks All Java and Java Script.. It’s Installed on SeaMonkey 1.9. 1.9 Is a Very Old Browser, 99% of It’s Flaws have been forgotten ..
      I takes about 3 min. To Download and install Java, Lazy Is Not That Word For It..

      PC Pitstop need not ever send me an other email like this..

      BILL MacG

  19. Agree with many of the above, I disabled Java this afternoon, and now Facebook doesn’t work properly (hardly a minority site) and nor can I listen to BBC radio via Internet, unless I re-enable

  20. Concerning the 15 minutes, he meant EVERY time you update you use the 15 minutes. So, as a matter of course, many people might put off putting on FUTURE updates. You only have to uninstall once, and this is an appeal to put down what you are doing and do it now… That said, I researched and seems like if you set it up right, have the right protection, and keep it updated (even with the "15 minutes) you can be somewhat safe.

  21. I updated java last month on my WXP computer and now my Media Center doesn’t work, I uninstalled it and went back toseveral previous versions, and it still doesn’t work, my AV product says no threats found. I have nothing to lose by updating to the latest version. I have not wound Windows back to mid November yet, to see if that fixes the problem.

  22. Yes, I think the article is a little alarmist, but there is a reasonable element of truth in what is said but it seems to only apply to web browsers. The first sentence actually describes what the US-CERT said, and that is to temporarily disable JAVA until the issue is fixed.

    “.. Due to the number and severity of this and prior Java vulnerabilities, it is recommended that Java be disabled temporarily in web browsers as described in the “Solution” section of the US-CERT ..”


  23. Those crappy-old java APPLETS are very annoying. The desktop-running normal java programs have no problems, but those APPLETS running in the browser. Why are programs still written in Java ? – arrhrhh…..!!!!

  24. "Most people don't have the time to update" (15 minutes) – Really? Are you SERIOUS? That is the most idiotic statement I have ever seen from a supposed computer professional. And it pretty much inspired me to stop reading right there.

    Any serious computer security professional will tell you the FIRST 3 steps in keeping your computer secure is UPDATE, UPDATE, UPDATE.

  25. I am not knowledgeable about computers and software, so this has sared. I have lots of cathing up to do to be comvetable with the technical aspects of my computer. I appreciate warnngs, suggestions, ec. to help me. operate my computer with confidence. I admire those individuals who have mastered the technologhy and the know-how in operationg and managing their computers.

    I appreciate you shareing your thoughts and comments regarding softwae issues.

    Regards, Colonel (Ret) Dave Ulmer, SFm USA

    1. @Pat:

      I am no computer expert by any means, but I do spend a lot of time setting them up and clearing viruses off them, so I am familiar with some terms and research. I had noticed that, updating J7U10 to J7U11 did not change the actual install date in the system (using ccleaner to view this). This was a flag to me, and so I proceeded to uninstall Java completely and reinstall J7U11. I had noticed that the security setting had been changed by them to High (it used to be Medium), could this be their fix????? I hope not – that’s not enough! So I did some investigating. I found the same website showing the 2 sandbox bypass proof-of-concepts, and then began to wonder about “Ads” – do adverts on web sites use Java applets? based on what I read in Wikipedia, yes, they can. So, I could potentially visit a site like, say, CNN, or even Yahoo mail, and be infected by a malicious applet from an advert feed. So, it appears the best course of action is to disable Java in all browsers until they have completely plugged this hole. It is now January 22nd and still, we are left hanging…and no operating system is safe – Java applets are operating-system-INdependent.

  26. You make it sound like java is only used on websites, far from the truth. Real programs are written in java too. It's definitely not some outdated useless software that no one uses anymore.

  27. IBM supports Java on all their major platforms. This means that even if Java should disappear from the face of the Earth it will still be the running on the mainframes (like COBOL). The primary advantage for programmers is the ability to develop locally, and the strictness of the JVM meaning it will run in a predictable way.

  28. Its amazing “Think about it. Java is an old technology that you rarely use in your day to day browsing experience. Once a blue moon, you come upon a site that requires Java and you install it and continue browsing.” Sine i read this article at 11:54 Jan 21 2013 i have run into 86 instances where Java was required to run a website I dont know how far ahead of the curve you people are but there are still alot of us that unfortunately rely on Java for OUR everyday computing .But lest we forget those people

  29. I have been avoiding Jave issues for a long time now.

    I have it installed and up-to-date; however, my secret weapon is not a secret; it is good common sense. I browse through the Internet using FireFox and have, among others, the NoScript addon installed. This permits me to decide on a per site basis as to whether I allow all the page or just parts of it, and that can be on a permanent or temporary basis.

    It can seem like a pain in the rear when you first use it. Nevertheless, as time goes on, and you have allowed the sites you trust and go to regularly it gets easier. It then just affects you if you go to new sites.

    Happy and safe surfing

    Bj aka Bjantiques

  30. Funny how they speak about uninstalling Java the whole post , even giving you step-by-step instructions on how to uninstall it , but they try to avoid the fact that The Last Version of Java is secure.
    15 minutes of installing it? It's not like I'm working my a** off in those 15 minutes , just pressing a few buttons. Don't want to reboot now? Reboot later.

  31. I have a question. Each time I view my list of programs in an uninstall program I see multiple versions of Java. Will I be OK if I uninstall the earlier versions? Seems to me the newer versions, when installing,should automatically remove the earlier versions like so many other program will do. Should I remove them?

      1. @simrick:

        I did that once and it stopped one of my programs from working. I installed that program and reinstalled it and it insisted I reinstall the java (JRE6 I believe it was) before it would work again so be cautious when doing this.

        Bj aka Bjantiques
        Be safe and secure on the Internet

  32. Department of Homeland Security singled out java as a risk. Does that make today a yellow or an orange alert day?

    Java is NOT an old technology, it is and will be for decades to come not only modern and relevant but also much needed for many people.

    I have and use several applications that depend on it, un-installing java is not an option.

    If you really want to discuss old technology and the dangers that old technology represent Rob, perhaps discussing activex would be a much better topic, then to top it off explain why no one should ever use it/run it as administrator, or for that matter running a web browser as administrator. “timebomb” waiting to explode. 😉

    Those are things I recommend far before I recommend people uninstall java.

  33. You are all seriously paranoid. Your use of a computer or even a bottle cap remover tool is questionable. Nobody cares about your poor pathetic self. You have no security. What a scam folks. Wake up. How much will you pay for the sun to come up tomorrow? Soon, this will be an hidden charge. Word of the day- “INTEGRITY”.

  34. I uninstalled Java over 6 months ago after being infected with FBI Moneypack ransomware. I haven’t run into an instance that needed java since.
    I believe the FBI Moneypack malware entered via Java.

  35. What about the giant attack surface known as .Net? You can’t even uninstall it from newer versions of Windows and you pay a huge .Net tax every month downloading massive security fixes.

  36. hmm. I recently did a full virus scan and had quite a lot of infections which were to do with java. Did it affect my life or the use of my computer. Err not really. I’ve also recently had my facebook and EA sports account hacked into. Did it affect my life. Err not really. I used to be really concerned about the security of my computer, nowadays , not so much. What’s the worst than can happen. They ain’t getting into my bank account.

  37. I would like to find out how I can get paid to give people bogus advice like this.

    I’m an IT pro with 30 years in this field, I spend my days undoing the damage done by people like this author and others who don’t know what they’re doing but feel qualified to tinker on computers anyway.

    It would be MUCH easier to be on the other side of the fence and get paid to publish baloney like this rather than actually have to know what I’m doing and fix the problems this kind of malarkey causes.

    US-CERT (the U.S. Government Computer Emergency Readiness Team) issued a bulletin on this Java exploit DAYS before DHS did. Oracle released an updated version of Java almost immediately thereafter (4 days after the initial CERT bulletin). The Java update was released on 14 January and THIS article is dated 16 January. So if this “author pundit” actually knew what was going on then this article should have been killed and revised BEFORE publication.

    Now guess what’s happening? I’ve already patched all vulnerable systems and people are uninstalling Java and breaking their computers.

    DHS should keep it’s huge, bureaucratic nose out of this and leave such things to CERT. Authors of online articles should actually bother to check their facts before advising anyone who can read to do something like uninstall Java.

    We’ve all heard the hogwash about how “everyone is shifting away from computers to tablets, pads and smartphones.” It ain’t so, in business we still use computers (and thin clients which are just multiple terminals for a computer located elsewhere) and we always will, we CAN’T get by with the limited functionality and power of those other devices. Authors who write articles like this are seriously causing damage to the business computing environment.

    Do not listen to this person. Uninstall your old Java and install the new version IF you own your computer or your IT staff tells you to.

    Failing that, tell me where I can get a job like this so I can make a living without expertise and someone else will have to fix the problems I cause.

