This Is Not About Coffee

This post is not about coffee.  It’s about Java.  But isn’t Java coffee?  Well it is in the U.S., but not in the context of this post.

A couple of people had asked me about that Java security issue they heard on various news channels recently.  Java, like many things on the Internet, could be dangerous…and here’s more or less what I told them about it.  I just thought I’d share it with my reader community while I was at it in case this non techno talk version helps you out.

What is it?

Java is a high-level programming language that is used in many leading web sites today.  Although I don’t do it anymore, I can proudly say I’ve written quite a few Java Beans in my day.

Why are you telling me this?

It has a serious vulnerability that could affect you at home.

What’s the Scott diagnosis?

This can affect you Mac users the same as you Windows users. There’s no reason to panic, but I’d ask you to please open the link below to read more about it and find out what you can do to mitigate the issue at your house. Best case scenario: You don’t have the vulnerability. Worst case scenario: a hacker anywhere in the world could remotely, silently and quickly install software on your computer to do bad stuff. I don’t need to spell out what that means. You get the idea.

Where can I find out more information about this vulnerability?

The Department of Homeland Security has put out what I believe is a helpful and concise summary of the issue along with steps on how to eliminate it. The remediation involves a patch from Oracle (who owns Java).

Here is the link:

The short of it is this general action plan:

1. Determine if you have Java installed

2. If not, you can stop reading. If yes, determine what version you have installed.

3. If you don’t need Java, uninstall it or at least disable it. If you need it and it’s version 7, patch it.

I figured out I have Java installed. Do I need it?

I can’t help you with that necessarily, but I can tell you that if you have it, it’s likely because you used it at some point. However, it could be that you bought a new PC from Best Buy and it came installed by default. In that case, you may not need it. It just depends. If you use a web site that requires it, it’ll let you know. For instance, at my house, I don’t have Java installed on my computers or on the kids’ computer. For my wife, Java is installed, but disabled. She needs it for a particular web site that she uses, but she doesn’t need it regularly, so it’s disabled. It’s inconvenient, sure, but it’s safer. Oh and generally speaking, if a web site asked me to install it, I do not unless I absolutely have to have the function that web site provides either for business or personal use. I hope that helps.

Why can’t you give me exact step by step instructions?

Ah, I wish I could. But every home PC is different. Each one has a slightly different variation in operating system, Java installation (if it exists at all) and browser type/version that it’s not practical for me to do so. That is why I provide the link above as the experts have already tried to help everyone out to the best extent possible and frankly do a better job than me at communicating it.

Will Java always be a problem?

Of course, but that’s the unfortunate part of working on the Internet. ActiveX (from MicroSoft) can be dangerous. Flash (from Adobe) can be dangerous.  QuickTime (from Apple) can be dangerous.  HTML (from everyone) can be dangerous. In this increasingly digital age, we just all have to be a bit more computer saavy to keep up with what’s installed on our personal devices and take steps to protect ourselves as best we can.  That goes for you non-technical people too!

Leave a comment


  1. Mike White

     /  01/21/2013

    HTML5 + SVG Canvas + JavaScript FTW! There will always be vulnerabilities, but the browser sandbox does a much better job than Java for client side programming.

    • You got it. Isn’t that the truth! I hope you’re doing well. Are you on twitter by chance? If so, look me up @scottsappen

  2. Very interesting!

  3. Questions: I have no idea how to determine if I have java. Can all this affect my phone ? (Samsung galaxy s 2).

    Thanks for visiting 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: