Java is a standalone application that runs separately from your browser, although it can be called on by your browser to run Java ‘applets.’ Applets aren’t that common any more, but the Java application is a different matter. Java has a history of being exploited for vulnerabilities, and updates have historically released on a somewhat tardy basis. Even more painful is that users have to manually watch for and install those updates unless they chose the “check for updates periodically” option during the original Java install. And even then, they’re required to manually download a patch file and run it. And we all know how users are so very diligent about that sort of thing……..
Securit360’s recommendations for this sort of thing always follow the “least privilege” concept: if you don’t need it – turn it off. Just like every other piece of unused software, we recommend uninstalling Java unless it’s actually being used. We’re not singling out Java; this is our recommendation for every piece of software and application on the market. If your users really need Java to do their work, though, then make sure Java is configured to periodically check for updates and patches. On top of that, run regular security scans to confirm what version of Java is installed and update old versions when you find them.
Java is a fantastic program but needs some care and careful handling to prevent it from being a security issue for your organization. Keep an eye on it……