    1. @CloaknDagr:

      TYVM for the info !!! I was just about to uninstall Java. Good thing there are smart people like you out there willing to help us less puter savy folk ! THNX Again !!!

      1. @Lynda:
        You’re welcome. Please read my comment below for detailed instructions on what you actually should do and please ignore what this author is telling you to do.

    2. @CloaknDagr:
      Letting people know that there is a serious issue that needs to be patched is hardly “tinkering with your computer”. And the publication date of the article is irrelevant – many people do not update their software unless you directly point out the risks of not doing so. Even with the new updates, most users would be better off with java disabled to avoid future security exploits with a program that they will rarely, if ever, need.

      1. @Josh Kirschner:

        YOU said-

        “… most users would be better off with java disabled …”

        Which is ONLY true of “most users” YOU know.

        Which is NOT the topic of this article, the topic being to uninstall Java completely.

        Which doesn’t take into account that a LOT of people will, on the advice of this article, take to “tinkering with their computers” and not only uninstall Java but disable Javascript also. Because they don’t know the difference and they’re not qualified to “tinker with their computers”.

        There is a huge difference between “letting people know” and “advising them on a course of action”.

        As the casual world shifts away from the desktop and the business world stays firmly rooted to the desktop, the consequences of bad advice regarding courses of action impact the business computing environment far more than the casual pad, tablet and smartphone user.

        If you are the owner of your computer and not your employer, I don’t really care what you do to it as long as you are not among the family and friends who are going to call me to fix your “tinkering”.

        If your employer owns your computer then leave it to the IT staff to deal with and don’t “tinker” with it at all.

        IF you ARE the owner of your computer then proper advice would be-

        1. Uninstall everything Java you can find in “Add/Remove Programs” in XP or “Programs and Features” in Vista/Windows 7.

        2. Download the updated version 7u11 of Java.

        3. Install it. Uncheck all the crudware boxes and actually read the installation instructions.

        4. Once installed, go to Control Panel and launch the Java Control Panel. It just says “Java” and has an icon of a steaming cup, as in coffee cup.

        5. Go to the “Security” tab on the Java Control Panel.

        6. Set the slider button to “Very High”.

        7. Hit the “Apply” button.

        8. NOW uncheck the box that says “Enable Java content in the browser.”

        9. Hit the “Apply” button again.

        10.Hit the “OK” button to close the Java Control Panel.

        That will actually suffice quite nicely for “most users”. Ignore this hogwash about uninstalling Java completely UNLESS you ABSOLUTELY KNOW you NEVER need Java AND you know the difference between Java and Javascript.

        YOU said-

        “…the publication date of the article is irrelevant – many people do not update their software unless you directly point out the risks of not doing so…”

        Again, “many people” that YOU know. I’m a sysadmin and I know many IT people that will push an update by various means. NOW we have a whole bunch of people trying to uninstall Java AND disabling Javascript who shouldn’t be “tinkering” with their computers at all.

        The dates ARE relevant because this article should have been rewritten in light of NEW information available two days BEFORE it was released for publication.

        Lastly, blanket advice to uninstall software that IS mission critical in SOME environments is purely irresponsible and unprofessional.

        I don’t know these “most users” that YOU know. I know the “most users” that I know and they most certainly DO need to have Java installed on their machines. It seems to ME like you all “don’t need Java” types use your computers more for playing than for working and I for one would certainly appreciate you all “don’t need Java” types minding your own business.

  38. What I did , was uninstall my old java, and installed the new 11.7… there's only one site that I pay a yearly premium for where I need Java , so I enable it while on that site and disable it when not. ,

    I just hope it's safe to do that.

  39. Has anyone even stopped to think about where this all started? Homeland Security… the government is telling us to remove something from our computers? Why? Since when does the government care about our individual computers? I was ready to do this until I read through ALL of these posts, and it hit me… am I going to do what the government tells me I must do? Not on my life! I don’t trust a single government agency and I surely won’t trust them with my computer!

    1. @Pam:
      It actually didn’t start with the DHS. It started with the Computer Emergency Response Team at Carnegie Mellon University and, before that, was identified on a small computer security blog. Many leading security experts have recommended this same course of action.

  40. This is a nonsense article. As somone suggested, a link should have been included to the new version of Java, but the fact is on all 5 of my computers I already received an offer to install the new version and already have it running. And contrary to what the article says, I'll bet at least 25% of the sites I go to use Java, although it's hard to tell because it doesn't announce itself, usually. Just try to print an online coupon without it! And By the way, I don't go to "weird" websites, just the typical browsing that I imagine the vast majority of the public does.

