Skip to main content

Java still has a crucial role to play—despite security risks

posted onOctober 30, 2012
by l33tdawg

Java has its security flaws, but it isn't going away any time soon—after all, many important applications run on the technology, especially in business settings. Still, numerous users are worried enough about vulnerabilities that they restrict Java's ability to run on their machines. That's what we heard from Ars readers when we asked Friday whether they let Java run on their computers, and why.

Some users have disabled or uninstalled Java entirely. But the most common solution for those worried about security risks is to leave the Java Runtime Environment in place on the desktop while disabling the browser plugins that allow Java applets to run on websites. Those plugins are often vulnerable to attacks involving remote code execution.

"Java as a desktop framework is not a big security risk," writes commenter Stilgar. "It is the browser plugin that presents a problem. Avoiding desktop Java on purpose does not make any sense. On the other hand every browser plugin you install on any browser increases the attack surface."



Java Security

You May Also Like

Recent News

Tuesday, March 20th

Monday, March 19th

Friday, March 16th

Thursday, March 15th

Wednesday, March 14th

Tuesday, March 13th