What Java is:
Java is a programming language developed in 1995 by Sun Microsystems . It is now managed by Oracle. The interesting thing that Java introduced is the concept of bytecode running on a virtual machine so one set of code could run “anywhere”. More history is available here, if you are interested: Java History.
Most programs are compiled into machine language that is targeted for a specific hardware and operating system. A program compiled for Windows will not run on a Mac (at least not without a special emulator), etc. What Java does differently is it doesn’t generate machine language code that the hardware understands, but instead generates “bytecode” which is code that a special Java virtual machine understands and executes. If there is a Java virtual machine for a piece of hardware then it can run any Java bytecode. This “compile once, run anywhere” concept generated lots of buzz, although in the real world, it is not as simple as writing one program that works everywhere.
It is now used for lots of different projects, including the Android operating system and native Android apps. You may or may not have Java installed and operational on your computer. I have it on all my machines because I develop for Android.
What Java is not:
The biggest issue with the current alarms regarding Java is that it is very easily confused with JavaScript.
JavaScript is a server side scripting language originally created by Netscape in 1995. The two languages are not related – they have different syntax and are used for different things, but thanks to a very poor naming decision by Netscape, they are forever linked together. (For more info on JavaScript – go here.)
Let’s just say it in unison – all together now: “Java is not JavaScript”.
Years ago, there were some very serious security issues with JavaScript and many people disabled it in their browser. Today, it is a solid technology and it is a key player in how we use the web today. Your experience on most sites is affected negatively by disabling JavaScript and I always recommend that it be enabled.
Is this security warning real?
It is real for a few reasons. First, there is a significant security hole in Java that is yet unpatched and is being used by hackers right now to access personal data and install malicious software on computers. Second, many people do not even realize that Java is installed on their computer.
This issue needs to be taken very seriously. The good news is that the way these current exploits work is that they take advantage of Java through the browser. You can safely leave Java installed on your machine as long as you update your browser settings so that Java access is not allowed.
How do I know if I’m at risk?
Oracle provides an online tool that checks your current Java version:
The nice thing about this tool is if Java is disabled in your browser or if Java is not installed, then the tool will tell you that “No working Java was detected on your system.”
Important note: If you use more than one browser, be sure and run this check on all of them!
How do I disable Java in the browser:
I don’t really want to reinvent the wheel – this information is already widely available. Here are some links that explain how to disable Java in the browser:
Here is a pretty comprehensive set of instructions for all major browers:
Since dealing with IE is a major pain, here are some instructions for Oracle that are supposed to work for Java 7u10+:
(I tried to follow their instructions and my Java Control Panel did not match what is shown – your mileage may vary.)
UPDATE: Wow, I work with computers 10 hours every day and I had a rough time getting Java to disable in IE. I followed all the guides and non of the options worked. I finally figured out that I have the JRE (Java Runtime Environment) installed in two places:
C:\Program Files\Java\jre7\binC:\Program Files (x86)\Java\jre7\bin
Starting the Java Control Panel from the Windows Control Panel was giving me the older version of the panel without the new option to disable Java in the browser. By manually running javacpl.exe from the second location listed above – I was able to access the updated panel with this option. This enabled me to successfully disabled Java in Internet Explorer on my computer.
UPDATE 2: Looks like the massive publicity about this issue forced Oracle to move on the issue faster than they werre initially planning. There is a new release (Version 7, Release 11) that patches the two security flaws that allow malicious browser applets to exploit the local machine. Update Here.