    1. There is a link to the new version in the article above. 25% of sites don't use Java. But you will find it more frequently on coupon sites, gaming sites and some financial applications. Set your security settings to require a prompt for Java applets to run and see how often you actually need it.

  41. The site i use to play yahtzy tournaments will only work on java version 6.5.. If i update i lose this site, so will stick to what works on it..
    If you worried about everything thats supposed to be bad for your computer you’d never turn it on.

  42. Making your recommended changes disabled both of my email programs: Google and yahoo! Your "15 minutes" turned into near panic while I undid the damage.

  43. I uninstalled my old java and installed the latest one. I have one site for games that still uses java. The new java asks you if it's ok to run before loading so it's your decision. Go to java.com and it will check what version you have. Version 7, update 11 is the latest one. Make sure you uninstall the old one before installing the new one.

  44. This is funny. We should all burn our computers and go back to stone age. Every single software we have is a threat, they all have exploits of some degree… I am burning mine, I suggest you do the same, hey author!!! you too…. hahah

  45. OK! Most of or even, ALL of the games I play have to run Java…. Like Minecraft! You say that Java is that bad for your computer? WHat about all the updates Microsoft has to send out? Also If Java is so bad? Why haven't they found something safer to run with all these programs? I understand about Security and think that we need to practice safe web browsing but the " Sky Is Falling " deal on Java is kinda to much! Every program has a type of expolit. Let's take the time to find the exploits and not waste time on this subject to uninstall something that runs over 1.1 billion desktops, 3 billion mobile phones, not to mention that your Blu-ray players run Java. To say to uninstall Java is like saying uninstall the ram in your computer and try to run it…

  46. BULLSHIT. Java Applets have a problem. Java itself does not. At worst you should disable Java in your browser. Windows sends me dozens of security updates every day. You don't call for shutting down windows. Put this is perspective.
    See http://mindprod.com/jgloss/0exploit.html The problem only happens if you visit a roque site posting a rogue Applet. Applets or reputable sites will not hurt you. The same is true for JavaScript, ActiveX… At least Java normally prevents damage from deliberate rogues. The competition does not even try.
    I think you are just repeating some misinformation and hyped it. Ask someone who understands how the Java sandbox works.

    1. Yes, the problem only happens when you visit a site hosting a rogue applet. Much the same way people are infected with other malware. However, unlike Windows or JavaScript, Java has little to no practical benefit for most people – it's just a security hole waiting for the next exploit.

    2. No problems on legit websites huh? What's stopping a hacker from hacking into your legit website and placing an invisible iframe pointing to his "rogue site"? With all those wordpress sites out there and security holes in wordpress do you really think people can't hack in? It happens all the time.

  47. People don't have 15 minutes (a mere 15 minutes! about the time length of the Beatles' "Hey Jude") to update Java. I spent more time reading about why I should uninstall it. Nevertheless, after taking the time to update (more like 2 minutes), I remain convinced that listening to this alarmist hokum is simply a waste of time.

  48. 1. Disable java on all the browsers you use (even if you just use firefox/chrome etc, you may occasionally need to use IE for sites that require it & it’ll be on a win pc). You can enable at need, if you have to (most users wont).
    2. Keep java up to date. Just like ALL software. There are programs which monitor your pc & let you know when updates are needed.
    3. If Java is disabled on your browser, then you cannot inadvertently run a virus script on a dodgy website (d’oh!), but you can still run software & peripherals on your pc that requires java (and you probably have some).

  49. all this is confusing.wonder if just disabling it helps.should in Theory.if not taking a chance crippling a machine would not be worth taking.

  50. Unfortunately for a developer like me un installing java is not an option. I develop Android applications and rely on java runtime for my Eclipse IDE and other Integrated Developer Inviroment.

  51. Ahm, actually, this is what Mozilla has done with Java for Firefox:

    “Java Plugin 7 update 11 and lower (click-to-play), Windows has been blocked for your protection.”

    This is what you see when you check your pugins. So what’s the problem really…
    I’m sure Mozilla is on top if things like this, they work with it every day, so no way they’ll let something that would be a security-risk run freely. They would probably only unblock it once it has been fixed.

  52. I’m kinda confused too. I just disabled Java in my control panel. Then got a message to close browsers using it. Ok. Went to Firefox and still had Java. It now says to update to the newest version(?) so, what should we do?

