Oracle’s Java runtime software is required to run Java applets on websites and desktop software written in the Java programming language. When you install Java, there are a few things you should consider, especially regarding security. Java is used by an ever-decreasing number of websites and is a frequent target of attacks.
Most people could remove Java and not notice a difference. If you do use Java, you should be aware of the security problems and take proper precautions. You’ll also need to know whether you need the Java Runtime Environment (JRE) or the Java Development Kit (JDK).
You May Not Need To Install Java
Do you use a specific website or program that requires Java? If not, you don’t actually need it installed. Java just allows you to run software written in Java, and you may be surprised by how few websites and programs actually require Java.
If you’re not sure whether you need Java, try going without it for a while. You may not notice the difference. As we’ll detail later, there are good reasons not to have Java installed — if you can help it. Even LibreOffice (formerly OpenOffice.org), doesn’t require Java for most of its functionality.
JRE vs. JDK
The main Java download website offers the Java Runtime Environment, also known as the JRE. This is the one you probably need. It includes the basic software that lets you run Java applets and desktop applications on your computer.
There’s also the Java Development Kit, also known as the JDK. This is what you need if you want to develop Java applications. Some development-related software, including the Android SDK, also requires the JDK on your system. If you need the JDK, you’ll have to download it from Oracle’s website. The JDK also includes the JRE, so you only have to install one of them.
The elephant in the room when it comes to installing Java is security. Browser plugins – particularly Oracle’s Java and Adobe’s Flash and PDF reader – are major targets. Java is a prime target because it’s installed on so many computers and exploits will work across multiple browsers and operating systems. Keeping Java updated doesn’t fully alleviate this problem – just having Java installed increases your browser’s attack surface.
Update Java Often
If you need Java installed, you’ll want to update it often. By default, Java checks for updates once every month – not a very reassuring default setting for a program that’s so frequently exploited. You can fix this, though.
To do so, open the Control Panel from the Start menu, click the Programs category, and click the Java icon.
Use the Advanced button on the Update tab to select a better update frequently, such as “Daily.”
If you see the coffee-cup-shaped Java Update icon and its notification in your system tray, be sure to perform the update as soon as possible.
Some Software Requires Older Versions
Depending on the the software you use, you may not be able to run the latest, secure versions of Java. Some websites and applications specify a specific version of Java and force you to use an outdated, vulnerable version of Java. This is why it’s possible to have multiple versions of Java installed on the same system, although Oracle recommends against this.
Oracle maintains an archive where you can download older versions if you need to, while noting that they’re full of security holes and vulnerable to attack.
If you must run an older version of Java, make sure you have an antivirus installed, ask the application vendor or website for an update, and remove the old version of Java as soon as possible.
Installing Java Applets Can Be Dangerous
Web browsers and plugins such as Flash isolate web content from your computer. A website with a Flash-based video player can’t break out of your browser and tamper with your computer (barring security vulnerabilities). Java does the same thing for most applets, which it runs by default – but it also allows applets to prompt you for full permissions.
If you see a security warning box and click the Run button, your computer could be at risk. Think of clicking the Run button like downloading and installing an application onto your computer – it’s basically the same thing. Only do this if you trust the publisher.
Be sure to check out our free, full guide to PC security: HackerProof.
Do you use Java, or did you not even install Java on your computer? Let us know in the comments. If you have any other questions, feel free to ask those, too.
More articles about: