The trade press has been full of comments on recently found Java vulnerabilities. Oracle has fixed some and there are more to go, apparently. Most security experts have recommended disabling Java in the browsers you use. Instructions have been posted for Chrome, Firefox and others. There are, however, two major issues few have addressed:
First, many enterprise systems rely on Java. That is, they use Java not just to make pretty web pages, but to implement solutions upon which the enterprise relies. Disabling Java may sound good and may be a good action from a security standpoint, but if it blocks a business-critical application from running, it is not an option for many. If you absolutely must use Java, here are some recommendations for making it a bit safer. This probably won’t avoid all problems, but they should at least help:
A second issue is the difficulty of disabling Java in Internet Explorer. Woody Leonhard at InfoWorld has a good post on this. I haven’t tried those steps yet, but I seldom use IE. What I find interesting about this is that it is not a simple task. IE still used by many organizations. It is not a “fringe” tool. Surely it should be easier to configure a simple plug-in! I think Microsoft needs to step up and fix this.
What steps are you taking regarding Java? Let us know in the comments below.