  53. I’m SO confused!!! The article and many here advocate for killing Java and the other half for letting it live…What’s a computer beginner person to do??? :-(((

    1. @Adela:
      Computer beginners should install the update and disable it in browsers through the Java security panel. If you find you need it for a specific web application that you trust, change your security settings to high so that you are prompted before a Java applet can run in your browser.

  54. I am appalled! I don’t know why PC Ptistop would allow print of this stuff. Do not uninstall Java. I am one of the few people who can contact a live Oracle person by phone. This article is wrong. Oracle responded to HS office many weeks ago, the vulnerability is fixed and well documented. If you decide to take java out of your box many many things on websites will not work. You will end up going back to it,
    firefox, IE, chrome, safari browsers embedded websites – banking, auto, alot of stuff uses it. This notice is many many days late and does not reveal the complete story.

    I checked with my MS folks too. Just make sure your auto updates are set to on you will get the vulnerabilites plugged through automatic updates. Way over reactive shame on pc pitstop! shame shame!

    1. @joelc:
      The exploit was just fixed a few days ago. It appears the exploit has been out in the wild for some time, and there have been many other Java exploits in the past. Java is not widely used on websites that most users visit frequently and represents a security risk that most people probably simply don’t need.

  55. So what would someone do who has no computer smarts about Java? I followed the instructions for the Chrome disable plug in…will that be good enough?

  56. John, if you click the underlined version update, you’ll be brought to the updated version. I second using Revo Uninstaller before installing the update.

  57. Andre Kristjansson

    I think it would also be helpful for people to understand that not all Java use is equal and I have seen few commentators on this issue mention that. While the java “Applet” is not so common these days, there are other uses for the JRE/JDK,not to mention the ENORMOUS installed base for Enterprise Java (Beans, JSP, JSF, etc). Granted these are “server side” Java technologies, but the point is, Java is still a very important language, and not the obsolete 90s technology that the blogs seem to be making it out to be.

  58. Uninstalling Java may not be an option for some people. There are some programs that run on a computer that require Java (independent of the internet). Uninstall Java and you could cripple your computer.

    The “patch” Oracle put out (Java 7u11) is completely useless. All it did was raise the security level in the Java control panel from “medium” to “high”. As of today, proof-of-concept has been submitted to Oracle on 2 new security vulnerabilities.

    Mozilla pushed out a CTP (click-to-play) for all Java v7 in their Firefox browser within 24 hrs of this exploit being seen in the wild. Bravo Mozilla engineers for keeping your users as safe as possible, as quickly as you did!

    Now, USER BE WARNED: Use Firefox for browsing, and don’t click-to-play Java applets in web pages unless you can be sure the site is not infected (and there’s no way to be certain unless you are the host company and have just scanned all your servers).

    1. @simrick: I noticed this download Java on a youtube site mp3 to videoconvertor.After a download of a video the next time its telling you to download
      Java to continue using the service,that wsa new to me so I stopped using the youtube convertor

  59. Our problem is that Java is required for essential corporate software. Java 6, as a matter of fact — the developers haven’t certified it for Java 7. We can’t change that — the system is too large to migrate to another one — and the developers are always extremely slow up add new technology (the software originated in mainframes, and even the web version makes that obvious).

  60. I use Java JUST for ham radio applications such web software defined radio. What Java needs to do is sew in these patches in their updates and create something more secure. I have already updated my Java. I need to listen to software defined radio.

  61. I appreciate all of the comments. I believe that people are underestimating the severity of the security risk of Java to our computers. It is a huge hole and that allows malicious code to execute without your knowledge and consent. Furthermore, modern security software be it free or pay, or combination there of, still cannot stop the badware from executing.

    Let’s not forget that the Department of Homeland Security also singled out Java as a security risk. It is not just keeping Java up to date. Java has so many security holes that as soon as they plug one hole the bad guys just find another.

    I also suspect that there is a confusion between Javascript and Java. Javascript is a simple scripting language that is used on virtual almost every modern web site. Java is a totally different engine designed to allow small web applications to run browse and platform independent. It is was great for a while but like I said, no one is writing new stuff in Java. It was great in the late 90’s.

    1. @rob cheng:This is paramount to people who don’t have a clue. Why all the bull**** sir! Whats the take? Keep’em stupid mentality will surely bite you on the a**. Who are these people? Show yourself.

  62. Someone should mention that Javascript is a very different thing from Java. Javascripts are fine, and are supported by the browser, not by Java and it add-ons. Of course, javascripts aren’t as powerful – they add “bells and whistles”, not real functionality. I also agree that it’s better to install the latest version of Java than to uninstall it. Uninstalling it will take longer than updating to the latest version. The last tim I did it, it took about 3 minutes, not 15. I spent the three minutes on the porcelain throne, and never missed the time. The author and the dept. of homeland security are taking an alarmist stance.

  63. Java is required on a number of websites that I could not do without. This article makes me wonder whether other advice on PCPitstop is less authoritative and helpful than I thought it was!

  64. This is bad advice. To claim java is rarely used today is completely wrong. Almost every one of my clients uses java and so do I. To say that flash and HTML5 replace java is a joke those 2 applications do completely different jobs than java and all 3 of them are required for very different reasons. I am starting to wonder if the author even knows what the difference is. I have developed things using all of these applications personally. It is hilarious to hear someone say that once in a blue moon java is used by an old web page when new pages are created using java to this day and frequently.

    1. @Corpsecrank:

      I agree completely. Advising people to uninstall Java completely is a ridiculous thing to do.

      I can only hope that people will read your comment, my comment, and any others in the same grain before following the dangerous and useless advice in this article.

      If so it will save a lot of IT people a lot of headaches caused by users complaining that their computers don’t work right.

      Articles like this cause FAR more problems than any software vulnerability ever will.

      This wouldn’t be an issue if users would stop volunteering to get themselves mugged on the internet by visiting questionable websites. The incidence of responsible websites being infected with these exploits is very rare. Stay away from gambling, porn, warez and other “iffy” websites and you won’t have a problem 99% of the time.

  65. While Java may be “old technology” it is also ubiquitous technology. You NEED Java for many of the day-to-day things you do with your computer. Do you have a router, a firewall, an IP camera, or other device on your local network? If so you’re probably going to need Java to access it’s controls. SonicWall firewalls REQUIRE Java to log into their controls.

    It is HIGHLY irresponsible for someone to claim to be some sort of pundit then tell people to uninstall ANY software rather than keep it updated. ALL software contains vulnerabilities and nearly ALL software needs to be kept up to date.

    When less-than-expert users read an article like this they don’t “get it”. What they “get” from an article like this is “I don’t really need (x) software so rather than keep my software updated I can just uninstall it.”

    Of course this author pundit isn’t going to be the one receiving all the support calls from work, friends and family about “my computer doesn’t work and I don’t know why and I didn’t do anything to it or change anything.”

    Years ago while driving down the road I heard Leo LaPorte on the radio describing the circumstances under which “you don’t really need antivirus software.” I cringed so hard I nearly ran off the road when I heard him saying that over the air. Because people don’t “hear” all the qualifiers he was listing that went with that claim. They don’t understand them so their mind just skips over the parts they don’t understand. What they heard was “You don’t need antivirus” and NOTHING else.

    Please stop doing things like that. It’s irresponsible and it’s highly unprofessional.

  66. And what do we do about some games that millions of us play that requires java to run? Things like Minecraft or Puzzle Pirates? You cannot run these without Java on your system. Java is also used in browser based chat technology and other things. It’s still VERY widely used and to say that it is unsafe is a load of crap. If you keep yourself protected with the proper software, malware and virus’ aren’t a problem for you.

  67. I made a decision some time ago to trust Max Page and his people.

    So I did exactly what was suggested in the article and removed Java.


  68. I reluctantly uninstalled Java and its recent updates upon the advisory of PCPitstop that still has a link to VISTAREADINESS on one of its opening pages. Kill me now.

  69. I like how the author mentions that it would only take 15 minutes to do but recommends you spend that time instead uninstalling Java and all of it's add-ons, which will probably also take 15 minutes. He then later on says, "Even if you visit an old web site that requires Java, you can still install it again." when I thought the whole point was that Java isn't safe and to uninstall it. Not a very well written or informative post I'm afraid.

    To any of you still reading, just install Java 7 Update 11 and you'll be fine.

    1. The latest version of java is NOT safe just because exploits have not been published does not mean they don't exist and never will. If you're going to use the java plugin then yes get the latest but if you think you're *safe* you've got your head buried in the sand.

  70. this is ridiculous! I'd really like to see an exploit. as mater of fact if you point my on applet that contains "virus" I'll run it at once. Exploits are done on binary files in java installation and not at language itself which is very secure. If people are to follow your logic there will be no Windows present on any single machine!

    1. You couldn't be more wrong. Java is a binary file, the java virtual machine interprets and runs the java bytecode in the applets. Put the right magic into the applet and you exploit the java runtime. Just like opening a corrupted pdf file can exploit acrobat reader.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.